Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

Commit

Permalink
Switch to dates in YYYY-MM-DD format
Browse files Browse the repository at this point in the history
IOW iso 8601. While here add newlines and drop empty categories.
  • Loading branch information
fgsch committed Sep 24, 2019
1 parent b3470fe commit bf04441
Showing 1 changed file with 43 additions and 49 deletions.
92 changes: 43 additions & 49 deletions CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
or the CRS mailinglist at
* https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

== Version 3.2.0 - 9/24/2019 ==
== Version 3.2.0 - 2019-09-24 ==

New functionality:
* Add AngularJS client side template injection 941380 PL2 (Franziska Bühler)
Expand Down Expand Up @@ -173,6 +173,7 @@ Documentation:
* Updating crs site location (Chaim Sanders)

== Version 3.1.1 - 2019-06-26 ==

* Fix CVE-2019-11387 ReDoS against CRS on ModSecurity 3 at PL 2 (Christoph Hansen, Federico G. Schwindt)
* Content-Type made case insensitive in 920240, 920400 (Federico G. Schwindt)
* Allow % encoding in 920240 (Christoph Hansen)
Expand All @@ -181,7 +182,8 @@ Documentation:
* Reduce false positives in 921110 (Yu Yagihashi, Federico G. Schwindt)
* Fix bug in 943120 (XeroChen)

== Version 3.1.0 - 8/7/2018 ==
== Version 3.1.0 - 2018-08-07 ==

* Add Detectify scanner (theMiddle)
* Renaming matched_var/s (Victor Hora)
* Remove lines with bare '#' comment char (Walter Hop)
Expand Down Expand Up @@ -283,12 +285,12 @@ Documentation:
* Removed deprecated t:removeComments from 942100 (Christian Folini)
* Add word boundary to rule 942410 (Franziska Bühler)

== Version 3.0.2 - 5/12/2017 ==
== Version 3.0.2 - 2017-05-12 ==

* Remove debug rule that popped up in 3.0.1 (Christian Folini)


== Version 3.0.1 - 5/9/2017 ==
== Version 3.0.1 - 2017-05-09 ==

* SECURITY: Removed insecure handling of X-Forwarded-For header;
reported by Christoph Hansen (Walter Hop)
Expand Down Expand Up @@ -325,7 +327,7 @@ Documentation:
* Fixed bug with DoS rule 912160 (@loudly-soft, Christian Folini)


== Version 3.0.0 - 11/10/2016 ==
== Version 3.0.0 - 2016-11-10 ==

Huge changeset running in separate branch from September 2013 to September 2016.
This is a cursory summary of the most important changes:
Expand Down Expand Up @@ -398,9 +400,7 @@ This is a cursory summary of the most important changes:
* Many improvements to rules in 2014/5 (Ryan Barnett)


== Version 2.2.9 - 09/30/2013 ==

Security Fixes:
== Version 2.2.9 - 2013-09-30 ==

Improvements:
* Updated the /util directory structure
Expand All @@ -412,9 +412,7 @@ Bug Fixes:
https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/157


== Version 2.2.8 - 06/30/2013 ==

Security Fixes:
== Version 2.2.8 - 2013-06-30 ==

Improvements:
* Updatd the /util directory structure
Expand Down Expand Up @@ -443,9 +441,7 @@ Bug Fixes:
- https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18


== Version 2.2.7 - 12/19/2012 ==

Security Fixes:
== Version 2.2.7 - 2012-12-19 ==

Improvements:
* Added JS Overrides file to identify successfull XSS probes
Expand All @@ -460,9 +456,7 @@ Bug Fixes:
* Fixed bug in XSS rules checking TX:PM_XSS_SCORE variable


== Version 2.2.6 - 09/14/2012 ==

Security Fixes:
== Version 2.2.6 - 2012-09-14 ==

Improvements:
* Started rule formatting update for better readability
Expand All @@ -483,7 +477,7 @@ Bug Fixes:
https://www.modsecurity.org/tracker/browse/CORERULES-78


