Blog

Meet the CRS team: Fränzi, the puzzle-loving hard worker with a mission

Franziska Bühler doesn't feel too comfortable in the limelight. The CISO of a Swiss mid-sized IT company rather likes to work through lists of hundreds of bypasses than being at the forefront. Talking to her, it gets clear quickly: Fränzi loves a challenge. “Once I set my mind to something, I follow through,” she says. …

Meet the CRS team: Fränzi, the puzzle-loving hard worker with a mission Read More »

Save the Date: CRS Community Summit on February 14, 2023

Let the CRS project be your Valentine: The OWASP ModSecurity Core Rule Set project will hold the first post-pandemic Community Summit at the Dublin Convention Center in Ireland on Tuesday, February 14, 2023. We invite the whole CRS community, users, developers, integrators, and sponsorsto meet with us for an exchange of thoughts, technical talks, and networking. After the …

Save the Date: CRS Community Summit on February 14, 2023 Read More »

Bug Bounty Switzerland supports CRS as Silver sponsor

The OWASP ModSecurity Core Rule Set (CRS) project is proud to announce a new sponsoring partner: Bug Bounty Switzerland – a startup that has pioneered the collaboration with ethical hackers in Switzerland and today is Switzerland’s leading provider of bug bounty programs and public trust initiatives. Since 2022, they are the strategic partner of the National Cyber …

Bug Bounty Switzerland supports CRS as Silver sponsor Read More »

Meet the CRS team: Ervin, the gardening radio amateur in the background

Astronaut? Garbage truck driver? Electrical engineer? Metalsmith? In the end, Hungarian Ervin Hegedüs became a software developer. Within the Core Rule Set project, he contributes primarily to tool development and packaging. “New team members should above all be team players,” says Ervin. Ervin Hegedüs has had no shortage of interesting career ideas in his 51-year …

Meet the CRS team: Ervin, the gardening radio amateur in the background Read More »

CRS Version 3.3.4 and 3.2.3 fix a regression

Yesterday, we released CRS versions 3.3.3 and 3.2.2 with important security improvements. Unfortunately, backporting the fixes from our development branch 4.0 introduced a regression which was only found after publication. As a result, some Paranoia Level 2 rules would activate even when running in Paranoia Level 1. This did not harm security but may introduce …

CRS Version 3.3.4 and 3.2.3 fix a regression Read More »

CRS Version 3.3.3 and 3.2.2 (covering several CVEs)

Release announcement covering fixes for CVE-2022-39955, CVE-2022-39956, CVE-2022-39957 and CVE-2022-39958, additional security fixes and security fixes in the latest ModSecurity releases 2.9.6 and 3.0.8. The OWASP ModSecurity Core Rule Set (CRS) team is pleased to announce the release of two new CRS versions.Edit: Updated download links now to refer to the fixed versions. Version 3.3.4 …

CRS Version 3.3.3 and 3.2.2 (covering several CVEs) Read More »