[Owasp-modsecurity-core-rule-set] Core Rule Set Project March 2018

Chaim Sanders chaim at chaimsanders.com
Wed Mar 14 05:39:05 UTC 2018

This is the CRS newsletter covering the period from Early February until

We held our monthly community chat. We had quite a few people stop by.

   - csanders
   - lifeforms
   - franbuehler
   - emphazer
   - dune73
   - agi
   - squared
   - fzipi_
   - spartantri

Our agenda from before the chat is available here
<https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1026>. During
the chat we discussed the following:

We added support for ModSecurity-v3/Apache and Modsecurity-v2/Nginx to the CRS
Support ModSecurity Docker Repos
<https://github.com/CRS-support/modsecurity-docker>. These will be used
when testing before a release. Additionally, we will be adding testing with
Nginx+FTW in addition to Apache+FTW.

A blog about the current CI process will be created for next month.

Issue #990 <https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/990>
: Only issue was with FTW failing tests, this has since been fixed. This
was merged.

CRS Summit at AppSec EU:  The proposed CRS Summit will be on July 4, 4pm in
London, the closing day of the trainings, the night before the real
conference starts.

Dune73, Tin Zaw, and csanders-git submitted CFPs to AppSec EU.

#1013 FP resolution status: was merged.

#994 File detection: was built against ubuntu with ModSecurity on Apache.
This was causing conflicts. We decided as an organization to switch our CI
testing env to Ubuntu (instead of fedora).

#989 Fix Regression Tests: For some reasons even though tests were fixed,
these still failed, we'll be rebasing and that should fix the issue.

remaining @azhao155 issues represent actual issues with how the rules are

CRS 3.1 release date shooting for May 2018

csanders-git put forth a number of options for increasing project
management capabilities within the project. A further email will be sent


   - Posted a blog post from Karl Stoney - Creating an OpenWAF solution
   with Nginx, ElasticSearch and ModSecurity
   - Posted a blog post from Christian Peron - Building a WAF test harness
   - Posted a blog post from Christian Folini - How to tune your WAF
   installation to reduce false positives
   - CRS Summit July 4, 4pm in London @ AppSec EU

*The next community chats will be held on the following dates:*

April 2, 2018 20:30 CET

May 7, 2018 20:30 CET

June 4, 2018 20:30 CET

Chaim Sanders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180314/835a0dea/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list