We just released CRS v2.2.4 – download here - https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
-------------------------- Version 2.2.4 - 03/14/2012 -------------------------- Improvements: - Added Location and Set-Cookie checks to Response Splitting rule ID 950910 - Added a README file to the activated_rules directory - Consolidate a number of SQL Injection rules into optimized regexs - Removed multiMatch and replaceComments from SQL Injection rules - Updated the SQLi regexs for greediness - Updated the SQLi setvar anomaly score values to use macro expansion - Remote PARANOID mode rules Bug Fixes: - Fixed missing comma before severity action in rules 958291, 958230 and 958231 - Fixed duplicate rule IDs -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
