I am also interested in why the 2.2.9 rule set is still considered the latest rule set, and 3.0 is not. The 3.0 ruleset appears to be now bundled with cPanel which is confusing as to why they would bundle it with cPanel if it is not stable.
Wesley Render, Consultant www.otherdata.com -----Original Message----- From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of owasp-modsecurity-core-rule-set-requ...@lists.owasp.org Sent: September 15, 2015 6:00 AM To: owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5 Send Owasp-modsecurity-core-rule-set mailing list submissions to owasp-modsecurity-core-rule-set@lists.owasp.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set or, via email, send a message with subject or body 'help' to owasp-modsecurity-core-rule-set-requ...@lists.owasp.org You can reach the person managing the list at owasp-modsecurity-core-rule-set-ow...@lists.owasp.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Owasp-modsecurity-core-rule-set digest..." Today's Topics: 1. Using 3.0 ruleset (kause lotski) 2. Re: Some XSS evasions posted (Christian Folini) ---------------------------------------------------------------------- Message: 1 Date: Mon, 14 Sep 2015 18:19:38 +0000 (UTC) From: kause lotski <kause...@yahoo.com> To: "owasp-modsecurity-core-rule-set@lists.owasp.org" <owasp-modsecurity-core-rule-set@lists.owasp.org> Subject: [Owasp-modsecurity-core-rule-set] Using 3.0 ruleset Message-ID: <1997255831.2489169.1442254778503.javamail.ya...@mail.yahoo.com> Content-Type: text/plain; charset="utf-8" Hi, as it seems 3.0 greatly improves extended character sets in unicode handling (false positives due to this characters), I would like to give it a try. But as structure has totally changed INSTALL instructions aren't correct anymore in 3.0 branch, can someone give me a quick guide? is there any ETA for 3.0 ? Regards,Kause -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachment s/20150914/aa5ab53e/attachment-0001.html> ------------------------------ Message: 2 Date: Tue, 15 Sep 2015 06:03:05 +0200 From: Christian Folini <christian.fol...@time-machine.ch> To: owasp-modsecurity-core-rule-set@lists.owasp.org Subject: Re: [Owasp-modsecurity-core-rule-set] Some XSS evasions posted Message-ID: <20150915040305.GA18940@elias> Content-Type: text/plain; charset=utf-8 Good morning, What is funny about the paper is, that he lists contact with all the other vendors and how they reacted to his responsible disclosure, but this is missing for ModSec. Has there been no contact / no interest to patch in due time? Ahoj, Christian -- It's easier to ask forgiveness, than it is to get permission. -- Radm Grace Hopper, aka Amazing Grace ------------------------------ _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set End of Owasp-modsecurity-core-rule-set Digest, Vol 77, Issue 5 ************************************************************** _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
