[Owasp-modsecurity-core-rule-set] Core Rule Set Project March 2018
chaim at chaimsanders.com
Wed Mar 14 05:39:05 UTC 2018
This is the CRS newsletter covering the period from Early February until
We held our monthly community chat. We had quite a few people stop by.
Our agenda from before the chat is available here
the chat we discussed the following:
We added support for ModSecurity-v3/Apache and Modsecurity-v2/Nginx to the CRS
Support ModSecurity Docker Repos
<https://github.com/CRS-support/modsecurity-docker>. These will be used
when testing before a release. Additionally, we will be adding testing with
Nginx+FTW in addition to Apache+FTW.
A blog about the current CI process will be created for next month.
Issue #990 <https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/990>
: Only issue was with FTW failing tests, this has since been fixed. This
CRS Summit at AppSec EU: The proposed CRS Summit will be on July 4, 4pm in
London, the closing day of the trainings, the night before the real
Dune73, Tin Zaw, and csanders-git submitted CFPs to AppSec EU.
#1013 FP resolution status: was merged.
#994 File detection: was built against ubuntu with ModSecurity on Apache.
This was causing conflicts. We decided as an organization to switch our CI
testing env to Ubuntu (instead of fedora).
#989 Fix Regression Tests: For some reasons even though tests were fixed,
these still failed, we'll be rebasing and that should fix the issue.
remaining @azhao155 issues represent actual issues with how the rules are
CRS 3.1 release date shooting for May 2018
csanders-git put forth a number of options for increasing project
management capabilities within the project. A further email will be sent
- Posted a blog post from Karl Stoney - Creating an OpenWAF solution
with Nginx, ElasticSearch and ModSecurity
- Posted a blog post from Christian Peron - Building a WAF test harness
- Posted a blog post from Christian Folini - How to tune your WAF
installation to reduce false positives
- CRS Summit July 4, 4pm in London @ AppSec EU
*The next community chats will be held on the following dates:*
April 2, 2018 20:30 CET
May 7, 2018 20:30 CET
June 4, 2018 20:30 CET
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set