== Version 2.2.5 - 06/14/2012 ==
== Version 2.2.5 - 2012-06-14 ==

Security Fixes:
* Updated the anomaly scoring value for rule ID 960000 to critical
Expand All @@ -507,7 +501,7 @@ Bug Fixes:
* Added forceRequestBodyVariable action to rule ID 960904


== Version 2.2.4 - 03/14/2012 ==
== Version 2.2.4 - 2012-03-14 ==

Improvements:
* Added Location and Set-Cookie checks to Response Splitting rule ID 950910
Expand All @@ -523,7 +517,7 @@ Bug Fixes:
* Fixed duplidate rule IDs


== Version 2.2.3 - 12/19/2011 ==
== Version 2.2.3 - 2011-12-19 ==

Improvements:
* Added Watcher Cookie Checks to optional_rules/modsecurity_crs_55_appication_defects.conf file
Expand All @@ -539,7 +533,7 @@ Bug Fixes:
* Updated the regex and added tags for RFI rules.


== Version 2.2.2 - 09/28/2011 ==
== Version 2.2.2 - 2011-09-28 ==


Improvements:
Expand All @@ -558,7 +552,7 @@ Bug Fixes:
* Updated the SQLi regex for rule ID 981242


== Version 2.2.1 - 07/20/2011 ==
== Version 2.2.1 - 2011-07-20 ==


Improvements:
Expand All @@ -579,7 +573,7 @@ Bug Fixes:
* Updated rule ID 971150 signature to remove ;


== Version 2.2.0 - 05/26/2011 ==
== Version 2.2.0 - 2011-05-26 ==


Improvements:
Expand Down Expand Up @@ -629,7 +623,7 @@ Bug Fixes:
They will now inherit the settings from the SecDefaultAction


== Version 2.1.2 - 02/17/2011 ==
== Version 2.1.2 - 2011-02-17 ==


Improvements:
Expand All @@ -643,7 +637,7 @@ Bug Fixes:
* Added missing " in the skipAfter SecAction in the CC Detection rule set


== Version 2.1.1 - 12/30/2010 ==
== Version 2.1.1 - 2010-12-30 ==


Bug Fixes:
Expand All @@ -656,7 +650,7 @@ Bug Fixes:
* Moved the comment spam data file into the optional_rules directory


== Version 2.1.0 - 12/29/2010 ==
== Version 2.1.0 - 2010-12-29 ==


Improvements:
Expand Down Expand Up @@ -687,7 +681,7 @@ Improvements:



== Version 2.0.10 - 11/29/2010 ==
== Version 2.0.10 - 2010-11-29 ==


Improvements:
Expand All @@ -701,7 +695,7 @@ Bug Fixes:



== Version 2.0.9 - 11/17/2010 ==
== Version 2.0.9 - 2010-11-17 ==


Improvements:
Expand Down Expand Up @@ -736,7 +730,7 @@ Bug Fixes:
https://www.modsecurity.org/tracker/browse/CORERULES-62


== Version 2.0.8 - 08/27/2010 ==
== Version 2.0.8 - 2010-08-27 ==


Improvements:
Expand All @@ -759,7 +753,7 @@ Bug Fixes:
https://www.modsecurity.org/tracker/browse/CORERULES-29


== Version 2.0.7 - 06/4/2010 ==
== Version 2.0.7 - 2010-06-04 ==


Improvements:
Expand All @@ -786,7 +780,7 @@ Bug Fixes:
* Fixed restricted_extension false positive by adding boundary characters


== Version 2.0.6 - 02/26/2010 ==
== Version 2.0.6 - 2010-02-26 ==


Bug Fixes:
Expand All @@ -805,7 +799,7 @@ Bug Fixes:
* Update phpids filters to use pass action instead of block


== Version 2.0.5 - 02/01/2010 ==
== Version 2.0.5 - 2010-02-01 ==


Improvements:
Expand Down Expand Up @@ -845,7 +839,7 @@ Bug Fixes:
and blocking


== Version 2.0.4 - 11/30/2009 ==
== Version 2.0.4 - 2009-11-30 ==


Improvements:
Expand All @@ -862,7 +856,7 @@ Bug Fixes:
phase:4 which would allow for blocking based on information leakage issues.


