Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0-RC2
The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of release candidate 2 for the upcoming CRS v3.2.0. The new release is available at https://github.com/coreruleset/coreruleset/archive/v3.2.0-rc2.zip https://github.com/coreruleset/coreruleset/archive/v3.2.0-rc2.tar.gz This release represents a very big step forward in terms of both capabilities and protections including: Improved compatibility with ModSecurity 3.x Improved CRS docker container that is fully configureable at creation Expanded Java RCE blacklist Expanded unix shell RCE blacklist Improved PHP RCE detection New javascript/Node.js RCE detection Expanded LFI blacklists Added XenForo rule exclusion profile Fixes for many false positives and bypasses Detection of more security scanners Regexp performance improvements preventing ReDoS in most cases Please see the CHANGES document with around 150 entries for a detailed list of new features and improvements. https://github.com/coreruleset/coreruleset/blob/v3.2.0-rc2/CHANGES