---------- Forwarded message ---------- From: Ryan Barnett <[email protected]> Date: Sat, Aug 28, 2010 at 3:38 AM Subject: [Owasp-leaders] Announcing Release of OWASP ModSecurity Core Rule Set (CRS) v2.0.8 To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]>
Greetings everyone, I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8. DOWNLOADING - Download page - http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Download You can also use the util/rules-updater.pl script to auto-download the latest ZIP archive (see the rules-updater-example.conf file for Repo data). TESTING - We have integrated the new CRS into the Demo page to help facilitate community testing - http://www.modsecurity.org/demo/ CHANGES - -------------------------- Version 2.0.8 - 08/27/2010 -------------------------- Improvements: - Updated the PHPIDS filters - Updated the SQL Injection filters to detect boolean attacks (1<2, foo == bar, etc..) - Updated the SQL Injection filters to account for different quotes - Added UTF-8 encoding validation support to the modsecurity_crs_10_config.conf file - Added Rule ID 950109 to detect multiple URL encodings - Added two experimental rules to detect anomalous use of special characters Bug Fixes: - Fixed Encoding Detection RegEx (950107 and 950108) - Fixed rules-updater.pl script to better handle whitespace https://www.modsecurity.org/tracker/browse/MODSEC-167 - Fixed missing pass action bug in modsecurity_crs_21_protocol_anomalies.conf https://www.modsecurity.org/tracker/browse/CORERULES-55 - Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf file https://www.modsecurity.org/tracker/browse/CORERULES-54 - Updated XSS rule id 958001 to improve the .cookie regex to reduce false postives https://www.modsecurity.org/tracker/browse/CORERULES-29 -- Ryan Barnett OWASP ModSecurity Core Rule Set Project Leader _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
