Blog

CRS Performance Framework – A GSoC 2023 Project

This year, the OWASP ModSecurity Core Rule Set for the second time took part in the Google Summer of Code initiative. Google Summer of Code (GSoC) is a global online program focused on bringing new contributors into open-source software development. GSoC contributors work with an open-source organization of their choice on a 12+ week programming …

CRS Performance Framework – A GSoC 2023 Project Read More »

libmodsecurity3 CVE-2023-38285 affecting CRS users

Many CRS users have probably read Trustwave's recent announcement about the new version of libmodsecurity3 (aka ModSecurity v3) and the reason for the release: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ The new version of the WAF library fixes a CVE described issue, namely: "DoS Vulnerability in Four Transformations". We would like to draw the attention of all CRS users who …

libmodsecurity3 CVE-2023-38285 affecting CRS users Read More »

CRS version 3.3.5 released

The OWASP ModSecurity Core Rule Set (CRS) team is pleased to announce the release of CRS v3.3.5. For downloads and installation instructions, please refer to the Installation page. This is a security release which fixes the recently announced CVE-2023-38199, whereby it is possible to cause an impedance mismatch on some platforms running CRS v3.3.4 and …

CRS version 3.3.5 released Read More »

What we learnt from our bug bounty program: It’s not for the faint of heart

OWASP CRS is the dominant open source web application firewall (WAF) rule set that powers countless servers, commercial WAFs and runs on many CDNs and cloud platforms.  Yahoo and Intigriti helped OWASP CRS organize a three week bug bounty program in Spring 2022. A well prepared earlier attempt had not given any results, literally zero …

What we learnt from our bug bounty program: It’s not for the faint of heart Read More »

CRS Welcomes Edgio as Gold Sponsor

We're excited to announce a new partnership with Edgio, a leading provider of edge security solutions, that was formed by the combination of Limelight and Edgecast. Edgio is a trusted partner for organizations looking to protect their digital assets. Its holistic suite of security solutions protects the confidentiality, integrity and availability of web applications and …

CRS Welcomes Edgio as Gold Sponsor Read More »