owasp-modsecurity-crs-4.10.0-1.1 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity
or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks,
including the OWASP Top Ten, with a minimum of false alerts.

Provides

• owasp-modsecurity-crs

Requires

• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

Apache-2.0

Changelog

* Thu Jan 23 2025 pgajdos@suse.com
  - package cleanup, coordinated with apache2-mod_security2
    cleanup
  - version update to 4.10.0
    * New features and detections
    - feat: block CVE-2023-5003 by @azurit in https://github.com/coreruleset/coreruleset/pull/3955
    - feat: prevent accessing PHP variables by @azurit in https://github.com/coreruleset/coreruleset/pull/3965
    * Other Changes
    - fix: FP against `pattern` with `=` following at arbitrary position by @theseion in
      https://github.com/coreruleset/coreruleset/pull/3963
* Tue Dec 03 2024 Flavio Castelli <fcastelli@suse.com>
  - Version 4.9.0
    * Important changes
    - feat: add variable to skip response rules by @fzipi in #3944
    * New features and detections
    - feat: add fish shell files to restricted-files.data by @OhMyVolk in #3915
    - feat: add quantitative testing to Git workflow by @airween in #3924
    * Other Changes
    - feat: added support for new web shells by @azurit in #3898
    - fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3) by @azurit in #3741
    - docs: extended rule documentation (900200) by @dune73 in #3934
  - Version 4.8.0
    * Important changes:
    - fix: 9EA-241022 v4 by @RedXanadu in #3905
    * New features and detections
    - chore: set up nginx tests by @theseion in #3856
    * Other Changes
    - fix: remove unnecessary capture groups by @TimDiam0nd in #3849
    - fix(942120): update operators by @Xhoenix in #3841
    - fix(933120): do not match on base64 encoded strings by @fzipi in #3863
    - fix(refactor): 942130 and 942131 regex-assembly by @Xhoenix in #3862
    - fix(942520): SQL operators can be one or more characters by @Xhoenix in #3845
    - chore: remove verify id-range by @fzipi in #3885
    - chore: remove find-max-datalen-in-tests by @fzipi in #3891
    - chore: remove honeypot sensor by @fzipi in #3883
    - chore: remove browser tools by @fzipi in #3887
    - chore: remove send-payload-pls by @fzipi in #3879
    - chore: remove geo-location by @fzipi in #3875
    - chore: remove crs2 renumbering by @fzipi in #3873
    - chore: remove change-version script by @fzipi in #3869
    - chore: remove join multiline rules by @fzipi in #3877
    - chore: remove av-scanning by @fzipi in #3871
    - chore: remove util virtual patching by @fzipi in #3889
    - fix: include v3.3.6 release notes in latest by @fzipi in #3867
    - chore: remove fp-finder by @fzipi in #3893
  - Version 4.7.0
    * New features and detections
    - feat: added sendgrid.env into restricted files by @azurit in #3823
    * Other Changes
    - fix: Changed regex (920470) to match multiple whitespaces after Content-Type parameters to avoid false-positives by @lostmann-owl-it in #3818
    - fix: fp with user-agent containing ; pg (932239 PL2) by @franbuehler in #3727
    - fix: update xss detection with onwebkitplaybacktargetavailabilitychanged event by @fzipi in #3822
    - feat: refactoring (944110 PL1) by @azurit in #3715
  - Version 4.6.0
    * Important changes:
    - fix: prevent using backslash in file names by @fzipi in #3799
    - feat: add new rule to catch invalid character in multipart headers by @airween, @theseion, @fzipi in #3796
    * Other Changes
    - feat: rule to detect bash tilde expansion by @Xhoenix in #3765
    - fix: Update 932270's ver by @airween in #3786
    - perf: remove unnecessary chain rule and capture (921180 PL3) by @EsadCetiner in #3787
    - fix: add pem to restricted file extensions by @EsadCetiner in #3789
    - fix(942160): check REQUEST_FILENAME by @mat1010 in #3782
  - Version 4.5.0
    * New features and detections
    - feat: added arithmetic expansion payload by @Xhoenix in #3756
    * Other Changes
    - fix(security): alias false negative by @Xhoenix in #3740
    - feat: add test overrides for nginx by @theseion in #3369
    - fix: use proper capture for log output of 932300 by @theseion in #3763
    - chore: use lowercase character class for 932320 by @theseion in #3772
    - fix: remove nonnecessary variable (932260 PL1) by @dune73 in #3773
  - Version 4.4.0
    * New features and detections
    - feat: skip response rules if data are compressed by @azurit in #3742, #3712
    * Other Changes
    - fix(934140): update regex by @fzipi in #3731
    - fix: replacing t:UrlDecode with t:UrlDecodeUni (921240 PL1, 932170 PL1, 932171 PL1, 932190 PL3, 932190 PL1, 933211 PL3, 941310 PL1, 941350 PL1) by @azurit in #3713
  - Version 4.3.0
    * New features and detections
    - feat: catch Java PostgreSQL errors (951240 PL1) by @azurit in #3686
    - feat: block The Mysterious Mozlila User Agent bot (913100 PL1) by @brentclark in #3646
    * Other Changes
    - fix: Oracle SQL database data leakage FP (951120 PL1) by @azurit in #3685
    - fix: typos in 920330 and 942280 tests by @TimDiam0nd in #3688
    - test: change pl-1 to pl1 to be inline with others by @TimDiam0nd in #3690
    - feat: use renovate to update docker-compose by @theseion in #3697
    - fix: FP for sched (932235 PL1, 932236 PL2, 932237 PL3, 932239 PL2, … by @theseion in #3701
    - fix: collections not being initialized without User-Agent header by @azurit in #3645
    - feat: refactoring of rule 941310 (PL1 941310) by @azurit in #3700
    - fix: resolving more FPs with Oracle error messages (951120 PL1) by @azurit in #3703
    - fix: removing double t:urlDecodeUni (920221 PL1, 920440 PL1, 932200 PL2, 932205 PL2, 932206 PL2) by @azurit in #3699
    - fix: false positives from PHP config directives and functions (933120 PL1, 933151 PL2) by @ssigwart in #3638
    - feat: prevent detection of web shells rules as malware by Windows Defender (955260 PL1) by @azurit in #3687
    - fix: fp with name axel by removing it from rce rule (932260 PL1) by @franbuehler in #3705
  - Version 4.2.0
    * Changes with direct rule impact (sorted by lowest rule ID per change where available):
    - fix: increase length of Accept-Encoding header from 50 to 100 (920520 PL1) (Franziska Bühler) [#3661]
    - fix: add missing roundcube files (930120 PL1, 930121 PL2, 930130 PL1, 932180 PL1) (Esad Cetiner) [#3635]
    - fix: add visudo and cscli to unix-shell.data (932160 PL1, 932161 PL2) (Esad Cetiner) [#3663]
    - feat: block crowdsec cscli and visudo commands (932235 PL1, 932236 PL2, 932237 PL3, 932239 PL2, 932260 PL1) (Esad Cetiner) [#3649]
    - fix: add detection for php evasion attempt (933100 PL1) (Franziska Bühler) [#3667]
    * Changes without direct rule impact:
    - feat: disassemble php rule (933100 PL1) (Franziska Bühler) [#3662]
    - chore: remove references to nonexistant 942110 rule (Esad Cetiner) [#3648]
  - Version 4.1.0.
