The OWASP CRS 4.19.0 has been released, providing enhanced protection against a wide array of web attacks through its integration with ModSecurity or compatible web application firewalls. This update includes several new features and detections to improve the system's security capabilities, as well as fixes to address issues with LFI rules, generic SQLSTATE error codes, and false positives. The release also includes adjustments to enhance the efficiency of regex cleanup and reduce false positives triggered by PHP response rules.

OWASP CRS 4.19.0 released

OWASP CRS 4.19.0 has been released, providing web applications with enhanced protection against a wide array of attacks through integration with ModSecurity or compatible web application firewalls. This robust set of generic attack detection rules is designed to safeguard applications from the most common threats, including those listed in the OWASP Top Ten, while minimizing false alerts.

Notable updates have been made to the latest version of the OWASP CRS, ensuring improved security and performance for users. One significant refactor has deleted a redundant rule, streamlining the system. Furthermore, several new features and detections have been added to enhance the protection capabilities of the OWASP CRS.

To address various issues, several fixes have been implemented. The LFI (Local File Inclusion) rules have been updated to improve their effectiveness. Additionally, adjustments have been made to prevent false positives caused by blocking specific file extensions and question marks. Moreover, a fix has been applied to remove generic SQLSTATE error codes that were triggering unnecessary alerts.

The OWASP CRS 4.19.0 also includes several other changes aimed at reducing false positives and improving the overall performance of the system. For instance, regex cleanup has been enhanced to improve its efficiency. Adjustments have also been made to reduce false positives triggered by PHP response rules. Additionally, a feature has been added to whitelist application/csp-report content-type headers, ensuring that legitimate reports are not flagged as potential threats.

In short, the new version of OWASP CRS 4.19.0 provides better protection against web attacks by working with ModSecurity or similar web application firewalls. By addressing various issues and implementing new features, this version ensures improved security and performance for users, making it an essential update for anyone utilizing the OWASP CRS to safeguard their applications.

The changes made in this release include:

• A refactor of a redundant rule
• Several new features and detections added to enhance protection capabilities
• Fixes implemented to address issues with LFI rules, generic SQLSTATE error codes, and false positives caused by blocking specific file extensions and question marks
• Adjustments made to improve the efficiency of regex cleanup
• Additional changes to reduce false positives triggered by PHP response rules
• A feature added to whitelist application/csp-report content-type headers

For additional details and download links, please refer to the GitHub page linked below:

Coreruleset Release v4.19.0

What's Changed Important changes refactor: 920340 - delete 920341 by @touchweb-vincent in #4268 New features and detections fix: update lfi-os-files.data by @Xhoenix in #4240 Other Chan...

Release v4.19.0 · coreruleset/coreruleset