This is a quick patch release to fix a potential data race that was noticed right after v3.2.0 (Thanks @MarcWort for reporting it!) and a minor fix about logging.
What's Changed
- fix: race condition on StrID by @M4tteoP in https://github.com/corazawaf/coraza/pull/1084
- fix: makes max size log message CRS correlation rule friendly by @M4tteoP in https://github.com/corazawaf/coraza/pull/1085
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.2.0...v3.2.1
coraza
- Version 3.2.0
Published by M4tteoP 4 months ago
Coraza v3.2.0 comes with:
- Support for
SecRuleUpdateTargetByTag,Base64DecodeExt, extended support for ranges of IDs withSecRuleUpdateTargetByID. - Support for case-sensitive matching for
ARGSkeys. It currently comes under thecoraza.rule.case_sensitive_args_keys. Mind that, in compliance with RFC 3986 specification, it is planned to become the default behavior starting from the next major version. - Support for auditlog formatters for tinygo builds.
- Various bug fixes, among other things, around log generation and Coraza middleware.
- Performance implements and reduced memory allocation mostly thanks to @noboruma.
- Updated CRS support to the latest CRS v4.3.0 version.
What's Changed
- fix(deps): update module github.com/tidwall/gjson to v1.17.1 by @renovate in https://github.com/corazawaf/coraza/pull/1004
- fix(deps): update module golang.org/x/net to v0.22.0 by @renovate in https://github.com/corazawaf/coraza/pull/1011
- feat: expose expected directives for e2e test by @fionera in https://github.com/corazawaf/coraza/pull/1012
- avoid executing costly With if noop logger by @noboruma in https://github.com/corazawaf/coraza/pull/1015
- tests: covers eq operator. by @jcchavezs in https://github.com/corazawaf/coraza/pull/1002
- fix: RegisterWriter/RegisterFormatter case insensitive by @M4tteoP in https://github.com/corazawaf/coraza/pull/1026
- feat: Implements SecRuleUpdateTargetByTag, extends ByID with ranges by @M4tteoP in https://github.com/corazawaf/coraza/pull/1020
- tests: covers zero case in eq operator. by @jcchavezs in https://github.com/corazawaf/coraza/pull/1029
- feat: registers
RegisterFormatters for tinygo by @M4tteoP in https://github.com/corazawaf/coraza/pull/1027 - fix(deps): update module golang.org/x/net to v0.23.0 by @renovate in https://github.com/corazawaf/coraza/pull/1033
- Fix: audit logs RelevantOnly match if interruption happens by @M4tteoP in https://github.com/corazawaf/coraza/pull/1025
- tests: adds logs for unexpected status code. by @jcchavezs in https://github.com/corazawaf/coraza/pull/1037
- fix(deps): update module golang.org/x/net to v0.24.0 by @renovate in https://github.com/corazawaf/coraza/pull/1035
- cache Rule ID string version by @noboruma in https://github.com/corazawaf/coraza/pull/1039
- chore: adds fs access check at startup time by @M4tteoP in https://github.com/corazawaf/coraza/pull/1030
- Add support for Base64DecodeExt by @soujanyanmbri in https://github.com/corazawaf/coraza/pull/1046
- fix: FuzzB64Decode regexp match for fuzzing by @fzipi in https://github.com/corazawaf/coraza/pull/1054
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 in /testing/coreruleset in the go_modules group across 1 directory by @dependabot in https://github.com/corazawaf/coraza/pull/1043
- fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.13.4 by @renovate in https://github.com/corazawaf/coraza/pull/1001
- fix(deps): update module github.com/petar-dambovaliev/aho-corasick to v0.0.0-20240411101913-e07a1f0e8eb4 by @renovate in https://github.com/corazawaf/coraza/pull/1057
- feat: add new maps with case sensitive keys by @fzipi in https://github.com/corazawaf/coraza/pull/1055
- fix: http parameter pollution test cases by @fzipi in https://github.com/corazawaf/coraza/pull/1058
- fix(deps): update module golang.org/x/sync to v0.7.0 by @renovate in https://github.com/corazawaf/coraza/pull/1034
- fix(deps): update module golang.org/x/net to v0.25.0 by @renovate in https://github.com/corazawaf/coraza/pull/1060
- fix: RemoveTargetById Args in multiphase mode by @M4tteoP in https://github.com/corazawaf/coraza/pull/1061
- fix: headers leaked during interruptions at phase 3/4 by @M4tteoP in https://github.com/corazawaf/coraza/pull/1062