    - feat: add check for combinations of t:lowercase and (?i) to lint (Franziska Bühler) [#3584]
    - feat: add support for additional ansible and chef commands (932160 PL1, 932161 PL2, 932235 PL1, 932260 PL1, 932236 PL2, 932239 PL2, 932237 PL3) (Esad Cetiner) [#3601]
    - feat: move HTTP header rules to phase 1 (932161 PL2, 932205 PL2, 932206 PL2, 932237 PL3) (Esad Cetiner) [#3570]
    - fix: prevent FPs against names due to "cron" (932260 PL1, 932236 PL2, 932237 PL3, 932239 PL2) (@superlgn) [#3578]
    - fix: add missing tags and ver action (various rules) (Jozef Sudolský) [#3571]
    - fix: adding more missing tags and ver actions (Jozef Sudolský) [#3593]
    - fix: do not check URL fragments in referer headers as part of the existing rule to prevent FPs (932205 PL2) (Max Leske) [#3485]
    - fix: range expressions must not start with \v (various rules) (Max Leske) [#3615]
    - fix: remove t:lowercase from rules that use '(?i)' modifier in their regex (942150 PL2, 942151 PL1, 942152 PL2) (Ervin Hegedus) [#3585]
    - test: change HTTP method to uppercase for test 932260-28 (Matteo Pace) [#3580]
    - chore(deps): update workflow actions (Max Leske) [#3613]
    - chore: add Esad Cetiner to list of developers (@EsadCetiner) [#3589]
  - Version 4.0.0.
    * Important changes:
    - feat: introduce plugin architecture for extending CRS and minimizing attack surface. (Christian Folini, Max Leske, Jozef Sudolský, Andrew Howe) [#2038, #2448, #2404]
    - feat: migrate application exclusions and less-used functionality to plugins (Christian Folini, Max Leske, Jozef Sudolský, Andrew Howe)
    - feat: introduce early blocking option (Christian Folini) [#1955]
    - feat: introduce new rule file/category to detect use of common web shells in responses (955100-955340 PL1, 955350 PL2) (Jozef Sudolský, Andrea Menin) [#1962, #2039, #2116]
    - feat: rename 'Node.js' category to 'generic' (Felipe Zipitría) [#2340]
    - feat: make all formerly PCRE-only regular expressions compatible with RE2/Hyperscan regular expression engines (Max Leske, Felipe Zipitría, Allan Boll, Franziska Bühler) [#1868, #2356, #2425, #2426, #2371, #2372]
    - feat: add support for HTTP/3 (Jozef Sudolský) [#3218]
    - feat: add granular control over reporting levels in 9801xx rules (Simon Studer, Andrew Howe, Christian Folini) [#2482, #2488]
    - feat: add new rule to explicitly detect multiple Content-Type abuse (CVE-2023-38199) (920620 PL1) (Andrea Menin) [#3237]
    - feat: add enable_default_collections flag to not initialize collections by default (Matteo Pace) [#3141]
    - feat: extend definition of restricted headers to include Content-Encoding and Accept-Charset by default (920450 PL1, 920451 PL2) (Walter Hop) [#2780, #2782]
    - feat: drop HTTP/0.9 support to resolve FP (Federico G. Schwindt) [#1966]
    - fix: refactor and rename anomaly scoring variables and paranoia level definition (Simon Studer) [#2417]
    - tests: complete goal of 100% test coverage for rules (entire team, Juan-Pablo Tosso, NiceYouKnow)
    - feat: switch to using WordNet instead of spell for finding English words in spell.sh (Max Leske) [#3242]
    - feat: publish nightly packages regularly (Felipe Zipitría) [#2207]
    * Changes with direct rule impact (sorted by lowest rule ID per change where available):
    - feat: add placeholder files for new plugin architecture (Walter Hop) [#2515]
    - feat: check initialization and use for all TX variables (Ervin Hegedus) [#3043]
    - feat: extend rule to detect restricted method override headers (Mark Zeman / KramNamez) [#3056]
    - feat: extend rules to detect keyword time as prefix of *nix and Windows RCE rules (rules later replaced) (Franziska Bühler) [#2819]
    - feat: improve Unix shell evasion prefix (various rules) (Jitendra Patro, Max Leske) [#3518]
    - feat: improve performance by removing unnecessary lowercase transformations (various rules) (Jozef Sudolský) [#2106]
    - feat: add additional prefix commands to 'unix-shell-evasion-prefix' (various rules) (Jitendra Patro) [#3557
    - feat: consolidate 'unix-evasion-prefix*' files to ensure they don't diverge (various rules) (Franziska Bühler, Max Leske, Andrew Howe) [#3531]
    - feat: move regexp-assemble data files to root directory (Felipe Zipitría) [#3002]
    - feat: move rules to the earliest phase possible based on their inputs (various rules) (Ervin Hegedus) [#1941]
    - feat: remove superfluous 'urlDecodeUni' transformations (various rules) (Federico G. Schwindt) [#1845]
    - feat: rename 'tx.blocking_early' to 'tx.early_blocking' (various rules) (Christian Folini) [#2414]
    - feat: simplify regular expressions by replacing upper-case with lower-case matches if the expression is case-insensitive (various rules) (Felipe Zipitría) [#2485]
    - feat: remove SecCollectionTimeout from crs-setup.conf (Christian Folini) [#3559]
    - fix: do not log 'MATCHED_VAR' when the it contains the full response body (various rules) (Jozef Sudolský) [#1985]
    - fix: do not unnecessarily escape forward slashes in regular expressions (various rules) (Federico G. Schwindt) [#1842]
    - fix: reformat several initialization rules to follow project guidelines (Ervin Hegedus) [#3157]
    - fix: remove auditLogParts actions from all rules where present (Andrea Menin, Ervin Hegedus) [#3034, #3081]
    - fix: remove uncommon Content Types from default in crs-setup.conf.example (Andrea Menin) [#2768]
    - fix: update diverse rules to follow new naming convention with paranoia level TX variables (Christoph Hansen) [#2937]
    - fix: update various rules to consolidate use of backslashes to \x5c representation for better compatibility with known WAF engines (various rules) (Andrew Howe, Max Leske) [#2335, #2345, #2375, #2376, #2399, #2400, #2402, #2410, #2420, #2441, #2442, #2454, #2426]
    - fix: remove initialization rules for redundant IP reputation variables (901150, 901152) (Andrew Howe) [#2833]
    - fix: initialize all variables used properly (901169) (Ervin Hegedus) [#2802]
    - feat: improve sampling mode efficiency (901410, 901420, 901440) (Paul Beckett) [#2094]
    - fix: replace uses of 'ctl:ruleEngine=Off' with "ctl:ruleRemoveByTag=OWASP_CRS" to accomodate more than one ruleset (901450, 905100, 905110) (Jozef Sudolský) [#2156]
    - feat: remove old, commented-out IP reputation check rule (910110 PL1) (Paul Beckett) [#2148]
