8000 Agenda for 11/6/2017 · Issue #925 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
8000

Agenda for 11/6/2017 #925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
CRS-migration-bot opened this issue May 13, 2020 · 4 comments
Closed

Agenda for 11/6/2017 #925

CRS-migration-bot opened this issue May 13, 2020 · 4 comments

Comments

@CRS-migration-bot
Copy link

Issue originally created by user csanders-git on date 2017-10-26 17:23:30.
Link to original issue: SpiderLabs/owasp-modsecurity-crs#925.

Agenda for the CRS project / community chat on Nov 6

  • Promotion of 3 heavy contributors to developers (fgsch, fzipi and spartantri)
    Docs will be updated to reflect their promotion, congrats and thank you!!!
  • CRS Summit at AppSecEU in June in Tel Aviv (?)
    dune73 will setup a project and let us know the status as we move along.
    fzipi spoke at OWASP Dev Summit about WAF test data. A new license is available (https://cdla.io/)
  • Testing (FTW is working when using with Re-added some conftest.py magic ftw#14)
    PR is awaiting merge but seems to be working well.
    dune73 plans to write a blog.
  • Idea to update release poster (with logo in the center)
    We had some great press about the poster.
    Need to check balance, Dune73 will finance privately.
    Shooting for by AppSecEU
  • Idea to start to sell the release poster via a printing service like Redbubble
  • Info: CRS nominated for the German Open Source Business award (http://osbar.it)
  • Plans for new blog posts
    Franbuehler writing up about SQL disassembly
    dune73 writing about FTW
    csanders-git writing about Apache vulnerability breakdown.
  • [PR Create REQUEST-944-APPLICATION-ATTACK-JAVA.conf #881] : Java Attacks
    Will be assigned to csanders-git
  • [PR Classic SQL injection probing rule split 942370 #884] : SQL injection probing rule split 942370
    emphazer is working on a PR for this so it's in line with franbuelers comments.
  • [PR Command substitution backquoted version support #896] : Command substitution backquoted version support
    Splitting into two and fixing conflict when available.
  • [PR Working Dokuwiki and Nextcloud rulesets. #899] : Dokuwiki and Nextcloud exclusion packages (work in progress)
    Will be done when submitter has time.
  • [PR duplicated header bypax fix and chunk support #905] : Duplicated header bypass fix and chunk support
    csanders-git and fzipi are going to take the helm on getting this one through.
  • [PR Adding myself as contributor #922] : New developers (see above)
    Merged, need to add other testers also.
    remove spratantri from 905 as contributor
  • Many PRs / test updates by azhao155 (which are awesome). Bring up a question about what to do with Apache versus Nginx behaviors when the underlying engine 'fixes' and issue.
    Going to add support for multiple return status. This should take care of all the test updates.
  • [Issue For discussion: Add CVEs and CWEs tags for all rules where appropriate? #924] (on request of fgsch who might skip the chat)
  • Release 3.1 planning
    Possible after JS fixes are done.
  • Stickers and maybe shirts (for appsec eu) Redbubble

Squared's update.

  • New ModSec t-shirt -> The small batch for AppSec ended at the event and I'm trying to get a new batch printed for the next event. Hopefully will have ready by end of month
  • ModSec 3.0 talk on B-sides Toronto next week: http://www.bsidesto.ca/abstracts.html#6
  • BlackHat Europe Arsenal demo for libModSecurity in December: https://www.blackhat.com/eu-17/arsenal/schedule/#modsecurity-300-9079
  • We are working very hard on v3 and we hope to have a second release some time this year but not sure yet when.
  • We've been incredibly busy with all things ModSec related lately, hence why we are not able to work much on CRS. Let us know if you know anyone to join our team to help us :)
  • No plans for 2.9.3 yet. Definitely not for this year.
  • Still not time to look into those language encoding issues. Hopefully we will able to once v3 is released.
@CRS-migration-bot
Copy link
Author

User dune73 commented on date 2017-10-26 18:48:36:

I think it is best to enter update right into csanders-git's description. Non-developers ideally comment and we can then add it for you into the agenda.

@CRS-migration-bot
Copy link
Author

User fgsch commented on date 2017-11-01 13:16:25:

I'd like to add #924 to the agenda.

Also, I'm currently in Japan so it might be too early for me to attend :(

@CRS-migration-bot
Copy link
Author

User dune73 commented on date 2017-11-01 13:19:39:

done

@CRS-migration-bot
Copy link
Author

User dune73 commented on date 2017-11-14 04:58:38:

Did that monthly chat.

The minutes of the talk are https://coreruleset.org/20171107/crs-project-news-november/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CRS-migration-bot
0