Software 42835 Published by

OWASP CRS 4.8.0 comprises a set of attack detection rules intended for compatibility with ModSecurity or alternative web application firewalls. The update incorporates new features and detections, including the configuration of nginx tests and the elimination of redundant capture groups.



OWASP CRS v4.8.0

What's Changed

:star: Important changes

:new: New features and detections :tada:

:toolbox: Other Changes

  • fix: remove unnecessary capture groups by  @TimDiam0nd in  #3849
  • fix(942120): update operators by  @Xhoenix in  #3841
  • fix(933120): do not match on base64 encoded strings by  @fzipi in  #3863
  • fix(refactor): 942130 and 942131 regex-assembly by  @Xhoenix in  #3862
  • fix(942520): SQL operators can be one or more characters by  @Xhoenix in  #3845
  • chore: remove verify id-range by  @fzipi in  #3885
  • chore: remove find-max-datalen-in-tests by  @fzipi in  #3891
  • chore: remove honeypot sensor by  @fzipi in  #3883
  • chore: remove browser tools by  @fzipi in  #3887
  • chore: remove send-payload-pls by  @fzipi in  #3879
  • chore: remove geo-location by  @fzipi in  #3875
  • chore: remove crs2 renumbering by  @fzipi in  #3873
  • chore: remove change-version script by  @fzipi in  #3869
  • chore: remove join multiline rules by  @fzipi in  #3877
  • chore: remove av-scanning by  @fzipi in  #3871
  • chore: remove util virtual patching by  @fzipi in  #3889
  • fix: include v3.3.6 release notes in latest by  @fzipi in  #3867
  • chore: remove fp-finder by  @fzipi in  #3893

New Contributors

Full Changelog v4.7.0...v4.8.0

Release v4.8.0 · coreruleset/coreruleset