Swag on red bubble is launched, but we need to advertise and integrate into website
See https://www.redbubble.com/people/fzipi/collections/1148737-owasp-core-rule-set and click "show all products" near the lower left corner. It's quite a selection and maybe we should pick a few things and put them on our website prominently.
CRS community summit in Amsterdam (2019-09-25, afternoon)
More than 30 invitations have been sent out.
Preliminary roll call
Idea to rent an AB&B apartment together
Reaching out to Mitre because of the CVEs
Contacts established, but then no more response from Mitre. Need to ping.
Feel free to add items as you see fit either above, or below as comments.
@dune73 takes care of #1490, which we think merge-worthy
There is going to be a new nodejs rule file and #1487 will be the first addition
We generally want to get better coverage of modern things like node
1484 will be merged as is
1467 is being closed in favor of an alternative approach by @csanders-git
@allanbomsft and @csanders-git will work on a blog post about quick FTW tests against custom branches on docker
We give up on #1445
@airween will do a PR that adds a tag OWASP_CRS to all rules and solves the problem that #1445 attempted to solve. He will do so with the help of a new tool that can parse CRS rules and export it again.
@lifeforms volunteers to be 3.2 release manager. The release date is meant to be September 25, the CRS community summit!
Release plan: Merge freeze on Aug 19, RC1 on Aug 26, RC2 on Sep 8, release on Sep 24.
The following issues point to big holes in ModSecurity and there is nothing we can really do about it.
SpiderLabs/ModSecurity#2136
SpiderLabs/ModSecurity#1576
@dune73 will do a swag doodle and we will do a bulk order that Walter will deliver to the Community Summit in Amsterdam.
Community Summit Roll call:
@csanders-git : rather not
@emphazer : rather yes
@franbuehler : yes
@lifeforms : yes
@dune73 : yes
@fzipi : yes
@airween: yes
@theMiddleBlue : maybe
@fgs: maybe
@spartantri : unknown
@dune73 will look into an option to rent an appartment for the team via AirBnB for the whole conference. From Wed to Sat.
This is the Agenda for the Monthly CRS Chat.
The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, August 5, at 20:30 CET.
Items on the Agenda:
PRs
1490 Add PUBLIC identifier for XML entities
1487 some node.js unserialization + javascript RCE snippets
1484 Drop unneeded unicode from 941110
1467 Simpler regression test Docker image
1445 replace ctl:ruleRemoveTargetByTag=CRS with ruleRemoveTargetById (onHold)
Other items
Feel free to add items as you see fit either above, or below as comments.
If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNjExMTc3MTg0MzU4LTViMDg1MmJiMzMwZGUxZjgxZWQ1MTE0NTBlOTBhNjhhZDIzZTZiNmEwOTJlYjdkMzAxMGVhNDkwNDNiNjZiOWQ . Everybody is welcome to join our community chat.