8000 Monthly Chat Agenda January 2025 (2025-01-06) · Issue #3975 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Monthly Chat Agenda January 2025 (2025-01-06) #3975
New issue
New issue
Closed
1 of 1 issue completed
Closed
Monthly Chat Agenda January 2025 (2025-01-06)#3975
1 of 1 issue completed
Labels
🔖 Meeting Agenda
@fzipi

Description

@fzipi
fzipi
opened on Jan 6, 2025

This is the Agenda for the Monthly CRS Chat.

The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on the first Monday of the month (usually), at 20:30 CET (CEST during summer in the Northern Hemisphere). Please note that we have a CRS calendar (maintained by @fzipi).

Archived previous meetings and their decision are here.

What happened in the meantime since the chat last month

Outside development

  • No news here.

Inside development

Rules

  • No news here.

CRS Sandbox

  • No news here.

Security

  • We still have some pending issues to triage.

Plugins

  • No news here.

Documentation and Public Relations

  • We still have pending the documentation refactoring PR.

Project Administration and Sponsor relationships

  • Let's discuss our organisational setup. We only have one leader now but used to have three. Also, @fzipi can't do everything and we don't want him to burn out.

Tools

  • New go-ftw version 1.2.0 is out! 🎉
  • Release of crs-toolchain 2.3.2! 🎉 (not yet ready for CRS to use)
  • CRS CI updated to use the new versions of go-ftw and secrule_parsing

Containers

  • Nginx container has a new configuration when WAF returns 403 for CORS preflights.
  • Improved validation and configuration of rules through environment variables

Project discussions and decisions

  • Shall we include utf-16 as a default, approved allowed charset?
  • Proposal: use lowercase in all rules that ignore case. If we decide 👍 , then create a follow-up issue to change the rules that do not comply, and add documentation in the contribution page.
  • There is a dataset with AI prompt injections at https://huggingface.co/datasets/hackaprompt/hackaprompt-dataset. This could be a base to develop AI prompt injection rules, possibly as a plugin. The guys behind the data set are interested in a call. Who from CRS would like to join?
  • LTS status update (this should be a standing item on the agenda up until the LTS release)
  • ⌚ Proposal: Timeliness for future project meetings: We should make a fresh effort to keep project meetings within time.
    We should aim for and advertise 60 minute meetings and have a cut-off time of 90 minutes for flexibility (e.g. discussion of a more complex topic). If 2 or 3 people need a longer chat on a tricky topic, have the chat outside of the project meeting. Reasons:
    • Respect everybody's time
    • Easier to attend & broader time zone representation (for some people the meeting time is very early, very late, or during work hours)
    • Encourage participation (few people want to voluntarily attend long meetings…)
  • Quick test of Slack Hangouts for first live Q&A

Rules development, key project numbers

PRs that have been merged since the last meeting

We merged 14 PRs since the last monthly project chat.

Open PRs

Open PRs marked DRAFT or work in progress or needs action

How to get to our slack and join the meeting?

If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .

Everybody is welcome to join our community chat.

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    🔖 Meeting Agenda

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0