modsecurity-crs (3.2.3-0+deb9u1) stretch-security; urgency=medium

  * If you are using modsecurity-crs with apache2 / libapache2-modsecurity,
    please make sure to review your modsecurity configuration,
    usually /etc/modsecurity/modsecurity.conf, against the updated recommended
    configration, available in /etc/modsecurity/modsecurity.conf-recommended.

    Some of the changes to the recommended rules are required to avoid
    Web Application Firewall bypasses in certain circumstances.

 -- Tobias Frost <tobi@debian.org>  Sat, 28 Jan 2023 10:47:37 +0100
