search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
284 stars 35 forks source link

chore(deps): bump github.com/corazawaf/coraza/v3 from 3.1.0 to 3.2.1 #159

Open dependabot[bot] opened 1 week ago

dependabot[bot] commented 1 week ago

Bumps github.com/corazawaf/coraza/v3 from 3.1.0 to 3.2.1.

Release notes

Sourced from github.com/corazawaf/coraza/v3's releases.

Coraza 3.2.1

This is a quick patch release to fix a potential data race that was noticed right after v3.2.0 (Thanks @​MarcWort for reporting it!) and a minor fix about logging.

What's Changed

Full Changelog: https://github.com/corazawaf/coraza/compare/v3.2.0...v3.2.1

Version 3.2.0

Coraza v3.2.0 comes with:

  • Support for SecRuleUpdateTargetByTag, Base64DecodeExt, extended support for ranges of IDs with SecRuleUpdateTargetByID.
  • Support for case-sensitive matching for ARGS keys. It currently comes under the coraza.rule.case_sensitive_args_keys. Mind that, in compliance with RFC 3986 specification, it is planned to become the default behavior starting from the next major version.
  • Support for auditlog formatters for tinygo builds.
  • Various bug fixes, among other things, around log generation and Coraza middleware.
  • Performance implements and reduced memory allocation mostly thanks to @​noboruma.
  • Updated CRS support to the latest CRS v4.3.0 version.

What's Changed

... (truncated)

Commits
  • aaf4413 fix: makes max size log message CRS correlation rule friendly (#1085)
  • 060b8ff fix: race condition on StrID (#1084)
  • 7c91e8c chore: updates CRS tests to CRS4.3 (#1081)
  • 417f112 fix(deps): update module github.com/rs/zerolog to v1.33.0 (#1073)
  • e42dcd5 fix: setters of INBOUND_DATA_ERROR and OUTBOUND_DATA_ERROR (#1078)
  • 74ec8de fix(deps): update module golang.org/x/net to v0.26.0 (#1075)
  • 5ff4a3f fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.1 (#1079)
  • cd2d3c4 fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.0 (#1076)
  • 5e4a004 fix: logs multiple vars matched by same rule (#1074)
  • 711e4a4 feat: add support for case sensitive args (#1059)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
sonarcloud[bot] commented 1 week ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud