Chaim Sanders
2018-09-04 03:03:12 UTC
The OWASP Core Rule Set team is proud to announce the general availability
of release candidate 1 for the upcoming CRS v3.1.0. The new release is
available at https://github.com/SpiderLabs/owasp-modsecurity-crs
/archive/v3.1.0-rc1.zip. This release represents a huge step forward in
terms of both capabilities and protections including:
- Protections against common Java attacks
- Support for blocking in one paranoia level while logging in a higher
level.
- More pre-made exclusion packs for popular web applications
- Reconstructed and improved SQL injections protections
- Various bug fixes and optimizations
Please see the CHANGES document for a detailed list of new features
and improvements (https://github.com/SpiderLabs/owasp-modsecurity-crs
/blob/v3.1.0-rc1/CHANGES).
Our desire is to see the Core Rule Set project used as a baseline
security feature, effectively protecting from OWASP TOP 10 risks with
few side effects. As such we attempt to cut down on false positives as
much as possible in the default install. This RC1 therefore offers an
opportunity for individuals to provide feedback and to report any
other issues they may face.
Please use the CRS GitHub (https://github.com/SpiderLabs/owasp-modsecurity-
crs), our slack channel (#coreruleset on owasp.slack.com), or the Core Rule
Set
mailing list to tell us about your experiences, including false positives
or other issues with this release candidate.
Our current timeline is to seek public feedback on RC1 for the next
month, followed by an RC2 (if needed) and subsequently a release. We look
forward to hearing your feedback!
Sincerely Chaim Sanders, release manager, on behalf of the Core Rules Set
development team.
of release candidate 1 for the upcoming CRS v3.1.0. The new release is
available at https://github.com/SpiderLabs/owasp-modsecurity-crs
/archive/v3.1.0-rc1.zip. This release represents a huge step forward in
terms of both capabilities and protections including:
- Protections against common Java attacks
- Support for blocking in one paranoia level while logging in a higher
level.
- More pre-made exclusion packs for popular web applications
- Reconstructed and improved SQL injections protections
- Various bug fixes and optimizations
Please see the CHANGES document for a detailed list of new features
and improvements (https://github.com/SpiderLabs/owasp-modsecurity-crs
/blob/v3.1.0-rc1/CHANGES).
Our desire is to see the Core Rule Set project used as a baseline
security feature, effectively protecting from OWASP TOP 10 risks with
few side effects. As such we attempt to cut down on false positives as
much as possible in the default install. This RC1 therefore offers an
opportunity for individuals to provide feedback and to report any
other issues they may face.
Please use the CRS GitHub (https://github.com/SpiderLabs/owasp-modsecurity-
crs), our slack channel (#coreruleset on owasp.slack.com), or the Core Rule
Set
mailing list to tell us about your experiences, including false positives
or other issues with this release candidate.
Our current timeline is to seek public feedback on RC1 for the next
month, followed by an RC2 (if needed) and subsequently a release. We look
forward to hearing your feedback!
Sincerely Chaim Sanders, release manager, on behalf of the Core Rules Set
development team.
--
Chaim Sanders
http://www.ChaimSanders.com
Chaim Sanders
http://www.ChaimSanders.com