    - feat: detect 'burpcollaborator' scanner (913100 PL1) (Amir Hosein Aliakbarian) [#2152]
    - feat: detect 'httpx' scanner (913100 PL1) (Will Woodson) [#2045]
    - feat: detect 'LeakIX' scanner (913100 PL1) (Jozef Sudolský) [#1961]
    - feat: detect 'QQGameHall' malware (913100 PL1) (Walter Hop) [#2144]
    - feat: detect User-Agent of Tsunami Security Scanner (913100 PL1) (@hoexter) [#3480]
    - fix: avoid FP for YAM package manager (913100 PL1) (Jozef Sudolský) [#2022]
    - fix: move 'ecairn' from scanners to crawlers (913100 PL1) (Felipe Zipitría) [#2408]
    - feat: detect 'CensysInspect' and seoscanners.net crawlers (913102 PL2) (Andrew Howe) [#2155]
    - feat: detect 'ecairn' crawler (913102 PL2) (Jozef Sudolský) [#2024]
    - feat: detect 'Krzana' bot (913102 PL2) (Deepshikha Sinha) [#2432]
    - fix: remove rule to detect security scanner http headers (913110 PL1) (Christian Folini) [#3241]
    - feat: remove ineffective anti-scanner list scanners-urls.data and associated rule (913120 PL1) (Christian Folini) [#3235]
    - fix: correct the regular expression assembly (920120 PL1) (Max Leske) [#2333]
    - feat: increase rule score from warning to critial (920220 PL1) (Max Leske) [#3512]
    - fix: reduce FPs by handling the last path segment separately in new rule (920220 PL1, 920221 PL1) (Max Leske) [#3512]
    - fix: reduce FPs by matching on decoded variables (920220 PL1) (Max Leske) [#3512]
    - feat: prevent FPs by moving rule to higher PL (920240 PL2) (Max Leske) [#3506]
    - feat: valiadate 'SEC-CH-UA' and 'SEC-CH-UA-MOBILE' request headers (920274 PL4) (Chaim Sanders) [#1970]
    - fix: use the right kind of validation for 'Sec-CH-UA' and 'Sec-CH-UA-Mobile' request headers (920274 PL4, 920275 PL4) (somechris) [#2028]
    - fix: make validatioin of 'Sec-Fetch-User' header more strict (920275 PL4) (somechris) [#2020]
    - feat: move rule from PL2 to PL3 (920300 PL3) (Franziska Bühler) [#2013]
    - fix: amend rule to exclude CONNECT requests from requiring an Accept header (920300 PL3) (Andrew Howe) [#2297]
    - feat: add IPv6 to the 'Host header is a numeric IP address' check (920350 PL1) (itsTheFae, Ervin Hegedus, Jozef Sudolský) [#1929]
    - fix: avoid FP on '.axd' in restricted extensions, these are public (920440 PL1) (Jozef Sudolský) [#1925]
    - feat: rework restricted headers mechanism into two separate lists (920450 PL1, 920451 PL2) (Andrew Howe) [#3152]
    - fix: avoid FP in 'application/*+json' Content-Type (920470 PL1) (Mirko Dziadzka, Walter Hop) [#2455]
    - fix: avoid FP in CalDAV Content-Type (920470 PL1) (Vandan Rohatgi) [#2505]
    - fix: avoid FP in 'Content-Type' header with '#' character (920470 PL1) (Jozef Sudolský) [#1856]
    - fix: avoid FP on 'version' string in Content-Type header (920470 PL1) (Jozef Sudolský) [#1901]
    - fix: resolve false negative when matching against allowed charsets variable (920480 PL1) (katef, Federico G. Schwindt) [#1957]
    - fix: replace unnecessary capture groups in regular expressions with non-capturing groups (920510 PL3, 932200 PL2, 942510 PL2, 942511 PL3) (Federico G. Schwindt) [#1983]
    - feat: improve explanatory rule comments (920520 PL1) (Max Leske) [#2391]
    - feat: validate 'Accept-Encoding' header (920520 PL1, 920521 PL3) (Franziska Bühler) [#2357]
    - feat: new rule detect multiple occurrences of charset keyword in content type header (920530 PL1) (Jan Gora / terjanq) [#2571]
    - feat: new rule to detect Unicode character bypass check for non JSON requests (920540 PL1) (Franziska Bühler, 0SPwn) [#2512]
    - feat: new rule to detect # char in URIs (920610 PL1) (Karel Knibbe) [#2919]
    - fix: use correct anomaly scoring variables and paranoia level tags across several rules (921170 PL1, 921220 PL4, 932220 PL2, 932331 PL3, 933211 PL3, 934101 PL1, 942362 PL2, 951100) (Christoph Hansen) [#2931]
    - feat: new rules to detect HTTP parameter pollution bypasses (921210 PL3, 921220 PL4) (Christian Folini) [#2747]
    - fix: use correct anomaly scoring variables and paranoia level tags across several rules (921220 PL4, 932101 PL2, 932331 PL3, 933211 PL3, 942362 PL2) (Ervin Hegedus) [#2832]
    - feat: new rule to detect range header that is now forbidden on PL3 and up (921230 PL3) (Christian Folini) [#2760]
    - feat: new rule to detect mod_proxy attack (CVE-2021-40438) (921240 PL1) (Franziska Bühler) [#2818]
    - fix: add urlDecodeUni transformation rules with REQUEST_URI / REQUEST_BASENAME in phase 1 (921240 PL1, 920440 PL1, 920201 PL2, 920202 PL4) (Christian Folini) [#3411]
    - feat: new rules to detecting ModSecurity body processor confusion using the Content-Type HTTP header (921421 PL1, 921422 PL2) (Simon Studer, Ervin Hegedus) [#2763]
    - fix: handle false positives when detecting ModSecurity body processor confusion (921422 PL2) (Ervin Hegedus) [#2784]
    - feat: new rules detecting attacks on multipart headers (922100 PL1, 922110 PL1, 922120 PL1) (Felipe Zipitría) [#2769]
    - fix: prevent unintended match of character set substrings in multipart/form-data requests (922100 PL1) (Jozef Sudolský) [#3470]
    - feat: remove redundant t:lowercase for a little performance (922110 PL1) (Jozef Sudolský) [#3469]
    - fix: remove possessive quantifiers (922110 PL1) (Felipe Zipitría) [#2989]
    - fix: update comments (922110 PL1, 942440 PL2) (Jozef Sudolský) [#3468]
    - fix: add missing quotes at the end of action lists (930050) (Ervin Hegedus) [#2184]
    - feat: disassemble regular expression (930100 PL1) (Andrew Howe) [#2298]
    - fix: detect path traversal in uploaded file names (930100 PL1, 930110 PL1) (k4n5ha0, Franziska Bühler, Felipe Zipitría) [#2451]
    - fix: detect triple dot path traversal (930100 PL1, 930110 PL1) (Franziska Bühler) [#2309, #2310]
    - feat: extended rule to detect Tomcat specific path traversal attack (930110 PL1) (Christoph Hansen) [#2915]
    - fix: avoid FP for '..' without slashes (930110 PL1) (Tetrik, Walter Hop) [#2016]
    - feat: block access to AWS CLI files (930120 PL1, 930121 PL2) (Jozef Sudolský) [#2439]
    - feat: block access to extended list of sensitive files (930120 PL1, 930121 PL2, 930130 PL1) (Jozef Sudolský) [#1960]
    - feat: detect /proc and /sys access attempts (930120 PL1, 930130 PL1) (Andrew Howe) [#2154]
    - feat: extend rule to detect access attempts to /tmp/ (930120 PL1, 930121 PL2) (Max Leske) [#3131]
    - feat: extend rule to detect ECDSA type SSH identity files via list of sensitive *nix files (930120 PL1) (Pinaki Mondal / 0xInfection) [#2586]
