Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coreruleset/coreruleset
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.18.0
Choose a base ref
...
head repository: coreruleset/coreruleset
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.19.0
Choose a head ref
  • 20 commits
  • 50 files changed
  • 11 contributors

Commits on Sep 3, 2025

  1. chore: post-release v4.19.0-dev (#4255) 

    Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
    @fzipi
    fzipi authored Sep 3, 2025
    Configuration menu
    Copy the full SHA
    a10582f View commit details
    Browse the repository at this point in the history

Commits on Sep 4, 2025

  1. chore: update linter and fix commit message passing (#4256) 

    Use single quotes to prevent RCE from commit messages, e.g., when the
commit message includes backticks around words, which would be run in a
subshell when inside double quotes.
    @theseion
    theseion authored Sep 4, 2025
    Configuration menu
    Copy the full SHA
    2bd0e9a View commit details
    Browse the repository at this point in the history

Commits on Sep 5, 2025

  1. fix: properly pass commit message (#4261) 

    Use single quotes to prevent RCE.
    @theseion
    theseion authored Sep 5, 2025
    Configuration menu
    Copy the full SHA
    39a7f30 View commit details
    Browse the repository at this point in the history

  2. fix: dont block .url file extension (#4259)

    @EsadCetiner
    EsadCetiner authored Sep 5, 2025
    Configuration menu
    Copy the full SHA
    cd15f8a View commit details
    Browse the repository at this point in the history

  3. fix(933135): wrong score variable (#4262)

    @touchweb-vincent
    touchweb-vincent authored Sep 5, 2025
    Configuration menu
    Copy the full SHA
    6fb9362 View commit details
    Browse the repository at this point in the history

  4. Update REQUEST-933-APPLICATION-ATTACK-PHP.conf (#4260) 

    Fix 933153

Co-authored-by: Franziska Bühler <franziska.buehler.schmocker@gmail.com>
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
    @touchweb-vincent @franbuehler @fzipi
    3 people authored Sep 5, 2025
    Configuration menu
    Copy the full SHA
    8edc58f View commit details
    Browse the repository at this point in the history

Commits on Sep 8, 2025

  1. fix(953100): remove generic SQLSTATE error codes causing false positi… 

    …ves (#4257)

* fix(953100): tighten SQLSTATE matching to avoid substring false positives

* Fix test id

* Rules refactoring

* Rules refactoring (delegated sql rules to 951100)

---------

Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
    @Elnadrion @fzipi
    Elnadrion and fzipi authored Sep 8, 2025
    Configuration menu
    Copy the full SHA
    6a6e3cd View commit details
    Browse the repository at this point in the history

Commits on Sep 9, 2025

  1. fix: update lfi-os-files.data (#4240) 

    * fix: update lfi-os-files.data

* update lfi-os-files.data

* added Rust based paths

* update restricted files
    @Xhoenix
    Xhoenix authored Sep 9, 2025
    Configuration menu
    Copy the full SHA
    d629ed0 View commit details
    Browse the repository at this point in the history

  2. feat: add stricter sibling 954101 to 954100 (#4258) 

    * feat: add stricter sibling 954101 to 954100

* chore(formatting): auto fixes from pre-commit hooks

for more information, see https://pre-commit.ci

* fix typos and pl

---------

Co-authored-by: franbuehler <franbuehler@Franziskas-MacBook-Air.local>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @franbuehler @pre-commit-ci
    3 people authored Sep 9, 2025
    Configuration menu
    Copy the full SHA
    1a59a19 View commit details
    Browse the repository at this point in the history

  3. fix(942550): cleanup regex (#3767) 

    * fix(942559): cleanup regex

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* fix: 3354

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* fix: update regex

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Apply suggestion from @Xhoenix

Co-authored-by: Xhoenix <86168235+Xhoenix@users.noreply.github.com>

* fix: apply regex update

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Apply suggestion from @EsadCetiner

Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>

* Apply suggestion from @theseion

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Apply suggestion from @theseion

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Apply suggestion from @theseion

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Apply suggestion from @fzipi

* Apply suggestion from @theseion

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* chore(formatting): auto fixes from pre-commit hooks

for more information, see https://pre-commit.ci

* test: add test with sql comments

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Apply suggestion from @Xhoenix

