OWASP CRS v4.7.0 is a collection of attack detection rules that are designed to be compatible with ModSecurity or other web application firewalls. The latest version includes new features such as the addition of sendgrid.env to restricted files, modifying the regex to match multiple whitespaces, updating XSS detection, and code refactoring.

OWASP CRS v4.7.0

What's Changed

New features and detections

• feat: added sendgrid.env into restricted files by  @azurit in  #3823

Other Changes

• fix: Changed regex (920470) to match multiple whitespaces after Content-Type parameters to avoid false-positives by  @lostmann-owl-it in  #3818
• fix: fp with user-agent containing ; pg (932239 PL2) by  @franbuehler in  #3727
• fix: update xss detection with onwebkitplaybacktargetavailabilitychanged event by  @fzipi in  #3822
• feat: refactoring (944110 PL1) by  @azurit in  #3715

New Contributors

• @lostmann-owl-it made their first contribution in  #3818

Full Changelog:  v4.6.0...v4.7.0

Release v4.7.0 · coreruleset/coreruleset