|
From: Christian F. <chr...@ne...> - 2021-06-30 14:30:55
|
Dear all, The OWASP ModSecurity Core Rule Set team has published the following releases: * v3.3.2 (supported) * v3.2.1 (supported) * v3.1.2 (EOL) All these releases are meant to fight CVE-2021-35368, a CRS request body bypass vulnerability. Details about the vulnerability as well as links to release files and changelog can be found here: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ Please note that this is a CRS problem and has nothing to do with the engine ModSecurity. The changeset is minimal, so an update should be smooth. Best regards, Christian Folini, CRS Co-Lead -- Had I been present at the creation, I would have given some useful hints for the better ordering of the universe. -- Alfonso the Wise, 1221 - 1284 |
