The release of OWASP CRS 4.14.0 brings new features and detections, such as the ability to detect ASP web shells, compressed database dumps, and JavaScript methods. Other changes include fixing FPs related to rule 951220, blocking TTF font files, detecting forward slashes in paths, and removing .application from restricted extensions.
Coreruleset Release v4.14.0
What's Changed
New features and detections
- feat: detect ASP web shells by @Xhoenix in #4063
- feat: detect compressed database dumps by @EsadCetiner in #4082
- feat: detect javascript methods import fetch console.log
console.dirby @EsadCetiner in #4076
Other Changes
- fix: fixing FPs related to rule 951220 by @azurit in #4079
- fix: don't block ttf font files by @EsadCetiner in #4081
- fix: 932270 FP by @Xhoenix in #3917
- fix(954100): detect forward slash in path by @Xhoenix in #4094
- fix: remove
.applicationfrom restricted extensions by @EsadCetiner in #4103- fix: 44J-250329 by @EsadCetiner in #4107
Full Changelog: v4.13.0...v4.14.0