    - fix: avoid detecting Google OAuth2 callback requests as malicious (930120 PL1, 930121 PL1) (Jozef Sudolský, Christian Folini) [#1958]
    - feat: extend rule to detect additional sensitive files on *nix systems (930121 PL2, 930130 PL1) (Gwendal Le Coguic / gwen001) [#2560]
    - feat: new rules to detect LFI and SQLi in user-agent and referer request headers (930121 PL2, 942152 PL2, 942321 PL2) (Franziska Bühler, Max Leske, Shivam Bathla) [#3102]
    - fix: extend rule to detect more LFI (930121 PL2) (Felipe Zipitría) [#2791]
    - feat: add BlockCypher.log to restricted-files.data (930130 PL1) (Jozef Sudolský) [#3501]
    - feat: add 'sslvpn_websession' to restricted-files.data (930130 PL1) (Jozef Sudolský) [#2338]
    - feat: add .vscode to restricted-files.data (930130 PL1) (Frederik Himpe) [#3471]
    - feat: extend data file to include additional restricted file names (restricted-files.data, 930130 PL1) (Jitendra Patro) [#3219]
    - feat: extend data file to include PrestaShop configuration file (restricted-files.data, 930130 PL1) (Jean-François Viguier) [#3192]
    - feat: extend rule to detect npm-shrinkwrap.json to restricted-files (930130 PL1) (Esa Jokinen / oh2fih) [#2627]
    - fix: block access to the Java-related WEB-INF directory (930130 PL1) (Jozef Sudolský) [#2092]
    - fix: remove duplicate keyword (930130 PL1) (Jozef Sudolský) [#3517]
    - feat: extend rules to detect additional protocols in RFI attacks (931130 PL2, 934120 PL2) (Karel Knibbe) [#2572]
    - feat: extend rule to detect url:file: schema in Java RFI attacks (931130 PL2) (Andrew Howe) [#2727]
    - fix: add local_file scheme from Python 2 (931130 PL2, 934120 PL2) (Felipe Zipitría) [#2809]
    - fix: close userinfo-based bypass (931130 PL2) (Andrea Menin) [#2479]
    - feat: new rule to detect path traversal attacks using URL encoded URL schemes in Java applications (931131 PL2) (Christoph Hansen) [#2902]
    - feat: extend rule to detect additional *nix shell commands (931160 PL1) (Gwendal Le Coguic / gwen001) [#2563]
    - feat: disassemble complex regexes for 932xxx rules that were subsequently replaced by other rules (Max Leske) [#2566]
    - feat: detect additional Unix RCE commands (932100 PL1, 932105 PL1) (Felipe Zipitría) [#2129]
    - feat: extend rule to detect additional entries to *nix command lists (932100 PL1, 932105 PL1) (Finn Westendorf / wfinn) [#2552]
    - feat: extend rule to detect additional *nix commands (932100 PL1) (Felipe Zipitría) [#2676]
    - feat: improve and extend cmdline processor to find more evasions (932100 PL1, 932105 PL1, 932230 PL1, 932150 PL1, 932175 PL1, 932220 PL2, 932240 PL1, 932106 PL3) (Felipe Zipitría) [#2907]
    - fix: avoid false positive with certain HTML character entities (932100 PL1) (Franziska Bühler) [#1954]
    - feat: move *nix command injection rule 932101, 932106 into the same range as the other *nix command injection rules (932231 PL2, 932232 PL3) (Felipe Zipitría, Max Leske) [#3092]
    - feat: extend rule to detect additional *nix commands (932105 PL1) (Felipe Zipitría) [#2677]
    - feat: extend rule to detect mshta in Windows shell commands (932110 PL1) (Somdev Sangwan / s0md3v) [#2588]
    - feat: new Windows commands rules based on lolbas-project replacing 932110, 932115 (932370 PL1, 932380 PL1) (Felipe Zipitría, Franziska Bühler, Max Leske) [#3059, 3170]
    - fix: avoid false positive on 'sort' (932115 PL1) (Franziska Bühler) [#2012]
    - feat: detect 'Invoke-WebRequest' command (932120 PL1) (Paul Beckett) [#2271]
    - feat: extend rule to detect additional PowerShell cmdlet on Windows (932120 PL1) (Pinaki Mondal / 0xInfection) [#2589]
    - feat: extend rule to detect PowerShell RCEs better via new automation (932120 PL1) (Felipe Zipitría) [#2669]
    - feat: new rule to detect Windows cmdlet aliases (932125 PL1) (Pinaki Mondal / 0xInfection) [#2589]
    - fix: extend rule to detect character class *nix expressions (932130 PL1) (Somdev Sangwan / s0md3v, Walter Hop) [#2594]
    - feat: new rules to detect Log4j / Log4Shell attacks (932131 PL2, 944150 PL1, 944151 PL2, 944152 PL4) (Christian Folini, Max Leske) [#2349]
    - fix: prevent false positives against brackets in User-Agent header (932131 PL2) (Max Leske) [#3486]
    - feat: extend rule to detect busybox, $SHELL, and ${SHELL} in *nix RCE attacks (932150 PL1) (Walter Hop) [#2728]
    - feat: extend rule to detect C99 and printf utilities (932150 PL1) (Karel Knibbe) [#2569]
    - feat: extend rule to detect ksh in *nix RCE attacks (932150 PL1) (Andrew Howe) [#2721]
    - feat: extend rule to detect RCE attacks using compression utilities (932150 PL1) (Andrew Howe) [#2712]
    - feat: extend rule to detect RCEs using Base64 evasions (932150 PL1) (Somdev Sangwan / s0md3v, Andrew Howe) [#2590]
    - feat: extend rule to detect RCEs using evasions quotes with python... commands (932150 PL1) (Somdev Sangwan / s0md3v, Andrew Howe) [#2590]
    - feat: new rule to detect generalised *nix RCE (932150 PL2) (Karel Knibbe) [#2583]
    - feat: replace *nix command injection rules 932150 PL1, 932151 PL1 with new rules for commands of less than 4 characters and commands of more than 4 characters in length respectively (932250 PL1, 932260 PL1) (Felipe Zipitría, Max Leske) [#3092]
    - fix: avoid FP on 'time' and 'ping' keywords (932150 PL1) (Walter Hop) [#2457]
    - feat: extend rule to detect RCE better via automation (932160 PL1) (Felipe Zipitría) [#2662]
    - fix: remove unnecessary prefixes from paths in unix-shell.data (932160 PL1) (Felipe Zipitría) [#2662]
    - feat: extend rule to detect expre in unix-shell list (932161 PL2) (Felipe Zipitría) [#2667]
    - feat: new rules to detect *nix commands in user-agent and referer request headers (932161 PL2, 932237 PL3) (Franziska Bühler, Max Leske, Shivam Bathla) [#3132]
    - feat: new rule detecting alias builtin (932175 PL1) (Felipe Zipitría) [#2796]
    - feat: use new automation to generate restricted-uploads.data from restricted-files.data (932180 PL1) (Max Leske) [#3282]
    - fix: use correct anomaly scoring variable (932180 PL1, 932200 PL2) (Jozef Sudolský) [#2324]
    - feat: detect RCE attempts with uninitialized shell vars (932200 PL2) (Andrea Menin) [#2151]
    - feat: extend rule to detect RCE in user-agent request header (932200 PL2) (Franziska Bühler, Shivam Bathla) [#3108]