Co-authored-by: Xhoenix <86168235+Xhoenix@users.noreply.github.com>

* chore(formatting): auto fixes from pre-commit hooks

for more information, see https://pre-commit.ci

* fix: move lowercase from rule to regex

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Apply suggestions from code review

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* fix: remove optional spacing

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Apply suggestions from code review

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

---------

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Co-authored-by: Xhoenix <86168235+Xhoenix@users.noreply.github.com>
Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @fzipi @Xhoenix
    @EsadCetiner @theseion @pre-commit-ci
    5 people authored Sep 9, 2025
    Configuration menu
    Copy the full SHA
    21ab3ea View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2025

  1. fix:missing capture keyword (#4265) 

    You should not use %{TX.0} if capture if not defined.
    @touchweb-vincent
    touchweb-vincent authored Sep 17, 2025
    Configuration menu
    Copy the full SHA
    efc2676 View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2025

  1. fix:duplicate in sql-errors.data (#4266)

    @touchweb-vincent
    touchweb-vincent authored Sep 18, 2025
    Configuration menu
    Copy the full SHA
    8808f1c View commit details
    Browse the repository at this point in the history

Commits on Sep 22, 2025

  1. chore(deps): update owasp/modsecurity-crs:apache docker digest to bce… 

    …e05a in tests/docker-compose.yml (#4269)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] authored Sep 22, 2025
    Configuration menu
    Copy the full SHA
    f5d4848 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update owasp/modsecurity-crs:nginx docker digest to 0742… 

    …d36 in tests/docker-compose.yml (#4270)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] authored Sep 22, 2025
    Configuration menu
    Copy the full SHA
    c8faf71 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2025

  1. refactor: 920340 - delete 920341 (#4268) 

    * refactor: 920340 - delete 920341

* Update 920340.yaml

* Delete tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920341.yaml

* Update REQUEST-920-PROTOCOL-ENFORCEMENT.conf

* Update REQUEST-920-PROTOCOL-ENFORCEMENT.conf

* Update REQUEST-920-PROTOCOL-ENFORCEMENT.conf

* Update 920340.yaml

* Update 920340.yaml

* Update tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

* Update tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>

---------

Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
    @touchweb-vincent @theseion
    touchweb-vincent and theseion authored Sep 23, 2025
    Configuration menu
    Copy the full SHA
    7f174a0 View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2025

  1. fix: reduce false positives with php response rules (#4272) 

    * fix: reduce false positives with php response rules

* fix: reduce false positives with php response rules

* fix: reduce false positives with php response rules

* fix: reduce false positives with php response rules

* apply suggestions from review

* chore(formatting): auto fixes from pre-commit hooks

for more information, see https://pre-commit.ci

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
    @EsadCetiner @pre-commit-ci
    EsadCetiner and pre-commit-ci[bot] authored Sep 26, 2025
    Configuration menu
    Copy the full SHA
    b015ad4 View commit details
    Browse the repository at this point in the history

Commits on Sep 28, 2025

  1. fix: don't block on all question marks (942550 PL-1) (#4264) 

    Co-authored-by: Xhoenix <86168235+Xhoenix@users.noreply.github.com>
Co-authored-by: azurit <jozef@sudolsky.sk>
    @EsadCetiner @Xhoenix @azurit
    3 people authored Sep 28, 2025
    Configuration menu
    Copy the full SHA
    511b44f View commit details
    Browse the repository at this point in the history

Commits on Oct 1, 2025

  1. fix: documentation typos (#4275)

    @Elnadrion
    Elnadrion authored Oct 1, 2025
    Configuration menu
    Copy the full SHA
    1e4d30f View commit details
    Browse the repository at this point in the history

  2. feat: add application/reports+json content-type header (#4274)

    @Elnadrion
    Elnadrion authored Oct 1, 2025
    Configuration menu
    Copy the full SHA
    a1f5e14 View commit details
    Browse the repository at this point in the history

Commits on Oct 2, 2025

  1. chore: release v4.19.0 (#4276) 

    * chore: release v4.19.0

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>

* Update CONTRIBUTORS.md

Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>

---------

Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
Co-authored-by: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
    @fzipi @EsadCetiner
    fzipi and EsadCetiner authored Oct 2, 2025
    Configuration menu
    Copy the full SHA
    5a9e41c View commit details
    Browse the repository at this point in the history
Loading