This is the OWASP ModSecurity Core Rule Set version 3.3.5.
Important changes:
Important changes:
- Backport fix for CVE-2023-38199 from CRS v4 via new rule 920620 (Andrea Menin, Felipe Zipitría)
- Fix paranoia level-related scoring issue in rule 921422 (Walter Hop)
- Move auditLogParts actions to the end of chained rules where used (Ervin Hegedus)
- Clean up redundant paranoia level tags (Ervin Hegedus)
- Clean up YAML test files to support go-ftw testing framework (Felipe Zipitría)
- Move testing framework from ftw to go-ftw (Felipe Zipitría)