[Owasp-modsecurity-core-rule-set] OWASP CRS Repository Changes

Chaim Sanders CSanders at trustwave.com
Fri Nov 4 13:57:50 UTC 2016


Note: THIS IS EMAIL APPLIES TO OWASP CRS AND NOT MODSECURITY'S REPO.

Ladies and Gentlemen,
Thank you for your continued support and interest of the ModSecurity Project. If you have not heard yet, the free and open source OWASP CRS ruleset has gone through some major updates recently. These updates introduce new features/rules and reduced false positives. Of importance is the culminating OWASP CRS 3.0.0 release (final). We have been diligently testing this ruleset, with your help, and are confident in the stability and interoperability of the upcoming version. Currently, the release is slotted for the 8th of November 2016 (next week). As part of this release we will be reorganizing the CRS repository. What this means is that the current 3.x branch will be promoted to become the 'master' repository. CRS version two, which is currently the 'master' branch, will be assigned the title of v2/master branch title and will still be accessible.  if you have scripts running that make use of any of the branches on OWASP CRS GitHub repository, please make adjustments as needed, you can feel free to reach out to my for more information. We hope this transition goes off without a hitch and we look forward to sharing with you our official release announcement next week!

Chaim Sanders
Security Researcher, SpiderLabs

Trustwave| SMART SECURITY ON DEMAND
www.trustwave.com

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


More information about the Owasp-modsecurity-core-rule-set mailing list