Hi
The new version of mod_security (2.7.4) includes a 3rd party code: libinjection an SQL/SQL injection tokenizer parser analyzer, according to the parser developer, libinjection is supposed to be embedded into your code [1] and does not seem to be compiled as shared lib.
In mod_security this library is used as an alternative approach for detecting SQL injection (vs. regex-based whitelist/blacklist).
My question is: do we consider this code as a Copylibs or I should proceed with unbundling it from mod_security code.
[1] https://github.com/client9/libinjection#embedding
PS. I'm one of mod_security maintainer, ccing Peter and Daniel
Thanks.
-- Athmane
packaging@lists.fedoraproject.org