Software 42815 Published by

OWASP CRS 4.9.0 comprises a set of attack detection rules intended for compatibility with ModSecurity or alternative web application firewalls. Several important changes have been made to the update, such as adding a variable to get around response rules, adding fish shell files to restricted-files.data, and adding quantitative testing to the Git workflow.



coreruleset v4.9.0

What's Changed

:star: Important changes

  • feat: add variable to skip response rules by  @fzipi in  #3944

:new: New features and detections :tada:

  • feat: add fish shell files to restricted-files.data by  @OhMyVolk in  #3915
  • feat: add quantitative testing to Git workflow by  @airween in  #3924

:toolbox: Other Changes

  • feat: added support for new web shells by  @azurit in  #3898
  • fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3) by  @azurit in  #3741
  • docs: extended rule documentation (900200) by  @dune73 in  #3934

New Contributors

Full Changelog v4.8.0...v4.9.0

Release v4.9.0 · coreruleset/coreruleset