Comments (1)
franbuehler
commented on August 11, 2024
Decisions
PRs
- #1707 - @lifeforms did not have the time. This issue remains open.
- #1708 - no relevant progress here
- #1710 - @franbuehler will review this PR
- #1717 - @franbuehler did not have the time. This issue remains open.
- #1721 - merged
- #1732 - merged
- #1734 - @franbuehler and @lifeforms will test this rule in production.
PRs on hold
- #1602 - we will ask @theMiddleBlue what the matter with his PR is
- #1663 - on hold with @dune73
- #1674 - on hold with @dune73
- #1667 - on hold on request of @fzipi
Other Items
- Travis doesn't run on new PRs. @theMiddleBlue will troubleshoot this.
- GitHub migration scheduled for March 18 had to be cancelled / postponed. TW and CRS do not agree on the procedure. Migration team: @dune73, @lifeforms and @fzipi: "We think we are almost there with the migration script."
- HAProxy Layered Security Guide recommends CRS: https://www.haproxy.com/content-library/the-haproxy-guide-to-multi-layer-security/
- Release schedule for 3.3: @lifeforms was thinking of RCs around 23 May, 6 June, then release 16 June for instance. @dune73: "So let's see one month from now, confirm your schedule or we re-schedule. I think June makes a lot of sense in the long run. Close to a 9 month schedule, also if we do 3.4 for Dublin next winter." So we will see.
Issues
It was already late. We did not talk about new issues.
from owasp-modsecurity-crs.
Related Issues (20)
- SOAPUI SOAP Tx multipart/related call False Positive id: 920470 HOT 4
- DOS protection is invalid
- Crazy Long Processing time of XML of a certain kinda payload body. HOT 2
- Easy to trigger these rule id blocks just with keywords [932115, 942360]
- DoS rule triggering with static (png) file
- SQLi bypass at PL1(CRS 3.2.0) HOT 1
- JSON Payloads process significantly slower (600%) than XML Payloads of a similar size and format HOT 9
- XSS Attack Detected via libinjection for AWS AWSALBCORS Cookie HOT 4
- Block QQGameHall in UA HOT 4
- NextCloud False Positive HOT 9
- WordPress JetPack False Positive
- Rule 920450 and modsec 3x HOT 4
- Password Scrubbing within the libinjection rule HOT 1
- Monthly Chat Agenda May (2020-05-04) HOT 1
- rule 920300 title / details mismatch HOT 1
- Note config change of tx.allowed_request_content_type in the v3.3 release notes
- false positive on rule 932110
- Incompatible with ModSecurity 3.x? HOT 1
- False positive with WordPress when hosted from http://example.com/update-prefix HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from owasp-modsecurity-crs.