    - feat: reduce FPs by removing User-Agent from individual target list (932200 PL2) (Max Leske) [#3489]
    - fix: generate correct log entries when using 'MATCHED_VAR_NAME' in conjunction with chain rules (932200 PL2, 933120 PL1, 933151 PL2) (Jozef Sudolský) [#2347]
    - fix: new rules to handle referer header and fix false positive (932205 PL2, 932206 PL2) (Max Leske) [#3300]
    - feat: extend rule to detect quote evasion (932210 PL2) (Max Leske) [#3120]
    - feat: extend rule to detect sh (932210 PL2) (Franziska Bühler) [#2816]
    - feat: extend rule to detect SQLi via automation of keyword list updates (932210 PL2) (Felipe Zipitría) [#2801]
    - feat: new rule to detect SQLite system command injection (932210 PL2) (flo405, Andrea Menin, Christian Folini) [#2032]
    - fix: add word boundaries for sh in RCE rules (932230 PL1, 932250 PL1) (Max Leske) [#3186]
    - fix: avoid FPs in RCE detections against words 'environment' and 'performance' (932230 PL1, 932235 PL1, 932260 PL1, 932236 PL2, 932237 PL3, 932239 PL2) (Esad Cetiner) [#3477]
    - fix: handle false positive against sh in *nix command injection attacks (932230 PL1, 932250 PL1, 932236 PL2) (Max Leske) [#3186]
    - feat: add unix commands pyversions and py3versions (932235 PL1, 932260 PL1, 932236 PL2, 932237 PL3, 932239 PL2) (Jitendra Patro) [#3465]
    - feat: replace *-with-params.ra files with suffix replacements (932235 PL1, 932236 PL2, 932239 PL2, 932237 PL3) (Max Leske) [#3331]
    - fix: prevent FP on keywords 'more' and 'time' in Unix RCE (932235 PL1) (Franziska Bühler) [#3488]
    - fix: reduce FPs at the start of strings by excluding 'as' and 'at' (932236 PL2) (Franziska Bühler, Max Leske, Andrew Howe) [#3531
    - fix: prevent FPs against names due to "axel" and "perl" (932235 PL1, 932260 PL1, 932236 PL2, 932239 PL2, 932237 PL3) (@superlgn) [#3492]
    - fix: add whitespace after keywords mail and task to solve false positives (932236 PL2) (Franziska Bühler) [#3274]
    - fix: align unix-shell-upto3* files (932236 PL2) (Max Leske) [#3128]
    - fix: handle false positives with word "settings" (932236 PL2, 932237 PL3, 932239 PL2) (Esad Cetiner) [#3394]
    - fix: prevent FP on keywords more and time in Unix RCE (932236 PL2) (Franziska Bühler) [#3487]
    - fix: solved false positives with creation of word boundaries for commonly used words used in *nix RCE rules (932236 PL2) (Max Leske) [#3187]
    - fix: use correct anomaly scoring variable (932236 PL2) (Ervin Hegedus) [#3112]
    - fix: improve rule by matching non-word-boundary of commands with options (932237 PL3) (Max Leske) [#3425]
    - feat: new rule to detect *nix commands in user-agent and referer request headers (932239 PL2) (Franziska Bühler, Shivam Bathla) [#3104, #3318]
    - fix: reduce FPs in generic quote evasion detection (932240 PL2) (Max Leske) [#3494]
    - fix: remove ARGS_NAME from target variables in (932240 PL2) (Andrea Menin) [#2960]
    - fix: use correct anomaly scoring variables and paranoia level tags across for rule (932240 PL2) (Ervin Hegedus) [#2963]
    - fix: false positives by requiring specific tokens to follow commands (932250 PL1) (Max Leske) [#3186]
    - fix: Added missing target name to logdata (932260 PL1, 932240 PL2) (Ervin Hegedus) [#3409]
    - fix: remove chained rule (932260 PL1) (Max Leske) [#3521]
    - feat: new rules to detect email protocol attacks (932300 PL2, 932310 PL2, 932320 PL2) (Felipe Zipitría) [#2322]
    - fix: remove additional range expression that cause parsing errors for RE2 (932311 PL3) (Felipe Zipitría) [#2484]
    - feat: new rules to detect detecting *nix shell history invocations (932330 PL1, 932331 PL3) (Karel Knibbe) [#2577]
    - fix: remove 'time' prefix from Windows RCE detection (932370 PL1, 932380 PL1) (Max Leske) [#3528]
    - feat: extend rule to detect additional file extensions via list of executable PHP files (933110) (Jan Gora / terjanq) [#2585]
    - feat: extend data file to add missing PHP config directives (php-config-directives.data, 933120 PL1) (Max Leske) [#3028]
    - feat: extend rule to detect additional sensitive PHP directives (933120 PL1) (Gwendal Le Coguic / gwen001) [#2561]
    - feat: extend rule to detect PHP config directives via automation of keyword list updates (933120 PL1) (Felipe Zipitría) [#2696]
    - feat: extend rule to detect sensitive PHP variables better (933130 PL1) (Felipe Zipitría) [#2668]
    - tests: clean test definitions and provide proper descriptions (933150 PL1, 933160 PL1) (Andrea Menin, Matteo Pace, Max Leske) [#3462]
    - feat: extend data file to include additional php function names (php-function-names-933151.data, 933151 PL2) (Jitendra Patro) [#3212]
    - feat: automate generation of PHP function dictionaries, revisited detection (933160 PL1, 933161 PL3, 933150 PL1, 933151 PL2) (Juan-Pablo Tosso, Christian Folini, Matteo Pace) [#3273]
    - feat: extend rule to detect document.domain XSS (933160 PL1, 941180 PL1) (Franziska Bühler, 0SPwn) [#2567]
    - feat: extend rule to detect evasions in PHP contexts with " (933160 PL1) (Somdev Sangwan / s0md3v) [#2596]
    - feat: rearrange keywords (933160 PL1, 941390 PL1) (Karel Knibbe) [#2905]
    - fix: handle false positive by fixing whitespace matching after PHP command (933160 PL1) (Max Leske) [#3432]
    - fix: solve ReDoS issue in rule (933161 PL3) (Andrea Menin) [#2302]
    - feat: extend rule to detect bzip2 wrapper in PHP injection attacks (933200 PL1) (Andrew Howe) [#2723]
    - feat: extend rule to detect ssh2.\* wrappers in PHP injection attacks (933200 PL1) (Andrew Howe) [#2731]
    - fix: avoid false positive when cookie contains slash (933210 PL1) (Ervin Hegedus) [#1996]
    - fix: close PHP whitespace bypass (933210 PL1) (Walter Hop) [#2033]
    - fix: prevent excessive backtracking (933210 PL1) (Andrea Menin) [#2214]
    - feat: new rule to detect PHP injection attacks without terminating semi-colon (933211 PL3) (Karel Knibbe) [#2581]
    - feat: extended rule to detect Node.js injection attacks using require and child_process (934100 PL1, 932101 PL2) (Andrea Menin) [#2893]
    - feat: extend rule to detect Node.js RCE better (934100 PL1) (rektor0) [#2578]
    - feat: improve transformation pipeline to detect Base64-encoded evasions (934100 PL1) (Andrew Howe) [#3203]
    - feat: new rule to detect Node.js RCE detection (934101 PL2) (rektor0) [#2578]
    - fix: improve js rule transformation pipelines (934101 PL1, 934130 PL1, 934169 PL1, 934131 PL2) (Andrew Howe) [#3312]
