Release-Apr-01-2025 (#21245)

* Release-Apr-01-2025

* Fix missing quote

* Apply suggestions from PCX review

---------

Co-authored-by: Pedro Sousa <[email protected]>

Author: vs-mg

src/content/docs/waf/change-log/2025-04-01.mdx

@@ -0,0 +1,235 @@
+---
+title: "2025-04-01"
+type: table
+pcx_content_type: release-notes
+sidebar:
+  order: 794
+tableOfContents: false
+---
+
+import { RuleID } from "~/components";
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="8b8074e73b7d4aba92fc68f3622f0483" />
+			</td>
+			<td>100732</td>
+			<td>Sitecore - Code Injection - CVE:CVE-2025-27218</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="8350947451a1401c934f5e660f101cca" />
+			</td>
+			<td>100733</td>
+			<td>Angular-Base64-Upload - Remote Code Execution - CVE:CVE-2024-42640</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="a9ec9cf625ff42769298671d1bbcd247" />
+			</td>
+			<td>100734</td>
+			<td>Apache Camel - Remote Code Execution - CVE:CVE-2025-29891</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="3d6bf99039b54312a1a2165590aea1ca" />
+			</td>
+			<td>100735</td>
+			<td>Progress Software WhatsUp Gold - Remote Code Execution - CVE:CVE-2024-4885</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="d104e3246dc14ac7851b4049d9d8c5f2" />
+			</td>
+			<td>100737</td>
+			<td>Apache Tomcat - Remote Code Execution - CVE:CVE-2025-24813</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="21c7a963e1b749e7b1753238a28a42c4" />
+			</td>
+			<td>100659</td>
+			<td>Common Payloads for Server-side Template Injection</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="887843ffbe90436dadd1543adaa4b037" />
+			</td>
+			<td>100659</td>
+			<td>Common Payloads for Server-side Template Injection - Base64</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="3565b80fc5b541b4832c0fc848f6a9cf" />
+			</td>
+			<td>100642</td>
+			<td>LDAP Injection</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="44d7bf9bf0fa4898b8579573e0713e9f" />
+			</td>
+			<td>100642</td>
+			<td>LDAP Injection Base64</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="e35c9a670b864a3ba0203ffb1bc977d1" />
+			</td>
+			<td>100005</td>
+			<td>DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892, CVE:CVE-2022-31474</td>
+			<td>N/A</td>
+			<td>Block</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="cd8db44032694fdf8d6e22c1bb70a463" />
+			</td>
+			<td>100527</td>
+			<td>Apache Struts - CVE:CVE-2021-31805</td>
+			<td>N/A</td>
+			<td>Block</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="0d838d9ab046443fa3f8b3e50c99546a" />
+			</td>
+			<td>100702</td>
+			<td>Command Injection - CVE:CVE-2022-24108</td>
+			<td>N/A</td>
+			<td>Block</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="533fbad558ce4c5ebcf013f09a5581d0" />
+			</td>
+			<td>100622C</td>
+			<td>Ivanti - Command Injection - CVE:CVE-2023-46805, CVE:CVE-2024-21887, CVE:CVE-2024-22024</td>
+			<td>N/A</td>
+			<td>Block</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="04176552f62f4b75bf65981206d0b009" />
+			</td>
+			<td>100536C</td>
+			<td>GraphQL Command Injection</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="25883bf28575433c952b830c1651d0c8" />
+			</td>
+			<td>100536</td>
+			<td>GraphQL Injection</td>
+			<td>N/A</td>
+			<td>Block</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="7b70da1bb8d243bd80cd7a73af00f61d" />
+			</td>
+			<td>100536A</td>
+			<td>GraphQL Introspection</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="58c4853c250946359472b7eaa41e5b67" />
+			</td>
+			<td>100536B</td>
+			<td>GraphQL SSRF</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="1c241ed5f5bd44b19e17476b433e5b3d" />
+			</td>
+			<td>100559A</td>
+			<td>Prototype Pollution - Common Payloads</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="af748489e1c2411d80d855954816b26f" />
+			</td>
+			<td>100559A</td>
+			<td>Prototype Pollution - Common Payloads - Base64</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>N/A</td>
+		</tr>
+	</tbody>
+</table>

src/content/docs/waf/change-log/scheduled-changes.mdx

@@ -25,63 +25,14 @@ import { RSSButton, RuleID } from "~/components";
 	</thead>
 	<tbody>
 		<tr>
-			<td>2025-03-17</td>
 			<td>2025-04-01</td>
+			<td>2025-04-07</td>
 			<td>Log</td>
-			<td>100732</td>
+			<td>100739A</td>
 			<td>
-				<RuleID id="8b8074e73b7d4aba92fc68f3622f0483" />
+				<RuleID id="9209bb65527f4c088bca5ffad6b2d36c" />
 			</td>
-			<td>Sitecore - Code Injection - CVE:CVE-2025-27218</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-03-17</td>
-			<td>2025-04-01</td>
-			<td>Log</td>
-			<td>100733</td>
-			<td>
-				<RuleID id="8350947451a1401c934f5e660f101cca" />
-			</td>
-			<td>
-				Angular-Base64-Upload - Remote Code Execution - CVE:CVE-2024-42640
-			</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-03-17</td>
-			<td>2025-04-01</td>
-			<td>Log</td>
-			<td>100734</td>
-			<td>
-				<RuleID id="a9ec9cf625ff42769298671d1bbcd247" />
-			</td>
-			<td>Apache Camel - Remote Code Execution - CVE:CVE-2025-29891</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-03-17</td>
-			<td>2025-04-01</td>
-			<td>Log</td>
-			<td>100735</td>
-			<td>
-				<RuleID id="3d6bf99039b54312a1a2165590aea1ca" />
-			</td>
-			<td>
-				Progress Software WhatsUp Gold - Remote Code Execution -
-				CVE:CVE-2024-4885
-			</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-03-21</td>
-			<td>2025-04-01</td>
-			<td>Log</td>
-			<td>100737</td>
-			<td>
-				<RuleID id="d104e3246dc14ac7851b4049d9d8c5f2" />
-			</td>
-			<td>Apache Tomcat - Remote Code Execution - CVE:CVE-2025-24813</td>
+			<td>Next.js - Auth Bypass - CVE:CVE-2025-29927 - 2</td>
 			<td>This is a New Detection</td>
 		</tr>
 	</tbody>

src/content/release-notes/waf.yaml

@@ -5,11 +5,14 @@ productLink: "/waf/"
 productArea: Application security
 productAreaLink: /fundamentals/reference/changelog/security/
 entries:
-  - publish_date: "2025-03-17"
-    scheduled_date: "2025-04-01"
+  - publish_date: "2025-04-01"
+    scheduled_date: "2025-04-07"
     individual_page: true
     scheduled: true
     link: "/waf/change-log/scheduled-changes/"
+  - publish_date: "2025-04-01"
+    individual_page: true
+    link: "/waf/change-log/2025-04-01/"
   - publish_date: "2025-03-22"
     individual_page: true
     link: "/waf/change-log/2025-03-22-emergency/"