Software 42939 Published by

OWASP CRS 4.11.0 has been released, featuring the removal of certain rules, including those related to the absence of viable attack scenarios, aliases, and function names. Additional modifications consist of rendering 932300 case-insensitive, eliminating SQL function names, and resolving issue 3809.



Coreruleset Release v4.11.0

What's Changed

:headstone: Rule removals

  • feat: Remove rules for lack of viable attack scenario (920220 PL1, 920221 PL1) by  @dune73 in  #3969

:toolbox: Other Changes

  • fix: remove aliases man, mi, si and resolve positives (932125 PL1) by  @franbuehler in  #3971
  • fix: remove where, if, for and vol and resolve false positives (932380 PL1) by  @franbuehler in  #3972
  • fix: make 932300 actually case-insensitive by  @theseion in  #3977
  • fix: remove sql function names to resolve false positives (942151 PL1) by  @franbuehler in  #3973
  • fix: issue 3809 by  @Xhoenix in  #3983

Full Changelog v4.10.0...v4.11.0

Release v4.11.0 · coreruleset/coreruleset