Dear all, This is just a brief status of what is happening with the Core Rule Set 3.0 release.
We had good feedback for the RC2 release. No major regressions just a few more false positives. False negatives are also in the mix and - somewhat unpleasant - 1-2 attack attempts, that the CRS2 would block. This is mainly due to Walter Hop from Dutch hosting provider slik.eu who updated their production servers to CRS3 and keeps a close eye on the logs now. So we have decided to update the rules a bit and push an RC3, likely on Tuesday. Because, every FP sorted out before the release is less pain for our users - and every false negative fixes means less successful attacks on the servers. This means the final release, OWASP ModSecurity Core Rule Set 3.0.0, will be out on Tuesday, November 8. Unless new and big regressions appear of course. We are also preparing ideas and means to spread the word about the release as wide as possible. If you have ideas to support this, then let us know. Otherwise, it would be just nice if you would be ready to tell your friends and contacts about this, once it is out: November 8. On some other note, I'm receiving feedback for my draft CRS tutorial and it seems like it will be ready for publication around November 1 as well. Cheers, Christian -- https://www.feistyduck.com/training/modsecurity-training-course mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
