You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-04-01, at 20:30 CET. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2024-04-15. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).
Archived previous meetings and their decision are here.
What happend in the meantime since the chat last month
We are testing the Alpine Apache image using the CIS Benchmark for Apache
Now apache and nginx images run using unprivileged users
CRS Status Page
No progress
Project discussions and decisions
#3623 -> do we want to handle this long accept-encoding header in CRS and allow a value of 100 instead of 50 OR do we say that the user has to write an exclusion rule for this exotic use-case?
release policy - we need to update the existing policy to reflect what we are pushing now.
Azurit has a series of additional plugins he wants to bet listed or made official. How do we go about this in an effective manner?
OWASP summit / CRS retreat
🔵 Decision: CRS would participate the official OWASP summit as a project. We hope for some exchange with other projects, but we really want to work on CRS as productively as possible.
Mozlila User Agent
🔵 Decision: We want to block this. We don't see it as legitimate.
Disable FW prevention
🔵 Decision: no agreement on this question tonight. We need more time to think about this and then take it into the Agenda in May.
CIS Benchmark for Apache Docker Container
🔵 Decision: Everything that can not obviously be exploited should be left as per default because anything we change we will have to maintain. @dune73 will try to get the low hanging fruits sorted and then maybe add documentation to talk about hardening.
This is the Agenda for the two Monthly CRS Chats.
The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-04-01, at 20:30 CET. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2024-04-15. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).
Archived previous meetings and their decision are here.
What happend in the meantime since the chat last month
Outside development
Inside development
Rules
CRS Sandbox
Security
Plugins
Documentation and Public Relations
Project Administration and Sponsor relationships
Tools
Testing incl. Seaweed and many future plans
Containers
CRS Status Page
Project discussions and decisions
Rules development, key project numbers
PRs that have been merged since the last meeting
paths
child #3621\v
#3615We merged 21 PRs since the last monthly project chat.
Open PRs
Open PRs marked DRAFT or work in progress or needs action
feat: Split Node-Validator keywords functionally #2637
feat: auto-sync to coreruleset/documentation #3292
fix: add missing roundcube files (930120 PL-1, 930121 PL-2, 930130 PL-1, 932180 PL-1) #3635
feat: commenting out unneeded PL skipping rules to gain performance #3595
fix: adjust the order of t:urlDecodeUni and t:utf8toUnicode in 941160 PL1 #3450
As of Monday, we have FIXME open issues.
As of Monday, we have FIXME open pull requests.
Separate 2nd Meeting (Monday, 2024-FIXME)
How to get to our slack and join the meeting?
If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .
Everybody is welcome to join our community chat.
The text was updated successfully, but these errors were encountered: