GitHub migration scheduled for March 18 had to be cancelled / postponed. TW and CRS do not agree on the procedure. Migration team: @dune73, @lifeforms and @fzipi.
Feel free to add items as you see fit either above, or below as comments.
Open Issues
In January 2020, we decided to look into 10 issues at the chat every month. But only after the Other items. Pick the issues before the meeting and list them below.
1707 - @lifeforms did not have the time. This issue remains open.
1708 - no relevant progress here
1710 - @franbuehler will review this PR
1717 - @franbuehler did not have the time. This issue remains open.
1721 - merged
1732 - merged
1734 - @franbuehler and @lifeforms will test this rule in production.
PRs on hold
1602 - we will ask @theMiddleBlue what the matter with his PR is
1663 - on hold with @dune73
1674 - on hold with @dune73
1667 - on hold on request of @fzipi
Other Items
Travis doesn't run on new PRs. @theMiddleBlue will troubleshoot this.
GitHub migration scheduled for March 18 had to be cancelled / postponed. TW and CRS do not agree on the procedure. Migration team: @dune73, @lifeforms and @fzipi: "We think we are almost there with the migration script."
Release schedule for 3.3: @lifeforms was thinking of RCs around 23 May, 6 June, then release 16 June for instance. @dune73: "So let's see one month from now, confirm your schedule or we re-schedule. I think June makes a lot of sense in the long run. Close to a 9 month schedule, also if we do 3.4 for Dublin next winter." So we will see.
Issues
It was already late. We did not talk about new issues.
This is the Agenda for the Monthly CRS Chat.
The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, April 6, at 20:30 CET.
Items on the Agenda:
Previous Meetings decisions: here
PRs
1707 New ldap injection rule 921200 (fixes issue #276)
1708 Perf issue with regexes that start with repeating digits
1710 Add word boundaries around values in SQL tautologies (942130)
1717 Remove MIME Attribute from application/soap+xml Rule 900220
1721 Add Content-Type: multipart/related as allowed default
1732 Make severities and scores consistent
1734 Fix content type whitelist
PRs on hold
1602 932200: PL1 RCE bypass uninitialized variable (DRAFT) (Has been in need of action for a long time)
1616 Revert #578 (Needs action)
1663 RE2 compatibility for 920120 (no feedback from CDN unfortunately)
1667 Remove /util/docker folder from v3.3/dev branch (now in dedicated repo) (In progress)
1674 Extend sql having in rule 942230 (no feedback from CDN unfortunately)
1690 Update REQUEST-920-PROTOCOL-ENFORCEMENT.conf (Needs action)
Other items
Feel free to add items as you see fit either above, or below as comments.
Open Issues
In January 2020, we decided to look into 10 issues at the chat every month. But only after the Other items. Pick the issues before the meeting and list them below.
If you are not yet on the OWASP Slack, here is your invite: https://join.slack.com/t/owasp/shared_invite/enQtNjExMTc3MTg0MzU4LWQ2Nzg3NGJiZGQ2MjRmNzkzN2Q4YzU1MWYyZTdjYjA2ZTA5M2RkNzE2ZjdkNzI5ZThhOWY5MjljYWZmYmY4ZjM . Everybody is welcome to join our community chat.