This repository was archived by the owner on May 14, 2020. It is now read-only.
Monthly Chat Agenda June (2019-06-03) #1443
Description
This is the Agenda for the Monthly CRS Chat.
The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, June 3, at 20:30 CET.
Items on the Agenda:
ReDoS and 3.1.1 release
- Status of the work vs the CVEs and the release plan
Images, builds, travis and docker
- Status and plan
PRs
- ...
Other items
- Problem with exclusion rules and ruleRemoveTargetByTag #1444 Rule Exclusions Packages (like Wordpress, Drupal) don't work on ModSec 3.
- Regex Checker to detect ReDoS by @airween: (See https://owasp.slack.com/archives/CBKGH8A5P/p1559493847022600)
- Not related to CRS (yet), but a WAF bypass is possible on v2 on rules that use
REQUEST_BODY: XML attack rules file 945000 #1320 (comment)
Feel free to add items as you see fit either above, or below as comments.
If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNjExMTc3MTg0MzU4LTViMDg1MmJiMzMwZGUxZjgxZWQ1MTE0NTBlOTBhNjhhZDIzZTZiNmEwOTJlYjdkMzAxMGVhNDkwNDNiNjZiOWQ .
Everybody is welcome to join our community chat.