Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Monthly Chat Agenda August (2019-08-05) #1496

Closed
dune73 opened this issue Aug 2, 2019 · 1 comment

Comments

@dune73
Copy link
Collaborator

commented Aug 2, 2019

This is the Agenda for the Monthly CRS Chat.

The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, August 5, at 20:30 CET.

Items on the Agenda:

PRs

  • #1490 Add PUBLIC identifier for XML entities
  • #1487 some node.js unserialization + javascript RCE snippets
  • #1484 Drop unneeded unicode from 941110
  • #1467 Simpler regression test Docker image
  • #1445 replace ctl:ruleRemoveTargetByTag=CRS with ruleRemoveTargetById (onHold)

Other items

Feel free to add items as you see fit either above, or below as comments.

If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNjExMTc3MTg0MzU4LTViMDg1MmJiMzMwZGUxZjgxZWQ1MTE0NTBlOTBhNjhhZDIzZTZiNmEwOTJlYjdkMzAxMGVhNDkwNDNiNjZiOWQ .
Everybody is welcome to join our community chat.

@dune73

This comment has been minimized.

Copy link
Collaborator Author

commented Aug 5, 2019

Decisions

  • @dune73 takes care of #1490, which we think merge-worthy
  • There is going to be a new nodejs rule file and #1487 will be the first addition
  • We generally want to get better coverage of modern things like node
  • #1484 will be merged as is
  • #1467 is being closed in favor of an alternative approach by @csanders-git
  • @allanbomsft and @csanders-git will work on a blog post about quick FTW tests against custom branches on docker
  • We give up on #1445
  • @airween will do a PR that adds a tag OWASP_CRS to all rules and solves the problem that #1445 attempted to solve. He will do so with the help of a new tool that can parse CRS rules and export it again.
  • @lifeforms volunteers to be 3.2 release manager. The release date is meant to be September 25, the CRS community summit!
  • Release plan: Merge freeze on Aug 19, RC1 on Aug 26, RC2 on Sep 8, release on Sep 24.
  • The following issues point to big holes in ModSecurity and there is nothing we can really do about it.
  • @dune73 will do a swag doodle and we will do a bulk order that Walter will deliver to the Community Summit in Amsterdam.
  • Community Summit Roll call:
  • @dune73 will look into an option to rent an appartment for the team via AirBnB for the whole conference. From Wed to Sat.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.