Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Monthly Chat Agenda May 2019(2019-05-06) #1402

Closed
dune73 opened this issue May 6, 2019 · 3 comments

Comments

@dune73
Copy link
Collaborator

commented May 6, 2019

This is the Agenda for the Monthly CRS Chat.

The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, May 6, at 20:30 CET.

Items on the Agenda:

ReDoS and 3.1.1 release

  • Status of the work vs the CVEs and the release plan

PRs

  • Huge groups of new tests by emphazer
  • #1392 (new WAF bypass)

Other items

  • Status of our test suite on ModSec 3
  • Swag data files have been merged to the the OWASP swag project. Next step is an account and then we can start to print sickers and hoodies and shirts etc.

Feel free to add items as you see fit either above, or below as comments.

If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNDI5MzgxMDQ2MTAwLTEyNzIzYWQ2NDZiMGIwNmJhYzYxZDJiNTM0ZmZiZmJlY2EwZmMwYjAyNmJjNzQxNzMyMWY4OTk3ZTQ0MzFhMDY

@dune73

This comment has been minimized.

Copy link
Collaborator Author

commented May 6, 2019

Decisions

  • @fgs needs some additional days to finish the immediate ReDoS work. We'll release 3.1.1 afterwards.
  • Rest of the team supports him with tests
  • @emphazer will continue to develop tests. We welcome as many tests as we can have for the time being.
  • @fzipi and @airween and @emphazer form a little team to close gaps with our test tool FTW, namely when it comes to detect ReDoS.
  • PR #1392 is welcome
  • PR #1364 Fix indentation and python version in crs2-renumbering script - will be fixed by @csanders and merged by @lifeforms
  • We will merge #1327 and remove old and unwanted constructs
  • Testing: We will run multiple dockers in parallel vs ModSec 2 and ModSec 3 on Travis. If that is a performance problem we will look into the free offer Christian got by a Swiss startup. (Lots of support for this idea)
  • #1371 is meant to detect ReDoS. It will be transformed into a base to use various ways to detect ReDoS. @airween and @fzipi have their approaches as well. This is all going to be merged into this.
  • Open issues piling up quickly again. Assigning some of them to volunteers...
  • We are solving issue #1346 by creating symlinks and be done with it for now.
  • Swag is on it's way thanks to @fzipi. @dune73 will support with an account.
@CanadianJeff

This comment has been minimized.

Copy link

commented May 6, 2019

that invite link is dead

@fgsch fgsch closed this May 6, 2019

@dune73

This comment has been minimized.

Copy link
Collaborator Author

commented May 7, 2019

Thank you for the infor @CanadianJeff. Will use a new one for the next meeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.