Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package owasp-modsecurity-crs for
openSUSE:Factory checked in at 2026-06-01 18:09:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/owasp-modsecurity-crs (Old)
and /work/SRC/openSUSE:Factory/.owasp-modsecurity-crs.new.1937 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "owasp-modsecurity-crs"
Mon Jun 1 18:09:20 2026 rev:13 rq:1356387 version:4.27.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/owasp-modsecurity-crs/owasp-modsecurity-crs.changes
2026-03-17 19:07:12.363406423 +0100
+++
/work/SRC/openSUSE:Factory/.owasp-modsecurity-crs.new.1937/owasp-modsecurity-crs.changes
2026-06-01 18:09:49.864800092 +0200
@@ -1,0 +2,49 @@
+Mon Jun 1 14:11:54 UTC 2026 - Petr Gajdos <[email protected]>
+
+- version update to 4.27.0
+ * fix(920240, 920400): don't rely on content-type header
+- version update to 4.26.0
+ * feat: Add WhatWAF to the scanner list
+ * feat: Add ghauri to scanner list
+ * feat: Expand Scanner User Agents List (v2)
+ * feat: Expanded os files list
+ * feat(933100): all HTTP headers should be checked
+ * fix(lfi-os-files): add .dockerenv, .DS_Store, META-INF/, WEB-INF/
+ * feat(934200): detect Server-Side Template Injection (SSTI) attacks
+ * fix(lfi-os-files): require path prefix for .profile
+ * fix(933150): remove is_int from PHP function names list
+ * fix(932370): remove url from Windows LOLBIN command list
+ * fix(920539): prefer a bypass on a named rule rather than n+1 bypass
+ * fix(942290): add word boundary to MongoDB operator detection
+ * fix: false positive with parameter name `.history`
+ * fix(942410): use common exceptions instead of rule
+ * fix(942200): reduce false positives on payloads with comments
+ * fix(unix): exclude `pg` command from pl-1
+ * fix(930130): comment out false positive prone entries
+ * fix(920100): drop HTTP/0.9 GET support from request line validation
+ * fix: Update restricted files to include Perl subdirectories
+- version update to 4.25.0
+ * feat(930130,930140): expand AI-based paths
+ * feat: add aws security agent in scanners-user-agents.data
+ * feat(932390): add shell fork bomb detection rule at PL2
+ * refactor: create 941250 `.ra` file
+ * refactor: create 942220 .ra file
+ * refactor: create rule 931100 and 931110 `.ra` files
+ * feat: Adding critical ai dirs that previously not exist
+ * refactor: create 933140 and 933180 `.ra` files
+ * fix(944110,944120,944130,944150,944151,944200,944210,..): don't inspect
cookies twice
+ * refactor: create 943120 `.ra` file
+ * fix: false negative 932236
+ * fix(933111): prevent whitespace padding bypass in PHP double-extension
upload
+ * fix(933110): prevent whitespace padding bypass in PHP upload detection
+ * fix(944140): prevent whitespace padding bypass in JSP file upload detection
+ * feat: update list of unix commands
+ * fix(932180): prevent whitespace padding bypass in restricted file upload
detection
+ * fix: harden GitHub Actions workflows
+ * refactor: create 941310 `.ra` files
+ * docs: update README
+ * refactor: create 941120 `.ra` file
+ * fix(920540): allow rule exclusions for specific targets
+ * fix(931130): ensure correct target is logged
+
+-------------------------------------------------------------------
Old:
----
coreruleset-4.24.1.tar.gz
coreruleset-4.24.1.tar.gz.asc
New:
----
coreruleset-4.27.0.tar.gz
coreruleset-4.27.0.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ owasp-modsecurity-crs.spec ++++++
--- /var/tmp/diff_new_pack.8x8iFn/_old 2026-06-01 18:09:50.696834597 +0200
+++ /var/tmp/diff_new_pack.8x8iFn/_new 2026-06-01 18:09:50.696834597 +0200
@@ -1,7 +1,7 @@
#
# spec file for package owasp-modsecurity-crs
#
-# Copyright (c) 2026 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2023 Alessandro de Oliveira Faria (A.K.A CABELO)
<[email protected]>
#
# All modifications and additions to the file contributed by third parties
@@ -18,7 +18,7 @@
Name: owasp-modsecurity-crs
-Version: 4.24.1
+Version: 4.27.0
Release: 0
Summary: OWASP ModSecurity Common Rule Set (CRS)
License: Apache-2.0
++++++ coreruleset-4.24.1.tar.gz -> coreruleset-4.27.0.tar.gz ++++++
++++ 10152 lines of diff (skipped)
