dune73
commented
5 years ago Decisions
- @fgs needs some additional days to finish the immediate ReDoS work. We'll release 3.1.1 afterwards.
- Rest of the team supports him with tests
- @emphazer will continue to develop tests. We welcome as many tests as we can have for the time being.
- @fzipi and @airween and @emphazer form a little team to close gaps with our test tool FTW, namely when it comes to detect ReDoS.
- PR #1392 is welcome
- PR #1364 Fix indentation and python version in crs2-renumbering script - will be fixed by @csanders and merged by @lifeforms
- We will merge #1327 and remove old and unwanted constructs
- Testing: We will run multiple dockers in parallel vs ModSec 2 and ModSec 3 on Travis. If that is a performance problem we will look into the free offer Christian got by a Swiss startup. (Lots of support for this idea)
-
1371 is meant to detect ReDoS. It will be transformed into a base to use various ways to detect ReDoS. @airween and @fzipi have their approaches as well. This is all going to be merged into this.
- Open issues piling up quickly again. Assigning some of them to volunteers...
- We are solving issue #1346 by creating symlinks and be done with it for now.
- Swag is on it's way thanks to @fzipi. @dune73 will support with an account.
CanadianJeff
This is the Agenda for the Monthly CRS Chat.
The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, May 6, at 20:30 CET.
Items on the Agenda:
ReDoS and 3.1.1 release
PRs
1392 (new WAF bypass)
Other items
Feel free to add items as you see fit either above, or below as comments.
If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNDI5MzgxMDQ2MTAwLTEyNzIzYWQ2NDZiMGIwNmJhYzYxZDJiNTM0ZmZiZmJlY2EwZmMwYjAyNmJjNzQxNzMyMWY4OTk3ZTQ0MzFhMDY