Merge pull request #1561 from fgsch/fgsch/dates

lifeforms · web-flow · commit 021eaef84791 · 2019-09-24T14:03:06.000+02:00
Switch to dates in YYYY-MM-DD format
diff --git a/CHANGES b/CHANGES
@@ -5,7 +5,7 @@
   or the CRS mailinglist at
 * https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
 
-== Version 3.2.0 - 9/24/2019 ==
+== Version 3.2.0 - 2019-09-24 ==
 
 New functionality:
  * Add AngularJS client side template injection 941380 PL2 (Franziska Bühler)
@@ -173,6 +173,7 @@ Documentation:
  * Updating crs site location (Chaim Sanders)
 
 == Version 3.1.1 - 2019-06-26 ==
+
  * Fix CVE-2019-11387 ReDoS against CRS on ModSecurity 3 at PL 2 (Christoph Hansen, Federico G. Schwindt)
  * Content-Type made case insensitive in 920240, 920400 (Federico G. Schwindt)
  * Allow % encoding in 920240 (Christoph Hansen)
@@ -181,7 +182,8 @@ Documentation:
  * Reduce false positives in 921110 (Yu Yagihashi, Federico G. Schwindt)
  * Fix bug in 943120 (XeroChen)
 
-== Version 3.1.0 - 8/7/2018 ==
+== Version 3.1.0 - 2018-08-07 ==
+
  * Add Detectify scanner (theMiddle)
  * Renaming matched_var/s (Victor Hora)
  * Remove lines with bare '#' comment char (Walter Hop)
@@ -283,12 +285,12 @@ Documentation:
  * Removed deprecated t:removeComments from 942100 (Christian Folini)
  * Add word boundary to rule 942410 (Franziska Bühler)
 
-== Version 3.0.2 - 5/12/2017 ==
+== Version 3.0.2 - 2017-05-12 ==
 
  * Remove debug rule that popped up in 3.0.1 (Christian Folini)
 
 
-== Version 3.0.1 - 5/9/2017 ==
+== Version 3.0.1 - 2017-05-09 ==
 
  * SECURITY: Removed insecure handling of X-Forwarded-For header;
    reported by Christoph Hansen (Walter Hop)
@@ -325,7 +327,7 @@ Documentation:
  * Fixed bug with DoS rule 912160 (@loudly-soft, Christian Folini)
 
 
-== Version 3.0.0 - 11/10/2016 ==
+== Version 3.0.0 - 2016-11-10 ==
 
 Huge changeset running in separate branch from September 2013 to September 2016.
 This is a cursory summary of the most important changes:
@@ -398,9 +400,7 @@ This is a cursory summary of the most important changes:
  * Many improvements to rules in 2014/5 (Ryan Barnett)
 
 
-== Version 2.2.9 - 09/30/2013 ==
-
-Security Fixes:
+== Version 2.2.9 - 2013-09-30 ==
 
 Improvements:
 * Updated the /util directory structure
@@ -412,9 +412,7 @@ Bug Fixes:
   https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/157
 
 
-== Version 2.2.8 - 06/30/2013 ==
-
-Security Fixes:
+== Version 2.2.8 - 2013-06-30 ==
 
 Improvements:
 * Updatd the /util directory structure
@@ -443,9 +441,7 @@ Bug Fixes:
   - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18
 
 
-== Version 2.2.7 - 12/19/2012 ==
-
-Security Fixes:
+== Version 2.2.7 - 2012-12-19 ==
 
 Improvements:
 * Added JS Overrides file to identify successfull XSS probes
@@ -460,9 +456,7 @@ Bug Fixes:
 * Fixed bug in XSS rules checking TX:PM_XSS_SCORE variable
 
 
-== Version 2.2.6 - 09/14/2012 ==
-
-Security Fixes:
+== Version 2.2.6 - 2012-09-14 ==
 
 Improvements:
 * Started rule formatting update for better readability
@@ -483,7 +477,7 @@ Bug Fixes:
   https://www.modsecurity.org/tracker/browse/CORERULES-78
 
 
-== Version 2.2.5 - 06/14/2012 ==
+== Version 2.2.5 - 2012-06-14 ==
 
 Security Fixes:
 * Updated the anomaly scoring value for rule ID 960000 to critical
@@ -507,7 +501,7 @@ Bug Fixes:
 * Added forceRequestBodyVariable action to rule ID 960904
 
 
-== Version 2.2.4 - 03/14/2012 ==
+== Version 2.2.4 - 2012-03-14 ==
 
 Improvements:
 * Added Location and Set-Cookie checks to Response Splitting rule ID 950910
@@ -523,7 +517,7 @@ Bug Fixes:
 * Fixed duplidate rule IDs
 
 
-== Version 2.2.3 - 12/19/2011 ==
+== Version 2.2.3 - 2011-12-19 ==
 
 Improvements:
 * Added Watcher Cookie Checks to optional_rules/modsecurity_crs_55_appication_defects.conf file
@@ -539,7 +533,7 @@ Bug Fixes:
 * Updated the regex and added tags for RFI rules.
 
 
-== Version 2.2.2 - 09/28/2011 ==
+== Version 2.2.2 - 2011-09-28 ==
 
 
 Improvements:
@@ -558,7 +552,7 @@ Bug Fixes:
 * Updated the SQLi regex for rule ID 981242
 
 
-== Version 2.2.1 - 07/20/2011 ==
+== Version 2.2.1 - 2011-07-20 ==
 
 
 Improvements:
@@ -579,7 +573,7 @@ Bug Fixes:
 * Updated rule ID 971150 signature to remove ;
 
 
-== Version 2.2.0 - 05/26/2011 ==
+== Version 2.2.0 - 2011-05-26 ==
 
 
 Improvements:
@@ -629,7 +623,7 @@ Bug Fixes:
   They will now inherit the settings from the SecDefaultAction
 
 
-== Version 2.1.2 - 02/17/2011 ==
+== Version 2.1.2 - 2011-02-17 ==
 
 
 Improvements:
@@ -643,7 +637,7 @@ Bug Fixes:
 * Added missing " in the skipAfter SecAction in the CC Detection rule set
 
 
-== Version 2.1.1 - 12/30/2010 ==
+== Version 2.1.1 - 2010-12-30 ==
 
 
 Bug Fixes:
@@ -656,7 +650,7 @@ Bug Fixes:
 * Moved the comment spam data file into the optional_rules directory
 
 
-== Version 2.1.0 - 12/29/2010 ==
+== Version 2.1.0 - 2010-12-29 ==
 
 
 Improvements:
@@ -687,7 +681,7 @@ Improvements:
 
 
 
-== Version 2.0.10 - 11/29/2010 ==
+== Version 2.0.10 - 2010-11-29 ==
 
 
 Improvements:
@@ -701,7 +695,7 @@ Bug Fixes:
 
 
 
-== Version 2.0.9 - 11/17/2010 ==
+== Version 2.0.9 - 2010-11-17 ==
 
 
 Improvements:
@@ -736,7 +730,7 @@ Bug Fixes:
   https://www.modsecurity.org/tracker/browse/CORERULES-62
 
 
-== Version 2.0.8 - 08/27/2010 ==
+== Version 2.0.8 - 2010-08-27 ==
 
 
 Improvements:
@@ -759,7 +753,7 @@ Bug Fixes:
   https://www.modsecurity.org/tracker/browse/CORERULES-29
 
 
-== Version 2.0.7 - 06/4/2010 ==
+== Version 2.0.7 - 2010-06-04 ==
 
 
 Improvements:
@@ -786,7 +780,7 @@ Bug Fixes:
 * Fixed restricted_extension false positive by adding boundary characters
 
 
-== Version 2.0.6 - 02/26/2010 ==
+== Version 2.0.6 - 2010-02-26 ==
 
 
 Bug Fixes:
@@ -805,7 +799,7 @@ Bug Fixes:
 * Update phpids filters to use pass action instead of block
 
 
-== Version 2.0.5 - 02/01/2010 ==
+== Version 2.0.5 - 2010-02-01 ==
 
 
 Improvements:
@@ -845,7 +839,7 @@ Bug Fixes:
   and blocking
 
 
-== Version 2.0.4 - 11/30/2009 ==
+== Version 2.0.4 - 2009-11-30 ==
 
 
 Improvements:
@@ -862,7 +856,7 @@ Bug Fixes:
   phase:4 which would allow for blocking based on information leakage issues.
 
 
-== Version 2.0.3 - 11/05/2009 ==
+== Version 2.0.3 - 2009-11-05 ==
 
 
 Improvements:
@@ -886,7 +880,7 @@ Bug Fixes:
   https://www.modsecurity.org/tracker/browse/CORERULES-23
 
 
-== Version 2.0.2 - 09/11/2009 ==
+== Version 2.0.2 - 2009-09-11 ==
 
 
 Improvements:
@@ -898,7 +892,7 @@ Bug Fixes:
   https://www.modsecurity.org/tracker/browse/CORERULES-15
 
 
-== Version 2.0.1 - 08/07/2009 ==
+== Version 2.0.1 - 2009-08-07 ==
 
 
 Improvements:
@@ -916,7 +910,7 @@ Bug Fixes:
   https://www.modsecurity.org/tracker/browse/CORERULES-9
 
 
-== Version 2.0.0 - 07/29/2009 ==
+== Version 2.0.0 - 2009-07-29 ==
 
 
 New Rules & Features:
@@ -1014,15 +1008,15 @@ Other Fixes:
   rules and chained rules).
 
 
-== Version 1.6.1 - 2008/04/22 ==
+== Version 1.6.1 - 2008-04-22 ==
 
 
 * Fixed a bug where phases and transformations where not specified explicitly
     in rules. The issue affected a significant number of rules, and we strongly
     recommend to upgrade.
 
 
-== Version 1.6.0 - 2008/02/19 ==
+== Version 1.6.0 - 2008-02-19 ==
 
 
 New Rulesets & Features:
@@ -1060,7 +1054,7 @@ Additional rules logic:
 
 
 
-== Version 1.5.1 - 2007/12/6 ==
+== Version 1.5.1 - 2007-12-06 ==
 
 
 False Positives Fixes:
@@ -1077,7 +1071,7 @@ Other Fixes:
 * File 55 contained empty regular expressions. Fixed.
 
 
-== Version 1.5 - 2007/11/23 ==
+== Version 1.5 - 2007-11-23 ==
 
 
 New Rulesets:
@@ -1116,7 +1110,7 @@ False Positives Fixes:
            then you should uncomment this rule (in file 20)
 
 
-version 1.4.3 - 2007/07/21
+version 1.4.3 - 2007-07-21
 
 
 New Events:
@@ -1143,7 +1137,7 @@ Additional rules logic:
 
 
 
-version 1.4 build 2 - 2007/05/17
+version 1.4 build 2 - 2007-05-17
 
 
 New Feature:
@@ -1171,7 +1165,7 @@ FP fixes:
 * Rule 950107 - Will allow a parameter to end in a % sign from now on
 
 
-version 1.4 - 2007/05/02
+version 1.4 - 2007-05-02
 
 
 New Events:
@@ -1205,21 +1199,21 @@ Additional rules logic:
 * Added 1=1 signature (SQL Injection)
 
 
-version 1.3.2 build 4 2007/01/17
+version 1.3.2 build 4 2007-01-17
 
 
 Fixed apache 2.4 dummy requests exclusion
 Added persistent PDF UXSS detection rule
 
 
-== Version 1.3.2 build 3 2007/01/10 ==
+== Version 1.3.2 build 3 2007-01-10 ==
 
 
 Fixed regular expression in rule 960010 (file #30) to allow multipart form data
 content
 
 
-== Version 1.3.2 - 2006/12/27 ==
+== Version 1.3.2 - 2006-12-27 ==
 
 
 New events:
@@ -1255,7 +1249,7 @@ Modified descriptions:
 * Added ctl:auditLogParts=+E for outbound events and attacks to collect response.
 
 
-== Version 1.2 - 2006/11/19 ==
+== Version 1.2 - 2006-11-19 ==
 
 
 Changes:
@@ -1271,7 +1265,7 @@ SecResponseBodyMimeType)
 + Too many FPs with events 950903 & 950905. Commented them out until fixed.
 
 
-== Version 1.1 - 2006/10/18 ==
+== Version 1.1 - 2006-10-18 ==
 
 
 Initial version
