Does the ruleset protect against CVE-2014-5266 ?
If yes, since which version ?

Thank you.

This is “XML Quadratic Blowup Attack”. It is covered by rules v.1.17 for Apache (latest at this moment).

Thank you, its a very serious exploit and it needs to be covered.
I am updating to the newest ruleset now :slight_smile: