https://0d2d0d50.website-1u6.pages.dev/tags/3.2/Recent content in CRS Projecthttps://0d2d0d50.website-1u6.pages.dev/20190903/announcement-owasp-modsecurity-core-rule-set-version-3-2-0-rc2/Tue, 03 Sep 2019 13:51:47 +0200<p>The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of release candidate 2 for the upcoming CRS v3.2.0. The new release is available at</p> <ul> <li><a href="https://slack-redir.net/link?url=https%3A%2F%2Fgithub.com%2FSpiderLabs%2Fowasp-modsecurity-crs%2Farchive%2Fv3.2.0-rc2.zip&amp;v=3">https://github.com/coreruleset/coreruleset/archive/v3.2.0-rc2.zip</a></li> <li><a href="https://slack-redir.net/link?url=https%3A%2F%2Fgithub.com%2FSpiderLabs%2Fowasp-modsecurity-crs%2Farchive%2Fv3.2.0-rc2.tar.gz&amp;v=3">https://github.com/coreruleset/coreruleset/archive/v3.2.0-rc2.tar.gz</a></li> </ul> <p>This release represents a very big step forward in terms of both capabilities and protections including:</p> <ul> <li>Improved compatibility with ModSecurity 3.x</li> <li>Improved CRS docker container that is fully configureable at creation</li> <li>Expanded Java RCE blacklist</li> <li>Expanded unix shell RCE blacklist</li> <li>Improved PHP RCE detection</li> <li>New javascript/Node.js RCE detection</li> <li>Expanded LFI blacklists</li> <li>Added XenForo rule exclusion profile</li> <li>Fixes for many false positives and bypasses</li> <li>Detection of more security scanners</li> <li>Regexp performance improvements preventing ReDoS in most cases</li> </ul> <p>Please see the CHANGES document with around 150 entries for a detailed list of new features and improvements.<br> <a href="https://slack-redir.net/link?url=https%3A%2F%2Fgithub.com%2FSpiderLabs%2Fowasp-modsecurity-crs%2Fblob%2Fv3.2.0-rc2%2FCHANGES&amp;v=3">https://github.com/coreruleset/coreruleset/blob/v3.2.0-rc2/CHANGES</a></p>