The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, May 6, at 20:30 CET.
Items on the Agenda:
ReDoS and 3.1.1 release
Status of the work vs the CVEs and the release plan
PRs
Huge groups of new tests by emphazer
1392 (new WAF bypass)
Other items
Status of our test suite on ModSec 3
Swag data files have been merged to the the OWASP swag project. Next step is an account and then we can start to print sickers and hoodies and shirts etc.
Feel free to add items as you see fit either above, or below as comments.
@fgs needs some additional days to finish the immediate ReDoS work. We'll release 3.1.1 afterwards.
Rest of the team supports him with tests
@emphazer will continue to develop tests. We welcome as many tests as we can have for the time being.
@fzipi and @airween and @emphazer form a little team to close gaps with our test tool FTW, namely when it comes to detect ReDoS.
PR #1392 is welcome
PR #1364 Fix indentation and python version in crs2-renumbering script - will be fixed by @csanders and merged by @lifeforms
We will merge #1327 and remove old and unwanted constructs
Testing: We will run multiple dockers in parallel vs ModSec 2 and ModSec 3 on Travis. If that is a performance problem we will look into the free offer Christian got by a Swiss startup. (Lots of support for this idea)
1371 is meant to detect ReDoS. It will be transformed into a base to use various ways to detect ReDoS. @airween and @fzipi have their approaches as well. This is all going to be merged into this.
Open issues piling up quickly again. Assigning some of them to volunteers...
We are solving issue #1346 by creating symlinks and be done with it for now.
Swag is on it's way thanks to @fzipi. @dune73 will support with an account.
This is the Agenda for the Monthly CRS Chat.
The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, May 6, at 20:30 CET.
Items on the Agenda:
ReDoS and 3.1.1 release
PRs
1392 (new WAF bypass)
Other items
Feel free to add items as you see fit either above, or below as comments.
If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNDI5MzgxMDQ2MTAwLTEyNzIzYWQ2NDZiMGIwNmJhYzYxZDJiNTM0ZmZiZmJlY2EwZmMwYjAyNmJjNzQxNzMyMWY4OTk3ZTQ0MzFhMDY