- chore: deletes content temporary file on close. by @jcchavezs in https://github.com/corazawaf/coraza/pull/924
- chore: upgrades to CRS 4.1. by @jcchavezs in https://github.com/corazawaf/coraza/pull/1032
- chore: updates CRS tests to CRS4.2 by @M4tteoP in https://github.com/corazawaf/coraza/pull/1066
- fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.14.0 by @renovate in https://github.com/corazawaf/coraza/pull/1067
- feat: add support for case sensitive args by @fzipi in https://github.com/corazawaf/coraza/pull/1059
- fix: logs multiple vars matched by same rule by @M4tteoP in https://github.com/corazawaf/coraza/pull/1074
- fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.0 by @renovate in https://github.com/corazawaf/coraza/pull/1076
- fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.1 by @renovate in https://github.com/corazawaf/coraza/pull/1079
- fix(deps): update module golang.org/x/net to v0.26.0 by @renovate in https://github.com/corazawaf/coraza/pull/1075
- fix: setters of INBOUND_DATA_ERROR and OUTBOUND_DATA_ERROR by @M4tteoP in https://github.com/corazawaf/coraza/pull/1078
- fix(deps): update module github.com/rs/zerolog to v1.33.0 by @renovate in https://github.com/corazawaf/coraza/pull/1073
- chore: updates CRS tests to CRS4.3 by @M4tteoP in https://github.com/corazawaf/coraza/pull/1081
New Contributors (thanks a lot!)
- @fionera made their first contribution in https://github.com/corazawaf/coraza/pull/1012
- @noboruma made their first contribution in https://github.com/corazawaf/coraza/pull/1015
- @soujanyanmbri made their first contribution in https://github.com/corazawaf/coraza/pull/1046
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.1.0...v3.2.0
coraza
- Version 3.1.0
Published by jcchavezs 9 months ago
This is a new minor version release with emphasis in improving the overall logging experience, fixes for interoperability of the http middleware with other middlewares, better defaults, various fixes and a few new features like the uppercase transformation, the raw body processor (both thanks to @blotus) and a way to pass a context into a transaction to be later retrieved the error log callback.
What's Changed
- chore: improve GetField logic by @jptosso in https://github.com/corazawaf/coraza/pull/897
- chore: setvar minor fix, tests, added warning when missing variable, deprecates usage of tx.LogData by @M4tteoP in https://github.com/corazawaf/coraza/pull/892
- chore: fixes audit log. by @jcchavezs in https://github.com/corazawaf/coraza/pull/889
- fix
http.Flusherandio.ReaderFromimplementation by @romainmenke in https://github.com/corazawaf/coraza/pull/923 - fix: stack overflow in
ReadFromby @romainmenke in https://github.com/corazawaf/coraza/pull/925 - fix: Disables implicit Cookies url decoding by @M4tteoP in https://github.com/corazawaf/coraza/pull/928
- feat: add uppercase transformation by @blotus in https://github.com/corazawaf/coraza/pull/935
- fix: parse multiple cookies with spaces by @fzipi in https://github.com/corazawaf/coraza/pull/943
- fix: more forgiving base64 transformation [custom implementation] by @M4tteoP in https://github.com/corazawaf/coraza/pull/944
- fix: filling variables struct to complete audit info by @CArellanoOrbik in https://github.com/corazawaf/coraza/pull/968
- feat: adds context to transaction. by @jcchavezs in https://github.com/corazawaf/coraza/pull/963
- feat: improves logging. by @jcchavezs in https://github.com/corazawaf/coraza/pull/971
- feat: add raw body processor by @blotus in https://github.com/corazawaf/coraza/pull/983
- chore: updates CRS tests to CRS 4.0.0-rc2 by @M4tteoP in https://github.com/corazawaf/coraza/pull/899
- fix(seclang): merge chained raw rules by @jptosso in https://github.com/corazawaf/coraza/pull/985
- fix: BodyLimit related documented default values, default RequestBodyLimitAction, adds some tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/895
- chore: Go 1.20 as minimum supported version by @jcchavezs in https://github.com/corazawaf/coraza/pull/996
- chore: upgrades go-ftw to 0.6.4. by @jcchavezs in https://github.com/corazawaf/coraza/pull/998
New Contributors (thanks a lot!)
