OWASP CRS v4.16.0, a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls, has been released, introducing new features and detections. The update encompasses remediation for Python SSTI, enhancements to rule sets, detection of generic configuration filenames, updates to java-errors.data, rule detection for Bash Brace Expansion, MongoDB operators, zmodload, and sudo-rs. Other changes include removing dot stars, moving printf to 933160 for better PHP syntax checking, creating a stricter sibling, and switching to regex assembly.

Coreruleset Release v4.16.0

What's Changed

New features and detections

• feat: remediation for Python SSTI by  @TheRubick in  #4145
• fix: update rule 942560 by  @Xhoenix in  #4161
• feat: detect generic config filenames by  @EsadCetiner in  #4102
• feat: update java-errors.data by  @Xhoenix in  #4113
• feat: added rule to detect Bash Brace Expansion by  @Xhoenix in  #3780
• feat: added MongoDB operators by  @Xhoenix in  #4162
• feat: added zmodload and sudo-rs by  @Xhoenix in  #4143

Other Changes

• fix(941160): remove dot star by  @fzipi in  #4155
• fix(934140): remove dot star by  @fzipi in  #4165
• fix(932370): remove dot star by  @fzipi in  #4166
• fix(955xxx): remove dot star by  @Xhoenix in  #4169
• fix(933150): moving printf to 933160 for additional php syntax check (933150 PL-1, 933160 PL-1) by  @EsadCetiner in  #3840
• fix: create a stricter sibling to 932370 and move at to PL-2 (932370 PL-1, 932371 PL-2) by  @EsadCetiner in  #4015
• fix(942340): remove dot star by  @fzipi in  #4164
• refactor(942340): move to regex assembly by  @fzipi in  #4014
• fix(933160): remove dot star by  @fzipi in  #4167

New Contributors

• @TheRubick made their first contribution in  #4145

Full Changelog:  v4.15.0...v4.16.0

Release v4.16.0 · coreruleset/coreruleset