Open
Description
This is the Agenda for the Monthly CRS Chat.
The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2025-07-07, at 20:30 CET (CEST during summer in the Northern Hemisphere). That's the 1st Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).
Archived previous meetings and their decision are here.
What happened in the meantime since the chat last month
Outside development
- Release of ModSecurity v2.9.11
(see: https://modsecurity.org/20250701/dos-vulnerability-cve-2025-52891-2025-july/)
Inside development
Rules
CRS Sandbox
- Sandbox was update to latest 4.16.0
Security
Plugins
Documentation and Public Relations
- Fixed rendering of documentation (Hugo updates and changes to the Cloudflare page setup)
- Tentative date for next Community Call
Project Administration and Sponsor relationships
- Contact with potential sponsor
Tools
- Refactored some code in go-ftw
- Call with @etiennemunnich to talk about his work with LLMs and CRS rules
Testing incl. Seaweed and many future plans
Containers
- Releases for updated modsecurity versions
Project discussions and decisions
- CRS v4 LTS update
- What work still needs to be completed here? What help is needed to get this over the line?
- refactor: Suggestion to increase paranoia of 942430 #4179 -> Do we want to move rule 942430 from PL2 to PL3?
- Remove Rule Duplicates That Are Due to Modsecurity 2 httpd Regex Size Limitations (Remove Rule Duplicates That Are Due to Modsecurity 2 httpd Regex Size Limitations #4149)
Rules development, key project numbers
PRs that have been merged since the last meeting
- chore(deps): update owasp/modsecurity-crs:apache docker digest to bc5265b in tests/docker-compose.yml #4180
- chore(deps): update owasp/modsecurity-crs:nginx docker digest to 6dd9a8a in tests/docker-compose.yml #4181
- fix(950150): commit bad version #4183
- feat: added detection for ASP.NET errors #4092
- feat: Update java-classes.data #4173
- fix: use word bondary on 952110 to avoid matching non-java errors #4177
- chore: post-release v4.17.0-dev #4176
- fix(951xxx): remove dot star #4171
- chore: release v4.16.0 #4175
- feat: added zmodload and sudo-rs #4143
- feat: added MongoDB operators #4162
- feat: added rule to detect Bash Brace Expansion #3780
- fix(933160): remove dot star #4167
- refactor(942340): move to regex assembly #4014
- feat: update
java-errors.data#4113 - fix(942340): remove dot star #4164
- fix: create a stricter sibling to 932370 and move
atto PL-2 (932370 PL-1, 932371 PL-2) #4015 - feat: detect generic config filenames #4102
- fix(933150): moving printf to 933160 for additional php syntax check (933150 PL-1, 933160 PL-1) #3840
- fix(955xxx): remove dot star #4169
- fix(932370): remove dot star #4166
- fix(934140): remove dot star #4165
- fix: update rule 942560 #4161
We merged 23 PRs since the last monthly project chat.
Open PRs
Open PRs marked DRAFT or work in progress or needs action
- ci: add pre-commit crs-toolchain run #4182
- fix(942550): cleanup regex #3767
- fix(942550): remove dot star #4178
- feat: added detection for ruby errors and code leakage #4089
- feat: added detection for RCE via Referer header #3993
- chore: update restricted-upload-data with crs-toolchain #4117
- refactor: Suggestion to increase paranoia of 942430 #4179
- feat: Add product name tags #3960
- chore: find rules without test #3881
- fix(932130): use lazy regex #3730
- fix(932205): remove dot star #4168
- chore: add quant as comment #3925
- feat: added detection for quote evasion #3813
- fix(security): resolve SQL injection protection bypass (942380 PL2) #3720
- fix(test): move xss test from 942180 to 941210 #4012
How to get to our slack and join the meeting?
If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .
Everybody is welcome to join our community chat.