Hi Colin, Yes, that was when the move from sourceforge to github was done. When I asked Ryan for the old history files, I never got a reply.
Ahoj, Christian On Wed, Apr 27, 2016 at 07:32:08PM +0000, Colin MacAllister wrote: > >From the Changelog it looks like this kind of work was done for version > >2.2.4. However, I don’t see that tag in Git – did this use to be in > >SourceForge or someplace? > > Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 > > From: Chaim Sanders<mailto:csand...@trustwave.com> > Sent: Wednesday, April 27, 2016 2:14 PM > To: Colin MacAllister<mailto:cmacallis...@probono.net>; OWASP > List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: RE: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits > exceeded (-8) > > That isn’t a bad idea – Do you have a link to the old ticket/work? > Additionally, we should very much consider this maybe for 3.1? > > Chaim Sanders > Security Researcher > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com<http://www.trustwave.com/> > > From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org > [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of > Colin MacAllister > Sent: Wednesday, April 27, 2016 12:49 PM > To: OWASP List <owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: Re: [Owasp-modsecurity-core-rule-set] Execution error - PCRE limits > exceeded (-8) > > It looks like at one point in the past the regular expressions in the ruleset > were edited to reduce their greed, which resulted in fewer recursive passes > over the input. Might something like this be needed here, given recently > added rules? > > Sent from > Mail<http://scanmail.trustwave.com/?c=4062&d=k_qg14s7bHUZdVlLt3BdEb2RvmdZQNJ64vk1i3wVAA&s=5&u=https%3a%2f%2fgo%2emicrosoft%2ecom%2ffwlink%2f%3fLinkId%3d550986> > for Windows 10 > > From: Colin MacAllister<mailto:cmacallis...@probono.net> > Sent: Wednesday, April 27, 2016 12:43 PM > To: OWASP List<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: Execution error - PCRE limits exceeded (-8) > > I’ve found references to this via Google searches, and the accepted answer > seems to be to increase the PCRE limits to 150000. This seems unwise, since > the limits must be there for a reason. Still, I tried it, but it didn’t help. > I’m receiving 19 errors of this type, all either concerning XSS or SQL > injection, for one URI. The URI in question is in this form: > /base.cfm?404;/admin/framework.com.page/area.27D92FDF-4048-6285-EDC3-78593415F962 > (which has been heavily edited so as to not give away the farm.) > > Sent from > Mail<http://scanmail.trustwave.com/?c=4062&d=k_qg14s7bHUZdVlLt3BdEb2RvmdZQNJ64vk1i3wVAA&s=5&u=https%3a%2f%2fgo%2emicrosoft%2ecom%2ffwlink%2f%3fLinkId%3d550986> > for Windows 10 > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is strictly prohibited. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- mailto:christian.fol...@netnea.com http://www.christian-folini.ch twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
