Releases: coreruleset/coreruleset
Releases · coreruleset/coreruleset
Latest Nightly
Nightly releases are snapshots of the development activity on the Core Rule Set project that may include new features and bug fixes scheduled for upcoming releases. These releases are made available to make it easier for users to test their existing configurations against the Core Rule Set code base for potential issues or to experiment with new features, with a chance to provide feedback on ways to improve the changes before being released.
As these releases are snapshots of the latest code, you may encounter an issue compared to the latest stable release so users are encouraged to run nightly releases in a non production environment. If you encounter an issue, please check our issue tracker to see if the issue has already been reported; if a report hasn't been made, please report it so we can review the issue and make any needed fixes.
v4.11.0
v4.11.0
This tag was signed with the committer’s verified signature.
The key has expired.
fzipi
Felipe Zipitría
What's Changed
🪦 Rule removals
🧰 Other Changes
- fix: remove aliases man, mi, si and resolve positives (932125 PL1) by @franbuehler in #3971
- fix: remove where, if, for and vol and resolve false positives (932380 PL1) by @franbuehler in #3972
- fix: make 932300 actually case-insensitive by @theseion in #3977
- fix: remove sql function names to resolve false positives (942151 PL1) by @franbuehler in #3973
- fix: issue 3809 by @Xhoenix in #3983
Full Changelog: v4.10.0...v4.11.0
Contributors
theseion, dune73, and 2 other contributors
Assets 8
v4.10.0
What's Changed
🆕 New features and detections 🎉
- feat: block CVE-2023-5003 by @azurit in #3955
- feat: prevent accessing PHP variables by @azurit in #3965
🧰 Other Changes
Full Changelog: v4.9.0...v4.10.0
Contributors
theseion and azurit
Assets 8
v4.9.0
What's Changed
⭐ Important changes
🆕 New features and detections 🎉
- feat: add fish shell files to restricted-files.data by @OhMyVolk in #3915
- feat: add quantitative testing to Git workflow by @airween in #3924
🧰 Other Changes
- feat: added support for new web shells by @azurit in #3898
- fix(security): remove double URL decode (921151 PL2, 932190 PL3, 942441 PL2, 942442 PL2, 942460 PL3) by @azurit in #3741
- docs: extended rule documentation (900200) by @dune73 in #3934
New Contributors
Full Changelog: v4.8.0...v4.9.0
Contributors
airween, dune73, and 3 other contributors
Assets 8
v3.3.7
Contributors
RedXanadu
Assets 8
v4.8.0
What's Changed
⭐ Important changes
- fix: 9EA-241022 v4 by @RedXanadu in #3905
🆕 New features and detections 🎉
🧰 Other Changes
- fix: remove unnecessary capture groups by @TimDiam0nd in #3849
- fix(942120): update operators by @Xhoenix in #3841
- fix(933120): do not match on base64 encoded strings by @fzipi in #3863
- fix(refactor): 942130 and 942131 regex-assembly by @Xhoenix in #3862
- fix(942520): SQL operators can be one or more characters by @Xhoenix in #3845
- chore: remove verify id-range by @fzipi in #3885
- chore: remove find-max-datalen-in-tests by @fzipi in #3891
- chore: remove honeypot sensor by @fzipi in #3883
- chore: remove browser tools by @fzipi in #3887
- chore: remove send-payload-pls by @fzipi in #3879
- chore: remove geo-location by @fzipi in #3875
- chore: remove crs2 renumbering by @fzipi in #3873
- chore: remove change-version script by @fzipi in #3869
- chore: remove join multiline rules by @fzipi in #3877
- chore: remove av-scanning by @fzipi in #3871
- chore: remove util virtual patching by @fzipi in #3889
- fix: include v3.3.6 release notes in latest by @fzipi in #3867
- chore: remove fp-finder by @fzipi in #3893
New Contributors
- @evidencebp made their first contribution in #3837
- @mtaket made their first contribution in #3855
Full Changelog: v4.7.0...v4.8.0
Contributors
theseion, fzipi, and 5 other contributors
Assets 8
v4.7.0
What's Changed
🆕 New features and detections 🎉
🧰 Other Changes
- fix: Changed regex (920470) to match multiple whitespaces after
Content-Typeparameters to avoid false-positives by @lostmann-owl-it in #3818 - fix: fp with user-agent containing ; pg (932239 PL2) by @franbuehler in #3727
- fix: update xss detection with onwebkitplaybacktargetavailabilitychanged event by @fzipi in #3822
- feat: refactoring (944110 PL1) by @azurit in #3715
New Contributors
- @lostmann-owl-it made their first contribution in #3818
Full Changelog: v4.6.0...v4.7.0
Contributors
azurit, fzipi, and 2 other contributors
Assets 8
v4.6.0
What's Changed
⭐ Important changes
- fix: prevent using backslash in file names by @fzipi in #3799
- feat: add new rule to catch invalid character in multipart headers by @airween, @theseion, @fzipi in #3796
Big thanks tu @luelueking for reporting us these two ☝️ .
🧰 Other Changes
- feat: rule to detect bash tilde expansion by @Xhoenix in #3765
- fix: Update 932270's
verby @airween in #3786 - perf: remove unnecessary chain rule and capture (921180 PL3) by @EsadCetiner in #3787
- fix: add pem to restricted file extensions by @EsadCetiner in #3789
- fix(942160): check REQUEST_FILENAME by @mat1010 in #3782
New Contributors
Full Changelog: v4.5.0...v4.6.0
Contributors
airween, theseion, and 5 other contributors
Assets 8
v3.3.6
What's Changed
⭐ Important changes
- fix: prevent using backslash in file names (v3) by @fzipi in #3800
- feat: add new rule to catch invalid character in multipart headers (v3) by @airween (ported by @fzipi) in #3797
Big thanks tu @luelueking for reporting us these two ☝️ .
Full Changelog: v3.3.5...v3.3.6
Contributors
airween, fzipi, and luelueking
Assets 4
v4.5.0
What's Changed
🆕 New features and detections 🎉
🧰 Other Changes
- fix(security): alias false negative by @Xhoenix in #3740
- feat: add test overrides for nginx by @theseion in #3369
- fix: use proper capture for log output of 932300 by @theseion in #3763
- chore: use lowercase character class for 932320 by @theseion in #3772
- fix: remove nonnecessary variable (932260 PL1) by @dune73 in #3773
New Contributors
Full Changelog: v4.4.0...v4.5.0
Contributors
theseion, dune73, and 2 other contributors