This is the CRS newsletter covering the period from Early April until May 7th.
We held our monthly community chat. It is a busy time so we had quite a few people unavailable. Thanks to all those who attended: - csanders - Oladon_work - lifeforms - emphazer - franbuehler - squared Our agenda from before the chat is available here <https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1077>. During the chat we discussed the following: - *Travis fails due to docker issues*. This was an issued which csanders worked to resolve before the meeting. It was due to a change in the underlying CRS maintained ModSecurity Docker image (modsecurity-docker #7 <https://github.com/CRS-support/modsecurity-docker/pull/7>). While this reduced the size of the underlying image it removed certificates needed query github, which ended up causing builds to fail. - *Review of PR #1076 <https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1076> for inclusion in 3.1*: franbuehler and lifeforms had looked at the PR and agreed it added features needed for 3.1. They both said they would test more in the coming weeks to ensure it made it into 3.1 with minimal impact. squared said he would test this to ensure it worked with libmodsecurity. - *Release of 3.1*: It was suggested previously that we'd have a hard code stop on 3.1 features on May 7th if we were ready. We decided that the features we were preparing should make it into 3.1, but nothing after that. These features included PR #1076 <https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1076> (additional monitoring or hybrid paranoia level settings), #1045 <https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1045> (malicious file upload detection) and CPanel rule exclusions. emphazer said he would work on the CPanel rules within the next two weeks. It was agreed that PR 1076 could be completed within two weeks likely. At this time we'd generate an RC1 of CRS 3.1 - *Other open PRs*: csanders had closed a number of the lingering test related issues that were blocking 3.1 release. He also committed to fixing the NGINX docker image before the 3.1 release. Franbuehler had reviewed #1045 <https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1045>, she had found some issues that were acknowledged by spartantri that needed to be addressed before a merge. - *Community Summit on July 4*: Dune73 has been working in the backend to coordinate this event. It is coming along nicely a dozen confirmed participants from various companies. CPanel has committed to sponsor the dinner (thanks CPanel). Official registration will be open soon via AppSecEU website. *Announcements:* - *Franbuehler gave a talk about ModSec CRS in DevOps last week at the DevOpsDays ZH (Zurich), slides forthcoming, an associated git repo can be found here <https://github.com/franbuehler/modsecurity-crs-rp>.* *The next community chats will be held on the following dates:* - June 4, 2018 20:30 CET - Live at AppSecEU and Online July 4th, 2018 14:30 CET **Time Change** - Aug 6, 2018 20:30 CET -- -- Chaim Sanders http://www.ChaimSanders.com
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set