It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new "SecRequestBodyJsonDepthLimit" option to limit the maximum request body JSON parsing depth which ModSecurity will accept .