    - feat: extend data file to include additional indicators (ssrf.data, 934110 PL1) (Jitendra Patro) [#3213]
    - feat: extend rule to detect SSRF better (934110 PL1) (Felipe Zipitría) [#2660]
    - feat: new rules to detect common IP-based SSRF targets (934110 PL1, 934120 PL2) (Felipe Zipitría) [#2259]
    - feat: extend rule to detect additional schema and IP evasion techniques in SSRF (934120 PL2) (Felipe Zipitría, Max Leske) [#2599]
    - feat: extend rule to detect octal address of AWS metadata endpoints (934120 PL2) (Karel Knibbe) [#2555]
    - feat: extend rule to detect SSRF better by inspecting targets beyond just ARGS (934120 PL2) (Karel Knibbe) [#2555]
    - feat: new rules to detect JavaScript prototype pollution (934130 PL1, 934131 PL2) (Walter Hop) [#2411]
    - fix: remove base64 transformation due to limited effectiveness and to align behavior across ModSecurity v2.x and libModSecurity v3.x engines (934130 PL1) (Andrea Menin) [#3378]
    - fix: remove overly specific rule with limited benefits and lack of cross-engine compatibility (934131 PL2) (Andrea Menin) [#3378]
    - feat: new rules to detect detection of Perl and Ruby RCE signatures in a generic way (934140 PL2, 934150 PL1) (Karel Knibbe) [#2587]
    - feat: new rule to detect Node DoS attack via expressions resolving to true (934160 PL1) (Karel Knibbe) [#2917]
    - feat: new rule for PHP supporting data: scheme without using // before the content-type (934170 PL1) (Felipe Zipitría) [#3018]
    - feat: extend rules to detect path based XSS via new target REQUEST_FILENAME in 941xxx rules (Walter Hop) [#2894]
    - feat: run libinjection XSS detector on request filename in PL2 (941101 PL2) (Andrew Howe) [#2208]
    - feat: move rule from PL1 to PL2 (941120 PL2) (Christian Folini) [#2306]
    - fix: avoid false positive by adding character limit (941120 PL2) (Christian Folini) [#1872]
    - fix: avoid FP in Base64 content (941120 PL1) (Jozef Sudolský) [#2226]
    - fix: remove unnecessary character escape (941120 PL2) (Andrew Howe) [#2805]
    - fix: avoid FP in XMLNLS (941130 PL1) (Walter Hop) [#2192]
    - fix: solve ReDoS issue in rule (941140 PL1) (Andrea Menin) [#2050]
    - feat: detect 'dialog' tag in XSS no-script payloads (941160 PL1) (Jitendra Patro) [#3473]
    - feat: disassemble complex regex fully (941160 PL1) (Felipe Zipitría) [#2701]
    - fix: make regular expression more restrictive (941170 PL1) (Andrea Menin) [#2292]
    - fix: new rule at PL2 to move the detection of '-->' out of PL1 due to false positives (941181 PL2) (Paul Beckett) [#2082]
    - feat: disassemble complex regex (941210 PL1) (Felipe Zipitría) [#3262]
    - feat: extend rule to detect XSS evasions using carriage return (\r) and new line (\n) characters (941210 PL1) (oct0pus7) [#2576]
    - feat: disassemble complex regex (941220 PL1) (Felipe Zipitría) [#3263]
    - fix: correct numerical values used for HTML entity evasion detection (941220 PL1) (Jitendra Patro) [#3479]
    - fix: avoid false positive with Russian characters (941310 PL1) (Max Leske) [#2107]
    - feat: improve detection by adding missing javascript prompt and confirm methods (941390 PL1) (Jitendra Patro) [#3395]
    - feat: new rule to detect JavaScript methods (941390 PL1) (Franziska Bühler) [#2702]
    - feat: extend rule and moved rule from PL3 to PL2 (942101 PL2) (Matteo Pace) [#2922]
    - feat: extended rule to detect common SQL injection probing in path segments (942110 PL2) (Andrea Menin) [#2914]
    - feat: prevent FPs by removing rule (942110 PL2) (Max Leske) [#3505]
    - feat: add target REQUEST_FILENAME to rule to detect path-based SQLi attacks (942120 PL2) (Andrew Howe) [#3057]
    - feat: extend rule to detect use of collate in SQLite injection attacks (942120 PL2) (Jan Gora / terjanq) [#2584]
    - fix: extend rule to detect more SQLi (942120 PL2) (Karel Knibbe) [#2556]
    - fix: resolve issue with regular expression and improve SQLi detection by detecting 'not between' (942120 PL2) (NiceYouKnow, Max Leske, Franziska Bühler) [#2115]
    - fix: update SQL reserved words (942120 PL2) (Felipe Zipitría) [#2798]
    - feat: extend rule to detect glob in list of SQLi tautologies (942130 PL2) (Franziska Bühler) [#2729]
    - fix: remove unneeded TX variables (942130 PL2, 942131 PL2, 942521 PL3) (Andrea Menin) [#3293]
    - feat: detect more error-based SQL injections (942150 PL2, 951230 PL1) (Jozef Sudolský) [#2429]
    - feat: extend rule to detect more SQL function names (942150 PL2) (Karel Knibbe) [#2895]
    - feat: extend rules to detect more SQL error messages and functions (942151 PL1, 942152 PL1, 951220 PL1, 951230 PL1, 951240 PL1) (Jitendra Patros) [#3336]
    - feat: extend rule to detect additional SQL function signatures (942151 PL1) (Karel Knibbe) [#2570]
    - feat: extend rule to detect endswith, startswith, unistr, pg_client_encoding and various JSON SQL functions (942151 PL1) (Franziska Bühler) [#2874]
    - feat: extend rule to detect various JSON functions (942151 PL1) (Franziska Bühler) [#3041]
    - fix: avoid FP in SQL function names by splitting between PL1/PL2 (942151 PL1, 942150 PL2) (Jozef Sudolský) [#2480]
    - feat: extend rule to detect sql_compileoption_get in SQLite injection attacks (942152 PL1) (Andrew Howe) [#2718]
    - fix: extend blind SQLi detection (942160 PL1) (Franziska Bühler, Christian Folini) [#1956]
    - feat: new regex-assembly file for rule (942170 PL1) (Andrea Menin) [#2939]
    - feat: extend rule to detect SQL injection authentication bypasses (942180 PL2) (rekter0) [#2575]
    - feat: improve SQLi detection with spaces (942190 PL1, 942390 PL2) (Manuel Spartan, Max Leske) [#2436]
    - fix: avoid FP in SQLi by adding word boundary checks (942190 PL1) (Jozef Sudolský) [#2078]
    - fix: avoid FP in SQLi with keyword 'union' (942190 PL1) (Franziska Bühler) [#2058]
    - fix: prevent comment-based SQL evasion (942190 PL1) (Andrea Menin) [#1910]
    - fix: resolve bug in regular expression and add test case (942190 PL1) (NiceYouKnow, Max Leske, Franziska Bühler) [#2112]
    - feat: disassemble complex regex (942200 PL2) (Franziska Bühler, Max Leske) [#2932]
    - feat: extend rule to detect SQLi in user-agent and referer request headers (942200 PL2, 942370 PL2) (Franziska Bühler, Shivam Bathla) [#3106]
    - feat: improve regex-assembly file for rule (942210 PL2) (Andrew Howe) [#2945]
