[Owasp-modsecurity-core-rule-set] Announcing Release of OWASP ModSecurity CRS v2.0.10

Wed, 01 Dec 2010 07:50:04 -0800 

Greetings everyone,
I am pleased to announce the release of the OWASP ModSecurity Core Rule Set 
(CRS) v2.0.10.  This is a minor update.

CHANGE LOG -
--------------------------
Version 2.0.10 - 11/29/2010
--------------------------

Improvements:
- Commented out the Anomaly Scoring Blocking Mode TX variable since, by 
default, the CRS
  is running in traditional mode.

Bug Fixes:
- Moved all skipAfter actions in chained rules to chain starter SecRules
  https://www.modsecurity.org/tracker/browse/MODSEC-159
- Changed phases on several rules in the 20 protocol anomaly rules file to 
phase:1 to avoid FNs

--------------------------
DOWNLOADING
--------------------------
Manual Downloading:
You can always download the latest CRS version here -
https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/

Automated Downloading:
Use the rules-updater.pl script in the CRS /util directory

# Get a list of what the repository contains:
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -l

Repository: http://www.modsecurity.org/autoupdate/repository

modsecurity-crs {
          2.0.0: modsecurity-crs_2.0.0.zip
          2.0.1: modsecurity-crs_2.0.1.zip
          2.0.2: modsecurity-crs_2.0.2.zip
          2.0.3: modsecurity-crs_2.0.3.zip
          2.0.4: modsecurity-crs_2.0.4.zip
          2.0.5: modsecurity-crs_2.0.5.zip
          2.0.6: modsecurity-crs_2.0.6.zip
          2.0.7: modsecurity-crs_2.0.7.zip
          2.0.8: modsecurity-crs_2.0.8.zip
          2.0.9: modsecurity-crs_2.0.9.zip
          2.0.9: modsecurity-crs_2.0.10.zip
}

# Get the latest stable version of "modsecurity-crs":
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ 
-prules -Smodsecurity-crs
Fetching: modsecurity-crs/modsecurity-crs_2.0.9.zip ...
$ ls -R rules
modsecurity-crs

rules/modsecurity-crs:
modsecurity-crs_2.0.9.zip    modsecurity-crs_2.0.9.zip.sig

--
Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs
ModSecurity Community Manager
OWASP ModSecurity CRS Project Leader

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to