[Owasp-leaders] Announcing Release of OWASP ModSecurity CRS v2.1.2

Ryan Barnett ryan.barnett at owasp.org
Thu Feb 17 16:57:32 EST 2011


Hello everyone,
I am pleased to announce the release of the OWASP ModSecurity Core Rule Set
(CRS) v2.1.2.  This is a significant update as we have added a couple very
important capabilities (some of which we discussed last week at the Global
Summit ­ WAF Mitigations for XSS).

CHANGE LOG -
--------------------------
Version 2.1.2 - 02/17/2011
--------------------------

Improvements:
- Added experimental real-time application profiling ruleset.
- Added experimental Lua script for profiling the # of page scripts,
iframes, etc..
  which will help to identify successful XSS attacks and planting of malware
links.
- Added new CSRF detection rule which will trigger if a subsequent request
comes too
  quickly (need to use the Ignore Static Content rules).

Bug Fixes:
- Added missing " in the skipAfter SecAction in the CC Detection rule set

--------------------------
DOWNLOADING
--------------------------
Manual Downloading:
You can always download the latest CRS version here -
https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURREN
T/

Automated Downloading:
Use the rules-updater.pl script in the CRS /util directory

# Get a list of what the repository contains:
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ -l

Repository: http://www.modsecurity.org/autoupdate/repository

modsecurity-crs {
          2.0.0: modsecurity-crs_2.0.0.zip
          2.0.1: modsecurity-crs_2.0.1.zip
          2.0.2: modsecurity-crs_2.0.2.zip
          2.0.3: modsecurity-crs_2.0.3.zip
          2.0.4: modsecurity-crs_2.0.4.zip
          2.0.5: modsecurity-crs_2.0.5.zip
          2.0.6: modsecurity-crs_2.0.6.zip
          2.0.7: modsecurity-crs_2.0.7.zip
          2.0.8: modsecurity-crs_2.0.8.zip
          2.0.9: modsecurity-crs_2.0.9.zip
          2.0.9: modsecurity-crs_2.0.10.zip
          2.1.0: modsecurity-crs_2.1.0.zip
          2.1.1: modsecurity-crs_2.1.1.zip
          2.1.2: modsecurity-crs_2.1.2.zip
}

# Get the latest stable version of "modsecurity-crs":
$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/
-prules -Smodsecurity-crs
Fetching: modsecurity-crs/modsecurity-crs_2.1.2.zip ...
$ ls -R rules
modsecurity-crs

rules/modsecurity-crs:
modsecurity-crs_2.1.2.zip    modsecurity-crs_2.1.2.zip.sig

--
Ryan Barnett
OWASP ModSecurity CRS Project Leader


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/4f0bde39/attachment-0001.html 


More information about the OWASP-Leaders mailing list