The CRS project has always been in a somewhat continuos development model. In general this becomes very problematic as the team does not package the software for different distro¹s. If you would like to see CRS updated in your distro, please do encourage the packager to upgrade. As a rule of thumb starting with 3.0 (Which is forthcoming) we will try to provide more solid versioning.
On 3/7/16, 5:26 PM, "[email protected] on behalf of Brian Davis (bridavis)" <[email protected] on behalf of [email protected]> wrote: >Thanks, Athmane. > >One question, what is mod_security_crs package at 2.2.6 while the Git repo >is at 2.2.9? > >Thanks, >Brian > >On 3/7/16, 7:00 AM, >"[email protected] on behalf of >[email protected]" ><[email protected] on behalf of >[email protected]> wrote: > >>Send Owasp-modsecurity-core-rule-set mailing list submissions to >> [email protected] >> >>To subscribe or unsubscribe via the World Wide Web, visit >> http://scanmail.trustwave.com/?c=4062&d=44be1sNUaV9vNA9G3yRDc8FWV2nKlV1_ >>N__ov2DZFA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2 >>fowasp-modsecurity-core-rule-set >> >>or, via email, send a message with subject or body 'help' to >> [email protected] >> >>You can reach the person managing the list at >> [email protected] >> >>When replying, please edit your Subject line so it is more specific >>than "Re: Contents of Owasp-modsecurity-core-rule-set digest..." >> >> >>Today's Topics: >> >> 1. Re: ARGS against PUT (was Re: Owasp-modsecurity-core-rule-set >> Digest, Vol 83, Issue 8) (Athmane Madjoudj) >> >> >>---------------------------------------------------------------------- >> >>Message: 1 >>Date: Sun, 6 Mar 2016 22:48:25 +0100 >>From: Athmane Madjoudj <[email protected]> >>To: "Brian Davis (bridavis)" <[email protected]> >>Cc: "[email protected]" >> <[email protected]> >>Subject: Re: [Owasp-modsecurity-core-rule-set] ARGS against PUT (was >> Re: Owasp-modsecurity-core-rule-set Digest, Vol 83, Issue 8) >>Message-ID: >> <caov0wtpoyr-mmufvuxpbuho-kqe_rxotxq2hegg7x7tnrto...@mail.gmail.com> >>Content-Type: text/plain; charset=UTF-8 >> >>Hi Brian, >> >>On Sun, Mar 6, 2016 at 4:49 PM, Brian Davis (bridavis) >><[email protected]> wrote: >>> (For some reason I didn?t get the direct email response.) >>> >>> After doing some more research, I think it?s relates to the fact that >>>the >>> <script> is in a JSON payload, and it turns out I?m not running a >>>recent >>> enough version of mod security which supports JSON parsing. CentOS 7.1 >>>is >>> only packaging 2.7.3, where as JSON parser comes in 2.8. >>> >>> I?m working on manually upgrading and trying again to see if that >>>helps. >> >>You may use this repo which is the same package version as Fedora >>development branch. >> >>http://scanmail.trustwave.com/?c=4062&d=44be1sNUaV9vNA9G3yRDc8FWV2nKlV1_N >>_2-t2mMGg&s=5&u=https%3a%2f%2fcopr%2efedorainfracloud%2eorg%2fcoprs%2fath >>mane%2fmod%5fsecurity%2f >> >> >>Best regards. >> >>- Athmane >> >> >>------------------------------ >> >>_______________________________________________ >>Owasp-modsecurity-core-rule-set mailing list >>[email protected] >>http://scanmail.trustwave.com/?c=4062&d=44be1sNUaV9vNA9G3yRDc8FWV2nKlV1_N >>__ov2DZFA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2f >>owasp-modsecurity-core-rule-set >> >> >>End of Owasp-modsecurity-core-rule-set Digest, Vol 83, Issue 14 >>*************************************************************** > >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >[email protected] >http://scanmail.trustwave.com/?c=4062&d=44be1sNUaV9vNA9G3yRDc8FWV2nKlV1_N_ >_ov2DZFA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow >asp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
