OWASP CRS 4.17.0, a collection of general rules for spotting attacks that work with ModSecurity or similar web application firewalls, has been released and features important updates, such as the removal of PCI DSS tags and the introduction of new features and detection methods. These include detection for ASP.NET errors, RCE via the Referer header, LaTeX injection, and Ruby errors. Other changes include fixing dot stars, using word boundaries, updating java-classes.data, and updating file uris.
Coreruleset Release v4.17.0
What's Changed
Important changes
New features and detections
- feat: added detection for ASP.NET errors by @Xhoenix in #4092
- feat: added detection for RCE via Referer header by @Xhoenix in #3993
- feat: added detection for LaTeX injection by @Xhoenix in #4206
- feat: added detection for ruby errors and code leakage by @Xhoenix in #4089
Other Changes
- fix(951xxx): remove dot star by @Xhoenix in #4171
- fix: use word bondary on 952110 to avoid matching non-java errors by @EsadCetiner in #4177
- feat: Update java-classes.data by @KIC-8462852 in #4173
- fix(931130): update file uri with single slash by @fzipi in #4193
- fix(932281): avoid matching on json payloads by @EsadCetiner in #4187
- fix: 932280/932281 bypass by @Xhoenix in #4207
New Contributors
- @KIC-8462852 made their first contribution in #4173
- @pre-commit-ci[bot] made their first contribution in #4185
- @pha6d made their first contribution in #4203
Full Changelog: v4.16.0...v4.17.0
