From 156341e4e9b0e3012f3c24e2b9e3b54ce39716db Mon Sep 17 00:00:00 2001
From: Chaim Sanders <csanders-git@users.noreply.github.com>
Date: Tue, 9 May 2017 23:12:22 -0400
Subject: [PATCH] Update KNOWN_BUGS with SOAP-XML Data

Updated KNOWN_BUGS as suggested by @dune73 dealing with a better home for the details surrounding ModSecurity implementation compliance with SOAP-XML.
---
 KNOWN_BUGS | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/KNOWN_BUGS b/KNOWN_BUGS
index 75c1fd3a4..cc5a740bc 100644
--- a/KNOWN_BUGS
+++ b/KNOWN_BUGS
@@ -33,3 +33,17 @@ or the CRS mailinglist at
   JSON support was enabled in Debian's package version 2.8.0-4 (Nov 2014).
   You can either use backports.debian.org to install the latest ModSecurity
   release or disable rule id 200001.
+* As of CRS version 3.0.1, support has been added for the application/soap+xml MIME
+  type by default, as specified in RFC 3902. OF IMPORTANCE, application/soap+xml is
+  indicative that XML will be provided. In accordance with this, ModSecurity's XML
+  Request Body Processor should also be configured to support this MIME type. Within
+  the ModSecurity project, commit 5e4e2af 
+  (https://github.com/SpiderLabs/ModSecurity/commit/5e4e2af7a6f07854fee6ed36ef4a381d4e03960e) 
+  has been merged to support this endevour. However, if you are running a modified or
+  preexisting version of the modsecurity.conf provided by this repository, you may
+  wish to upgrade rule '200000' accordingly. The rule now appears as follows:
+
+```
+SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
+     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+```