SpiderLabs / owasp-modsecurity-crs

OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)

https://modsecurity.org/crs

Apache License 2.0

2.45k stars 726 forks source link

March monthly meeting agenda #1026

Closed csanders-git closed 6 years ago

csanders-git commented 6 years ago

[x] Adding modsecurity v3 support to testing env
[x] #990 java attacks
[x] CRS Summit in AppSec EU?
[x] #1013 FP resolution
[x] #1010 Nextcloud
[x] #994 File detection
[x] #989 regression test fixes
[x] remaining @azhao155 issues
[x] #896 command injection update.
[x] CRS 3.1 release date.
[ ] Upgrades to how we handle tickets
[ ] GeoIP legacy format reaching EOL

spartantri commented 6 years ago

990 java attacks

ffichter commented 6 years ago

Support for the new MaxMind format? Since the GeoLite Legacy databases updates are discontinued as of April 1, 2018 (https://dev.maxmind.com/geoip/geoip2/geolite2/)

dune73 commented 6 years ago

I agree with @ffichter this is a hard problem. It's one that ModSecurity needs to solve though. But given the size of the problem we should at least discuss a position for the project that we write down for our users.

fzipi commented 6 years ago

CRS Summit in AppSec EU?