This is the Agenda for the Monthly CRS Chat.

The chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2025-09-01, at 20:30 CET (CEST during summer in the Northern Hemisphere). That's the 1st Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).

Archived previous meetings and their decision are here.

What happened in the meantime since the chat last month

Outside Development

• 📝 Blog post: CRS dev franbuehler joins netnea, the company of dune73
• 💡 @fzipi will be presenting the work in the new CRS Language in OWASP Global AppSec DC along with Agustin De Leon
• 🎉 New ModSecurity + CRS OWASP Project: https://wafcontrol.org/:

  OWASP Wafcontrol is an open-source dashboard that simplifies the installation, configuration, and management of ModSecurity and the OWASP Core Rule Set. It provides full visibility, automation, and control over your WAF.

Inside Development

Rules

• FIXME: Please fill in

CRS Sandbox

• No news here.

Security

• No news here.

Plugins

• FIXME: Please fill in

Documentation and Public Relations

• FIXME: Please fill in

Project Administration and Sponsor relationships

• We are in the process of renewing sponsorship from Google, and they were invited to be part of the developer retreat.

Tools

• Fixed version detection in crs-linter for releases

Containers

• We extended latest container versions to support previous major release v3.3.7 and we also pushed changes to make it easier to update older versions. 🎉

Rules development, key project numbers

PRs that have been merged since the last meeting

• chore: post-release v4.20.0-dev #4277
• chore: release v4.19.0 #4276
• feat: whitelist application/csp-report content-type header #4274
• fix: documentation typos #4275
• fix: don't block on all question marks (942550 PL-1) #4264
• fix: reduce false positives with php response rules #4272
• refactor: 920340 - delete 920341 #4268
• chore(deps): update owasp/modsecurity-crs:nginx docker digest to 0742d36 in tests/docker-compose.yml #4270
• chore(deps): update owasp/modsecurity-crs:apache docker digest to bcee05a in tests/docker-compose.yml #4269
• fix: missing capture action #4265
• fix: duplicate in sql-errors.data #4266

We merged 11 PRs since the last monthly project chat.

Open PRs

Open PRs marked DRAFT or work in progress or needs action

• chore: 920190 bypass #4278
• chore(deps): update owasp/modsecurity-crs:nginx docker digest to 3b6edff in tests/docker-compose.yml #4280
• chore(deps): update owasp/modsecurity-crs:apache docker digest to 2c61e50 in tests/docker-compose.yml #4279
• fix: add separate rule to match unix commands with no arguments #4273
• fix: remove non-unix commands from unix rce rules (932230 PL-1, 932235 PL-1, 932250 PL-1, 932260 PL-1, 932220 PL-2, 932236 PL-2, 932239 PL-2, 932237 PL-3) #4247
• fix(security): resolve SQL injection protection bypass (942380 PL2) #3720
• feat: updated unix shell builtins #4271
• fix(932205): remove dot star #4168
• fix(942360): update sqli payloads #4238
• feat: added detection for quote evasion #3813
• fix(932130): use lazy regex #3730
• fix(942200): False Positive #4236
• chore: add quant as comment #3925
• fix(934140): update perl interpolation regex #4250

How to get to our slack and join the meeting?

If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .

Everybody is welcome to join our community chat.