    - fix: detect the correct magic numbers that crash old PHP versions (942220 PL1) (Kyzentun, Walter Hop) [#2010]
    - fix: avoid false positive with 'case' (942230 PL1) (Franziska Bühler) [#2035]
    - fix: detect SQL false negative (942230 PL1) (Max Leske) [#2348]
    - feat: disassemble complex regex (942240 PL1) (Franziska Bühler, Max Leske) [#2938]
    - fix: avoid FP in 'having' SQLi (942251 PL3) (Felipe Zipitría) [#2248]
    - feat: new regex-assembly file for rule (942280 PL1) (Andrea Menin) [#2933]
    - feat: extend rule to detect additional MongoDB operators via NoSQL commands list (942290 PL1) (rekter0) [#2579]
    - feat: new regex-assembly file for rule (942290 PL1) (Andrea Menin) [#2942]
    - feat: improve regex-assembly format (942300 PL2) (Felipe Zipitría) [#3296]
    - fix: avoid false positive by adding word boundary checks (942300 PL2) (Franziska Bühler) [#2099]
    - fix: remove unnecessary part of regular expression (942310 PL2) (NiceYouKnow) [#2189]
    - feat: extend rule to detect ::int and ::bool SQL data conversions (942320 PL1) (Franziska Bühler) [#2872]
    - feat: extend rule to detect lo_get and ::text via PostgreSQL functions list (942320 PL2) (Franziska Bühler, Walter Hop, Shivam Bathla) [#2925]
    - feat: extend rule to detect lo_import and div via PostgreSQL functions list (942320 PL2) (Franziska Bühler, Shivam Bathla) [#2916]
    - feat: extend rule to detect more PostgreSQL data types (942320 PL2) (Franziska Bühler, Shivam Bathla) [#3019]
    - fix: add word boundaries to keywords to solve false positives (942330 PL2) (Franziska Bühler) [#3207]
    - feat: extend rule to detect SQL injection better (942340 PL2) (Karel Knibbe) [#2557]
    - fix: extend rule to detect more SQLi (942340 PL2) (Jan Gora / terjanq) [#2559]
    - feat: detect SQLi using the 'drop' keyword (942350 PL1, 942360 PL1, 942200 PL2, 942362 PL2) (Jozef Sudolský) [#2218]
    - fix: solve ReDoS issue in rule (942350 PL1) (Andrea Menin) [#2300]
    - feat: new regex-assembly file for rule (942370 PL2) (Christoph Hansen, Max Leske) [#2954]
    - feat: detect SQLi with 'if exists' (942380 PL2) (NiceYouKnow) [#2121]
    - feat: optimize regex (942400 PL2) (Jozef Sudolský) [#2323]
    - feat: disassemble complex chained regex (942440 PL2) (Felipe Zipitría) [#3295]
    - feat: optimize regex (942440 PL2) (Felipe Zipitría) [#2459]
    - fix: adapt rule to work in all ModSecurity versions (942440 PL2) (Andrew Howe) [#2201]
    - fix: avoid FP in JWT tokens (942440 PL2) (Andrea Menin) [#2460]
    - fix: reformat rules to follow project guidelines (942440 PL2, 949959, 949159, 959059, 959159) (Ervin Hegedus) [#3206]
    - fix: solve errors in regex pattern (942440 PL2) (Andrea Menin) [#3290]
    - fix: prevent FPs for click identifiers in query string by placing arg specific rule exclusions in rule set (942441, 942442) (Max Leske) [#3500]
    - feat: extend rules to detect current_user and overlay (942470 PL1, 942480 PL2) (Franziska Bühler) [#2875]
    - feat: extended rule to detect detect SQL injection attacks using headers (942480 PL2) (Paul Beckett) [#2911]
    - feat: extend rule to detect newlines in overlay (942480 PL2) (Franziska Bühler, Shivam Bathla) [#3040]
    - fix: detect MySQL optimizer hints (942500 PL1) (Max Leske) [#3431]
    - feat: new rules to detect SQL authentication bypasses (942520 PL2, 942521 PL2, 942522 PL2) (Jan Gora / terjanq) [#2603]
    - feat: extend rule to detect SQLi in user-agent and referer request headers (942521 PL2) (Franziska Bühler, Shivam Bathla) [#3107]
    - fix: replace 'MATCHED_VAR' in 'logdata' argument with stable variable (942521 PL2, 943110 PL1, 943120 PL1) (Ervin Hegedus) [#3543]
    - feat: new rule to detect '; in SQLi (942530 PL3) (Franziska Bühler) [#2808]
    - feat: new rule to detect authentication bypass via SQL injection that abuses semi-colons to end the SQL query (942540 PL1) (Karel Knibbe) [#2904]
    - fix: update scoring variable (942540 PL2) (Walter Hop) [#2970]
    - feat: new rule to detect MySQL scientific notation attacks (942560 PL1) (Jitendra Patro) [#3316]
    - fix: remove unnessecary 'lowercase' transformation from chain rule (944120 PL1) (Federico G. Schwindt) [#1852]
    - feat: extend rule to detect JAVA exploits better via java-classes.data file (944130 PL1) (Dennis Brown) [#3048]
    - feat: new rule to deny uploading .jsp and .jspx files (944140 PL1) (Walter Hop) [#2456]
    - feat: new rule to detect Spring4Shell (944260 PL2) (Christian Folini, Andrea Menin) [#2464]
    - fix: update administrative rule ids for consistent operation (950011, 950012, 950018) (Ervin Hegedus) [#3339]
    - feat: improve rule file 951xxx via the use of skipAfter instead of variable TX:sql_error_match (Jozef Sudolský) [#2754]
    - feat: extend data file to include additional SQL error messages (sql-errors.data, 951100 PL1) (Jitendra Patro) [#3214]
    - fix: avoid FP in MySQL data leakage rule (951230 PL1) (Jozef Sudolský) [#2490]
    - fix: avoid FP in PostgreSQL error messages (951240 PL1) (Jozef Sudolský, Franziska Bühler) [#1870, #2313]
    - fix: handle false positive in SQL error leakage detection (951240 PL1) (Jozef Sudolský) [#3169]
    - fix: avoid FP in Sybase error message (951260 PL1) (Jozef Sudolský) [#2307]
    - feat: extend rule to detect PHP errors better via new automation (953100 PL1) (Felipe Zipitría) [#2663]
    - feat: new rules to detect PHP error leakages with high false positive rates at paranoia level 2 instead of 1 (953100 PL1, 953101 PL2) (Andrea Menin) [#3119]
    - fix: solve false positive by shifting "Field cannot be empty" to PL2 (953100 PL1, 953101 PL2) (Esad Cetiner) [#3407]
    - fix: ignore case of PHP tag in response text (953210 PL1) (Felipe Zipitría) [#2664]
    - feat: extend rule to detect IIS errors via automation of pattern updates (954120 PL1) (Felipe Zipitría) [#2810]
    - fix: log response body to audit log only when full rule chain matches (954130 PL1) (Franziska Bühler) [#2202]
    - feat: added new webshells and tests (955100 PL1) (Jozef Sudolský) [#3405]
    - feat: extend data file to include additional web shells (web-shells-php.data, 955100 PL1) (Jitendra Patro) [#3215]
    - feat: extend data file to include additional web shells (web-shells-php.data, 955100 PL1) (Jozef Sudolský) [#2687]
    - fix: make regular expression more strict to reduce noise in logs (955120 PL1) (Jozef Sudolský) [#2315]
