8000 Comparing v4.10.0...v4.11.0 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coreruleset/coreruleset
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.10.0
Choose a base ref
...
head repository: coreruleset/coreruleset
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.11.0
Choose a head ref
  • 12 commits
  • 49 files changed
  • 5 contributors

Commits on Dec 29, 2024

  1. chore: post-release v4.11.0-dev (#3968) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Dec 29, 2024
    Configuration menu
    Copy the full SHA
    6bef99a View commit details
    Browse the repository at this point in the history

Commits on Dec 30, 2024

  1. feat: release yaml support for new label release:remove-rules (#3970)

    @dune73
    dune73 authored Dec 30, 2024
    Configuration menu
    Copy the full SHA
    cf4cfc1 View commit details
    Browse the repository at this point in the history

  2. feat: Remove rules for lack of viable attack scenario (920220 PL1, 92… 

    …0221 PL1) (#3969)

Rules 920220 and 920221 caused a lot of FPs in CRS4. After discussing
the rules and potential fixes in issue 3926, we decided to remove the
rules. Mainly because we can not think of a generic attack scenario
that uses / abuses encoding this way.

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
    @dune73 @theseion
    dune73 and theseion authored Dec 30, 2024
    Configuration menu
    Copy the full SHA
    f758804 View commit details
    Browse the repository at this point in the history

Commits on Dec 31, 2024

  1. fix: remove aliases man, mi, si and resolve positives (932125 PL1) (#… 

    …3971)

* fix: remove aliases man, mi, si and resolve positives (932125 PL1)

* fix: remove aliases man, mi, si and resolve false positives (932125 PL1)
    @franbuehler
    franbuehler authored Dec 31, 2024
    Configuration menu
    Copy the full SHA
    b6e2cd6 View commit details
    Browse the repository at this point in the history

Commits on Jan 2, 2025

  1. fix: remove where, if, for and vol and resolve false positives (93238… 

    …0 PL1) (#3972)

* fix: remove where, if, for and vol and resolve false positives (932380 PL1)

* fix: remove where, if, for and vol and resolve false positives (932380 PL1)
    @franbuehler
    franbuehler authored Jan 2, 2025
    Configuration menu
    Copy the full SHA
    161d897 View commit details
    Browse the repository at this point in the history

Commits on Jan 5, 2025

  1. chore: update go-ftw and secrultes_parsing versions (#3974)

    @theseion
    theseion authored Jan 5, 2025
    Configuration menu
    Copy the full SHA
    f0c141a View commit details
    Browse the repository at this point in the history

Commits on Jan 10, 2025

  1. chore: update crs-toolchain (#3976)

    @theseion
    theseion authored Jan 10, 2025
    Configuration menu
    Copy the full SHA
    1784ad5 View commit details
    Browse the repository at this point in the history

  2. fix: make 932300 actually case-insensitive (#3977) 

    - properly apply regex flags
- clean up regular expressions
    @theseion
    theseion authored Jan 10, 2025
    Configuration menu
    Copy the full SHA
    412f32b View commit details
    Browse the repository at this point in the history

  3. fix: remove sql function names to resolve false positives (942151 PL1) ( 

    #3973)

* fix: remove sql function names to resolve false positives (942151 PL1)

* fix: remove sql function names to resolve false positives (942151 PL1)

* fix: remove sql function names to resolve false positives (942151 PL1)

* fix: remove sql function names to resolve false positives (942151 PL1)

* fix: remove sql function names to resolve false positives (942151 PL1)

* fix: remove sql function names to resolve false positives (942151 PL1)

* fix: replace http/1.0 with 1.1

* Apply suggestions from code review

add suggestions from review

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update regex-assembly/exclude/sql-injection-function-names-fps-pl1.ra

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

---------

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
    @franbuehler @theseion
    franbuehler and theseion authored Jan 10, 2025
    Configuration menu
    Copy the full SHA
    b70bf85 View commit details
    Browse the repository at this point in the history

Commits on Jan 22, 2025

  1. fix: issue 3809 (#3983) 

    * fix: issue 3809

* Update crs-setup.conf.example

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update crs-setup.conf.example

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update crs-setup.conf.example

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update crs-setup.conf.example

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

---------

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
    @Xhoenix @theseion
    Xhoenix and theseion authored Jan 22, 2025
    Configuration menu
    Copy the full SHA
    465d873 View commit details
    Browse the repository at this point in the history

Commits on Jan 24, 2025

  1. chore: remove unused negative lookagead script (#3984) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Jan 24, 2025
    Configuration menu
    Copy the full SHA
    002967c View commit details
    Browse the repository at this point in the history

Commits on Jan 27, 2025

  1. chore: release 4.11.0 (#3986) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Jan 27, 2025
    Configuration menu
    Copy the full SHA
    31c7a4b View commit details
    Browse the repository at this point in the history
Loading
0