== Version 2.0.3 - 11/05/2009 ==
== Version 2.0.3 - 2009-11-05 ==


Improvements:
Expand All @@ -886,7 +880,7 @@ Bug Fixes:
https://www.modsecurity.org/tracker/browse/CORERULES-23


== Version 2.0.2 - 09/11/2009 ==
== Version 2.0.2 - 2009-09-11 ==


Improvements:
Expand All @@ -898,7 +892,7 @@ Bug Fixes:
https://www.modsecurity.org/tracker/browse/CORERULES-15


== Version 2.0.1 - 08/07/2009 ==
== Version 2.0.1 - 2009-08-07 ==


Improvements:
Expand All @@ -916,7 +910,7 @@ Bug Fixes:
https://www.modsecurity.org/tracker/browse/CORERULES-9


== Version 2.0.0 - 07/29/2009 ==
== Version 2.0.0 - 2009-07-29 ==


New Rules & Features:
Expand Down Expand Up @@ -1014,15 +1008,15 @@ Other Fixes:
rules and chained rules).


== Version 1.6.1 - 2008/04/22 ==
== Version 1.6.1 - 2008-04-22 ==


* Fixed a bug where phases and transformations where not specified explicitly
in rules. The issue affected a significant number of rules, and we strongly
recommend to upgrade.


== Version 1.6.0 - 2008/02/19 ==
== Version 1.6.0 - 2008-02-19 ==


New Rulesets & Features:
Expand Down Expand Up @@ -1060,7 +1054,7 @@ Additional rules logic:



== Version 1.5.1 - 2007/12/6 ==
== Version 1.5.1 - 2007-12-06 ==


False Positives Fixes:
Expand All @@ -1077,7 +1071,7 @@ Other Fixes:
* File 55 contained empty regular expressions. Fixed.


== Version 1.5 - 2007/11/23 ==
== Version 1.5 - 2007-11-23 ==


New Rulesets:
Expand Down Expand Up @@ -1116,7 +1110,7 @@ False Positives Fixes:
then you should uncomment this rule (in file 20)


version 1.4.3 - 2007/07/21
version 1.4.3 - 2007-07-21


New Events:
Expand All @@ -1143,7 +1137,7 @@ Additional rules logic:



version 1.4 build 2 - 2007/05/17
version 1.4 build 2 - 2007-05-17


New Feature:
Expand Down Expand Up @@ -1171,7 +1165,7 @@ FP fixes:
* Rule 950107 - Will allow a parameter to end in a % sign from now on


version 1.4 - 2007/05/02
version 1.4 - 2007-05-02


New Events:
Expand Down Expand Up @@ -1205,21 +1199,21 @@ Additional rules logic:
* Added 1=1 signature (SQL Injection)


version 1.3.2 build 4 2007/01/17
version 1.3.2 build 4 2007-01-17


Fixed apache 2.4 dummy requests exclusion
Added persistent PDF UXSS detection rule


== Version 1.3.2 build 3 2007/01/10 ==
== Version 1.3.2 build 3 2007-01-10 ==


Fixed regular expression in rule 960010 (file #30) to allow multipart form data
content


== Version 1.3.2 - 2006/12/27 ==
== Version 1.3.2 - 2006-12-27 ==


New events:
Expand Down Expand Up @@ -1255,7 +1249,7 @@ Modified descriptions:
* Added ctl:auditLogParts=+E for outbound events and attacks to collect response.


== Version 1.2 - 2006/11/19 ==
== Version 1.2 - 2006-11-19 ==


Changes:
Expand All @@ -1271,7 +1265,7 @@ SecResponseBodyMimeType)
+ Too many FPs with events 950903 & 950905. Commented them out until fixed.


== Version 1.1 - 2006/10/18 ==
== Version 1.1 - 2006-10-18 ==


Initial version

0 comments on commit bf04441

Please sign in to comment.