- @testwill made their first contribution in https://github.com/corazawaf/coraza/pull/894
- @renovate made their first contribution in https://github.com/corazawaf/coraza/pull/903
- @romainmenke made their first contribution in https://github.com/corazawaf/coraza/pull/923
- @blotus made their first contribution in https://github.com/corazawaf/coraza/pull/935
- @CArellanoOrbik made their first contribution in https://github.com/corazawaf/coraza/pull/968
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.4...v3.1.0
coraza
- Version 3.0.4
Published by jcchavezs about 1 year ago
What's Changed
- chore(deps): bump golang.org/x/sync from 0.1.0 to 0.3.0 by @dependabot in https://github.com/corazawaf/coraza/pull/862
- chore: upgrades coraza to latest aho-corasick. by @jcchavezs in https://github.com/corazawaf/coraza/pull/867
- fix: Logs print different messages for each the disruptive actions by @M4tteoP in https://github.com/corazawaf/coraza/pull/827
- chore(deps): bump github.com/tidwall/gjson from 1.14.4 to 1.17.0 by @dependabot in https://github.com/corazawaf/coraza/pull/878
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.3...v3.0.4
coraza
- Version 3.0.3
Published by jcchavezs about 1 year ago
What's Changed
- chore(readme): explicits CRS supported version by @M4tteoP in https://github.com/corazawaf/coraza/pull/834
- chore: adds go mod tidy and go work sync for all modules. by @jcchavezs in https://github.com/corazawaf/coraza/pull/835
- adds more verbosity on go mod tidy errors by @jcchavezs in https://github.com/corazawaf/coraza/pull/837
- add https audit log support by @jptosso in https://github.com/corazawaf/coraza/pull/826
- chore: fixes e2e pkg. by @jcchavezs in https://github.com/corazawaf/coraza/pull/841
- chore: updates e2e standalone command by @M4tteoP in https://github.com/corazawaf/coraza/pull/845
- Adds Log() to MatchedRule, fixes audit log without
logby @M4tteoP in https://github.com/corazawaf/coraza/pull/848 - chore(e2e): check response body read error only if a body is expected by @M4tteoP in https://github.com/corazawaf/coraza/pull/852
- chore: drops benchmark CI. by @jcchavezs in https://github.com/corazawaf/coraza/pull/857
- implement https mime by @jptosso in https://github.com/corazawaf/coraza/pull/850
- chore: adds memoize implementation for regexes and ahocorasick by @jcchavezs in https://github.com/corazawaf/coraza/pull/836
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.2...v3.0.3
coraza
- Version 3.0.2
Published by jcchavezs over 1 year ago
What's Changed
- fix: blocks body buffer reader once the body buffer has been reset. by @jcchavezs in https://github.com/corazawaf/coraza/pull/825
- fix: benchmark and propagate the status to not to swallow the failure by @jcchavezs in https://github.com/corazawaf/coraza/pull/808
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.1...v3.0.2
coraza
- v3.0.1
Published by jptosso over 1 year ago
Important
This tag fixes a high-severity vulnerability. See https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.0...v3.0.1
coraza
- v3.0.0
Published by M4tteoP over 1 year ago
What's Changed
Coraza's latest v3.0.0 release brings a highly refactored engine that offers more flexibility and major improvements.
Notable changes include:
-
Performance improvement: Performance has been improved by up to 100 times due to several key enhancements such as:
- New debug logs system based on Zerolog for a fast and with low to zero allocations.
- Cache transformation logic across the same transaction.
- Optimized variable collection types.
- Refactored API: Coraza now relies on a more straightforward and user-friendly API.
