Category:OWASP ModSecurity Core Rule Set Project - ModSecurity 2.0.7 - Notes

Version 2.0.7 - 06/4/2010 --

Improvements: - Added CSRF Protection Ruleset which will use Content Injection to add javascript to  specific outbound data and then validate the csrf token on subsequent requests. - Added new Application Defect Ruleset which will identify/fix missing HTTPOnly cookie flags - Added Experimental XSS/Missing Output Escaping Ruleset which looks for user supplied data being echoed back to user unchanged. - Added rules-updater.pl script and configuration file to allow users to automatically download CRS rules from the CRS rules repository. - Added new SQLi keyword for ciel and reverse functions. - Updated the PHPIDS filters

Bug Fixes: - Fixed false positives for Request Header Name matching in the 30 file by   adding boundary characters. - Added missing pass actions to @pmFromFile prequalifier rules - Added backslash to SQLi regex https://www.modsecurity.org/tracker/browse/CORERULES-41 - Fixed hard coded anomaly score in PHPIDS filter file https://www.modsecurity.org/tracker/browse/CORERULES-45 - Fixed restricted_extension false positive by adding boundary characters