WAF Release 10 November (#26414)

fb1337 · web-flow · commit 879eb5fd4b24 · 2025-11-10T18:04:50.000Z
* WAF Release 10 November

* id update
diff --git a/src/content/changelog/waf/2025-11-10-waf-release.mdx b/src/content/changelog/waf/2025-11-10-waf-release.mdx
@@ -0,0 +1,66 @@
+---
+title: "WAF Release - 2025-11-10"
+description: Cloudflare WAF managed rulesets 2025-11-10 release
+date: 2025-11-10
+---
+
+import { RuleID } from "~/components";
+
+This week’s release introduces new detections for Prototype Pollution across three common vectors: URI, Body, and Header/Form.
+
+**Key Findings**
+
+- These attacks can affect both API and web applications by altering normal behavior or bypassing security controls.
+
+**Impact**
+
+Exploitation may allow attackers to change internal logic or cause unexpected behavior in applications using JavaScript or Node.js frameworks. Developers should sanitize input keys and avoid merging untrusted data structures.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="32405a50728746dd8caa057b606285e6" />
+			</td>
+			<td>N/A</td>
+			<td>Generic Rules - Prototype Pollution - URI</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a new detection</td>
+		</tr>    
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="a7da00c63c4243d2a72456fe4f59ff26" />
+			</td>
+			<td>N/A</td>
+			<td>Generic Rules - Prototype Pollution - Body</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a new detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="833078bdcfa04bb7aa7b8fb67efbeb39" />
+			</td>
+			<td>N/A</td>
+			<td>Generic Rules - Prototype Pollution - Header - Form</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a new detection</td>
+		</tr>        
+	</tbody>
+</table>
diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx
@@ -1,68 +1,35 @@
 ---
-title: WAF Release - Scheduled changes for 2025-11-10
-description: WAF managed ruleset changes scheduled for 2025-11-10
-date: 2025-11-03
+title: WAF Release - Scheduled changes for 2025-11-17
+description: WAF managed ruleset changes scheduled for 2025-11-17
+date: 2025-11-10
 scheduled: true
 ---
 
 import { RuleID } from "~/components";
 
 <table style="width: 100%">
-	<thead>
-	<tr>
-		<th>Announcement Date</th>
-		<th>Release Date</th>
-		<th>Release Behavior</th>
-		<th>Legacy Rule ID</th>
-		<th>Rule ID</th>
-		<th>Description</th>
-		<th>Comments</th>
-	</tr>
-	</thead>
-	<tbody>
-	<tr>
-		<td>2025-10-27</td>
-		<td>2025-11-10</td>
-		<td>Log</td>
-		<td>N/A</td>
-		<td>
-			<RuleID id="32405a50728746dd8caa057b606285e6" />
-		</td>
-		<td>Generic Rules - Prototype Pollution - URI</td>
-		<td>This is a new detection</td>
-	</tr>
-	<tr>
-		<td>2025-10-27</td>
-		<td>2025-11-10</td>
-		<td>Log</td>
-		<td>N/A</td>
-		<td>
-			<RuleID id="a7da00c63c4243d2a72456fe4f59ff26" />
-		</td>
-		<td>Generic Rules - Prototype Pollution - Body</td>
-		<td>This is a new detection</td>
-	</tr>
-	<tr>
-		<td>2025-10-27</td>
-		<td>2025-11-10</td>
-		<td>Log</td>
-		<td>N/A</td>
-		<td>
-			<RuleID id="833078bdcfa04bb7aa7b8fb67efbeb39" />
-		</td>
-		<td>Generic Rules - Prototype Pollution - Header - Form</td>
-		<td>This is a new detection</td>
-	</tr>
-	<tr>
-		<td>2025-10-27</td>
-		<td>2025-11-10</td>
-		<td>Log</td>
-		<td>N/A</td>
-		<td>
-			<RuleID id="818d92d370654c3d8f1adc7c9029cd61" />
-		</td>
-		<td>HTTP Truncated Beta</td>
-		<td>This is a beta detection and will replace the action on original detection (ID: <RuleID id="646bccf7e9dc46918a4150d6c22b51d3" />)  </td>
-	</tr>
-	</tbody>
+  <thead>
+    <tr>
+      <th>Announcement Date</th>
+      <th>Release Date</th>
+      <th>Release Behavior</th>
+      <th>Legacy Rule ID</th>
+      <th>Rule ID</th>
+      <th>Description</th>
+      <th>Comments</th>
+    </tr>
+  </thead>
+  <tbody>
+   <tr>
+      <td>2025-11-10</td>
+      <td>2025-11-17</td>
+      <td>Log</td>
+      <td>N/A</td>
+      <td>
+        <RuleID id="ec1e2aa190e64e7cb468e16dd256f4bc" />
+      </td>
+      <td>DELMIA Apriso - Auth Bypass - CVE:CVE-2025-6205</td>
+      <td>This is a new detection</td>
+   </tr>
+  </tbody>
 </table>