- New Plugin Package: The new package simplifies the extension of Coraza's functionalities.
- Full CRS v4 Support: Coraza fully supports the CRS v4 branch, always making CRS compatibility of top priority. The CI now includes a CRS testing suite to guarantee a regression-free development.
-
Cross-platform support: Both
GoandTinyGofor WASM builds are now supported. - New experimental Multiphase feature: Introducing a new way for early data evaluation and blocking.
-
Datasetsupport: designed for in-config.datafiles emulation.
Contributors
Many thanks to all the contributors and users that made this release possible:
- @anuraaga
- @bxlxx
- @codefromthecrypt
- @fzipi
- @Hayak3
- @jcchavezs
- @jptosso
- @M4tteoP
- @manojgop
- @nacx
- @ns-sundar
- @piyushroshan
- @ShiMing-Q
- @sts
- @y05h1k1ng
- @zc2638
coraza
- v3.0.0-rc.3
Published by jcchavezs over 1 year ago
What's Changed
- registers pmFromDataset, fixes Dataset propagation, adds tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/777
- docs: update README and SECURITY by @fzipi in https://github.com/corazawaf/coraza/pull/780
- Validate audit log parts by @Hayak3 in https://github.com/corazawaf/coraza/pull/779
- Remove intermediate string allocation when writing match details log by @anuraaga in https://github.com/corazawaf/coraza/pull/781
- fix: aligns multimatch to modsec behavior by @M4tteoP in https://github.com/corazawaf/coraza/pull/778
- chore: increases rule.go test coverage by @M4tteoP in https://github.com/corazawaf/coraza/pull/786
- remove wrong loop in matchData by @Hayak3 in https://github.com/corazawaf/coraza/pull/785
- hotfix: fixes rule_test after merge by @M4tteoP in https://github.com/corazawaf/coraza/pull/788
- chore(deps): bump github.com/magefile/mage from 1.14.0 to 1.15.0 by @dependabot in https://github.com/corazawaf/coraza/pull/791
- chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 by @dependabot in https://github.com/corazawaf/coraza/pull/789
- feat(ci): stale only awaiting for feedback's issue by @M4tteoP in https://github.com/corazawaf/coraza/pull/793
- Multiphase: chains further support, ARGS split, CRS like tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/719
- feat: adds auditlog plugins API by @jcchavezs in https://github.com/corazawaf/coraza/pull/787
- fix/feat: Macro expansions, error logs redundancy, support
msg/logdatain inner rules by @M4tteoP in https://github.com/corazawaf/coraza/pull/792 - remove alpha disclosure from README by @jptosso in https://github.com/corazawaf/coraza/pull/796
- breaking: removes code parameter from ErrorLog and AuditLog by @M4tteoP in https://github.com/corazawaf/coraza/pull/800
New Contributors
- @Hayak3 made their first contribution in https://github.com/corazawaf/coraza/pull/779
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.0-rc.2...v3.0.0-rc.3
coraza
- v3.0.0-rc.2
Published by jptosso over 1 year ago
What's Changed
- Use bitset for inferred phases by @anuraaga in https://github.com/corazawaf/coraza/pull/727
- Document test failures due to regex matching arbitrary bytes by @anuraaga in https://github.com/corazawaf/coraza/pull/730
- Enable multiline mode for rx by @anuraaga in https://github.com/corazawaf/coraza/pull/732
- Use binaryregexp for rx operator by @anuraaga in https://github.com/corazawaf/coraza/pull/731
- Add rx test case confirming case-insensitive rules will work by @anuraaga in https://github.com/corazawaf/coraza/pull/733
- fix(ci): remove sonarcloud by @fzipi in https://github.com/corazawaf/coraza/pull/738
- fix(bodyprocessors): fix forcerequestbodyvariable overriding processor by @jptosso in https://github.com/corazawaf/coraza/pull/740
- fix(bodyprocessors): force response body overrides mime requirements by @jptosso in https://github.com/corazawaf/coraza/pull/741
- chore: create plugins package. by @jcchavezs in https://github.com/corazawaf/coraza/pull/734