    - fix: use correct variable in chained condition for correlation rules (980120 PL0, 980150 PL0) (Simon Studer) [#1898]
    * Functionality that has been moved to plugins for this release
    - feat: add Google OAuth 2 exclusion plugin (Jozef Sudolský) [#2388]
    - feat: add phpBB exclusion rules (now a plugin) (Jozef Sudolský) [#1893]
    - feat: add phpMyAdmin exclusion rules (now a plugin) (Jozef Sudolský) [#1951]
    - feat: move IP reputation rules to plugins (Simon Studer) [#2482]
    - feat: move exclusion profiles and DOS rules to plugins (Andrew Howe) [#2469]
    - feat: ownCloud: Fix rule 9003001 to match both DAV and WebDAV (now a plugin) (Abu Dawud) [#2130]
    - fix: nextcloud: fix FPs (now a plugin) (kam821, Jozef Sudolský, ntimo, Felipe Zipitría, pyllyukko) [#1840, #1843, #1847, #1946]
    - fix: phpBB: Fix FPs (now a plugin) (Jozef Sudolský) [#2057, #2180, #2299, #2343]
    - fix: phpMyAdmin: Fix FPs (now a plugin) (Jozef Sudolský) [#2172, #2249, #2321, #2351]
    - fix: replace ARGS by ARGS_GET in rules in phase:1 (various rule exclusion rules) (Ervin Hegedus) [#2063]
    - fix: wordPress: fix FPs (now a plugin) (Jozef Sudolský) [#1899, #1971, #2320]
    - fix: wordPress: fix FPs and improve performance (now a plugin) (Walter Hop) [#1997, #2311]
    - fix: wordPress: fix FPs in Site Health page (now a plugin) (Robert de Boer, Fregf, Walter Hop) [#1895, #1920]
    - fix: xenForo: fix FPs (now a plugin) (Walter Hop, ThanhPT) [#1844, #1865, #1894, #1998, #2421]
  - Version 3.3.6
    * Important changes:
    - fix: prevent using backslash in file names (v3) by @fzipi in #3800
    - feat: add new rule to catch invalid character in multipart headers (v3) by @airween (ported by @fzipi) in #3797
* Fri Sep 01 2023 Robert Frohl <rfrohl@suse.com>
  - use upstream archive for building the package, the base folder name in the
    archive changed
* Wed Aug 16 2023 Alessandro de Oliveira Faria <cabelo@opensuse.org>
  - Version 3.3.5.
    * This is the OWASP ModSecurity Core Rule Set version 3.3.5.
    * Important changes:
    - Backport fix for CVE-2023-38199 from CRS v4 via new rule 920620 (Andrea Menin, Felipe Zipitría)
    * Fixes:
    - Fix paranoia level-related scoring issue in rule 921422 (Walter Hop)
    - Move auditLogParts actions to the end of chained rules where used (Ervin Hegedus)
    * Chore:
    - Clean up redundant paranoia level tags (Ervin Hegedus)
    - Clean up YAML test files to support go-ftw testing framework (Felipe Zipitría)
    - Move testing framework from ftw to go-ftw (Felipe Zipitría)
* Fri May 19 2023 Alessandro de Oliveira Faria <cabelo@opensuse.org>
  - Version 3.3.4.
    * Important Notice: From CRS 3.2.2, 3.3.3 and up, ModSecurity 2.9.6 or 3.0.8 (or versions with backported patches) are required due to the addition of new protections. We recommend upgrading your ModSecurity as soon as possible. If your ModSecurity is too old, your webserver will refuse to start with an Unknown variable: &MULTIPART_PART_HEADERS error. If you are in trouble, you can temporarily delete file rules/REQUEST-922-MULTIPART-ATTACK.conf as a workaround and get your server up, however, you will be missing some protections. Therefore we recommend to upgrade ModSecurity before deploying this release.
* Tue Dec 01 2020 pgajdos@suse.com
  - use system apache rpm macros
* Mon Jul 24 2017 bwiedemann@suse.com
  - sort conf file entries to fix build-compare (boo#1041090)
* Sun Mar 08 2015 p.drouand@gmail.com
  - Update to version 2.2.9
    * Updated the /util directory structure
    * fix 950901 - word boundary added
    * modsecurity_35_bad_robots.data - gecko/25 blocks Firefox Android
    https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/157
  - Fix SuSE > SUSE spelling
  - Use download Url as source
  - Do not explicitely depend on apache2; apache2-mod_security2
    depends on it
  - Remove redundant %clean section
  - Do not copy INSTALL file into the package
  - ChangeLog has been replaced with CHANGES in upstream
* Wed Sep 19 2012 Thomas.Worm@DATEV.de
  - Raised version to 2.2.6.
    * Resolves bnc#779076
    * Resolves CORERULES-87
* Thu Sep 06 2012 Thomas.Worm@DATEV.de
  - Package modification for factory submission:
    * Changed services to localonly mode
    * Added copyright information to spec file

Files

/usr/share/doc/packages/owasp-modsecurity-crs
/usr/share/doc/packages/owasp-modsecurity-crs/CHANGES.md
/usr/share/doc/packages/owasp-modsecurity-crs/CONTRIBUTING.md
/usr/share/doc/packages/owasp-modsecurity-crs/KNOWN_BUGS.md
/usr/share/doc/packages/owasp-modsecurity-crs/README.SUSE
/usr/share/doc/packages/owasp-modsecurity-crs/README.md
/usr/share/doc/packages/owasp-modsecurity-crs/SECURITY.md
/usr/share/doc/packages/owasp-modsecurity-crs/SPONSORS.md
/usr/share/licenses/owasp-modsecurity-crs
/usr/share/licenses/owasp-modsecurity-crs/LICENSE
/usr/share/owasp-modsecurity-crs
/usr/share/owasp-modsecurity-crs/rules
/usr/share/owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
/usr/share/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf
/usr/share/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-955-WEB-SHELLS.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
/usr/share/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
/usr/share/owasp-modsecurity-crs/rules/iis-errors.data
/usr/share/owasp-modsecurity-crs/rules/java-classes.data
/usr/share/owasp-modsecurity-crs/rules/java-code-leakages.data
/usr/share/owasp-modsecurity-crs/rules/java-errors.data
/usr/share/owasp-modsecurity-crs/rules/lfi-os-files.data
/usr/share/owasp-modsecurity-crs/rules/php-config-directives.data
/usr/share/owasp-modsecurity-crs/rules/php-errors-pl2.data
/usr/share/owasp-modsecurity-crs/rules/php-errors.data
/usr/share/owasp-modsecurity-crs/rules/php-function-names-933150.data
/usr/share/owasp-modsecurity-crs/rules/php-function-names-933151.data
/usr/share/owasp-modsecurity-crs/rules/php-variables.data
/usr/share/owasp-modsecurity-crs/rules/restricted-files.data
/usr/share/owasp-modsecurity-crs/rules/restricted-upload.data
/usr/share/owasp-modsecurity-crs/rules/scanners-user-agents.data
/usr/share/owasp-modsecurity-crs/rules/sql-errors.data
/usr/share/owasp-modsecurity-crs/rules/ssrf.data
/usr/share/owasp-modsecurity-crs/rules/unix-shell.data
/usr/share/owasp-modsecurity-crs/rules/web-shells-php.data
/usr/share/owasp-modsecurity-crs/rules/windows-powershell-commands.data

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Feb 1 23:58:14 2025