A new version of the OWASP CRS for ModSecurity or similar web application firewalls has come out with improvements and new ways to detect issues, including adding User-Agent and Referer to the targets, updating java-classes.data, and adding ways to block database YAML files. Other changes include fixing false positives with title_strip_tags, removing the self command, getting rid of the rc shell, eliminating unnecessary character classes, and adding word endings to the Unix command sendmail. You can find the full list of changes in the coreruleset/coreruleset release. Additional modifications involve addressing false positives with title_strip_tags, eliminating the self command, removing the rc shell, discarding unnecessary character classes, and incorporating word endings into the Unix command sendmail.

OWASP CRS v4.15.0

What's Changed

New features and detections

• feat: add User-Agent and Referer into targets (942280 PL1) by  @azurit in  #4115
• feat: update java-classes.data by  @Xhoenix in  #4080
• feat: block database yaml files by  @EsadCetiner in  #4130

Other Changes

• fix: false positive with title_strip_tags by moving strip_tags to 933160 by  @EsadCetiner in  #4105
• fix: remove self command by  @EsadCetiner in  #4111
• fix: remove rc shell to reduce FPs by  @theseion in  #4125
• feat: remove unnecessary character class from 933151 by  @TimDiam0nd in  #4135
• fix: false positives with session tokens/cookies 933150 by  @EsadCetiner in  #4142
• fix: add word ending to unix command sendmail (932235 PL1, 932236 PL2, 932239 PL2, 932260 PL1) by  @franbuehler in  #4141
• feat: 933151 change from capture and double pmf to regex by  @TimDiam0nd in  #4139
• feat: 933120 change from capture and double pmf to regex by  @TimDiam0nd in  #4138
• feat: remove exclusion of deprecated __utm cookies by  @theseion in  #4151

Full Changelog:  v4.14.0...v4.15.0

Release v4.15.0 · coreruleset/coreruleset