OWASP CRS 4.11.0 has been released, featuring the removal of certain rules, including those related to the absence of viable attack scenarios, aliases, and function names. Additional modifications consist of rendering 932300 case-insensitive, eliminating SQL function names, and resolving issue 3809.
Coreruleset Release v4.11.0
What's Changed
Rule removals
Other Changes
- fix: remove aliases man, mi, si and resolve positives (932125 PL1) by @franbuehler in #3971
- fix: remove where, if, for and vol and resolve false positives (932380 PL1) by @franbuehler in #3972
- fix: make 932300 actually case-insensitive by @theseion in #3977
- fix: remove sql function names to resolve false positives (942151 PL1) by @franbuehler in #3973
- fix: issue 3809 by @Xhoenix in #3983
Full Changelog: v4.10.0...v4.11.0