- chore: drops unused methods in TransactionState by @jcchavezs in https://github.com/corazawaf/coraza/pull/739
- chore: describes currently excluded CRS excluded rules by @M4tteoP in https://github.com/corazawaf/coraza/pull/744
- fix: fixes fuzz target. by @jcchavezs in https://github.com/corazawaf/coraza/pull/745
- Update tool versions by @anuraaga in https://github.com/corazawaf/coraza/pull/710
- fix(action): Add many validations for setvar by @jptosso in https://github.com/corazawaf/coraza/pull/747
- fix: adds full support for ruleRemoveById. by @jcchavezs in https://github.com/corazawaf/coraza/pull/749
- Small simplification to macro readability by @anuraaga in https://github.com/corazawaf/coraza/pull/751
- Remove Single.Set from API for now by @anuraaga in https://github.com/corazawaf/coraza/pull/750
- chore: updates tests to latest CRS, updates go-ftw by @M4tteoP in https://github.com/corazawaf/coraza/pull/752
- transform expireVar to noop by @jptosso in https://github.com/corazawaf/coraza/pull/755
- Move remaining plugin-related logic to experimental by @anuraaga in https://github.com/corazawaf/coraza/pull/753
- Small simplification to cmd_line code by @anuraaga in https://github.com/corazawaf/coraza/pull/761
- Use standard library for base64 decode by @anuraaga in https://github.com/corazawaf/coraza/pull/758
- Small simpflication to css_decode by @anuraaga in https://github.com/corazawaf/coraza/pull/762
- Delegate to normalisePath from normalisePathWin by @anuraaga in https://github.com/corazawaf/coraza/pull/763
- Append into output buffer for removecommentschar by @anuraaga in https://github.com/corazawaf/coraza/pull/764
- chore(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 by @dependabot in https://github.com/corazawaf/coraza/pull/766
- fix: synthesizes Transfer-Encoding header inside the transaction by @M4tteoP in https://github.com/corazawaf/coraza/pull/768
- Include key size in ARGS_COMBINED_SIZE by @anuraaga in https://github.com/corazawaf/coraza/pull/756
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.0-rc.1...v3.0.0-rc.2
coraza
- Release 3.0.0 RC1
Published by jcchavezs over 1 year ago
What's Changed
- fix: default actions for phase 2 are now hardcoded #191 by @jptosso in https://github.com/corazawaf/coraza/pull/198
- change the URL protocol(git -> https) by @y05h1k1ng in https://github.com/corazawaf/coraza/pull/214
- fix(actions): Remove branch patterns from action scope by @jptosso in https://github.com/corazawaf/coraza/pull/217
- fix(tx): Force Request Body now works by @jptosso in https://github.com/corazawaf/coraza/pull/219
- fix(@rx): add @rx captured data into Tx variable by @bxlxx in https://github.com/corazawaf/coraza/pull/215
- Rule matches optimization: Fix for #183 by @piyushroshan in https://github.com/corazawaf/coraza/pull/220
- fix: remove unused code by @bxlxx in https://github.com/corazawaf/coraza/pull/228
- fix(rx): support non utf-8 format data matching by @bxlxx in https://github.com/corazawaf/coraza/pull/231
- feat(directive): Implement include directive by @jptosso in https://github.com/corazawaf/coraza/pull/232
- simplified iota definition by @zc2638 in https://github.com/corazawaf/coraza/pull/236
- Fix Include Directive by @piyushroshan in https://github.com/corazawaf/coraza/pull/240
- Enhance github actions for sonarcloud and regression by @jptosso in https://github.com/corazawaf/coraza/pull/248
- update pre-commit, dependencies and fix linters by @jptosso in https://github.com/corazawaf/coraza/pull/250
- fix issue #241 (replaces #242) by @jptosso in https://github.com/corazawaf/coraza/pull/249
- fix: sonar checks on forks. by @jcchavezs in https://github.com/corazawaf/coraza/pull/256
- chore: move all linters to golangci-lint by @jcchavezs in https://github.com/corazawaf/coraza/pull/258
- Updating README & CONTRIBUTING guidelines and adding an initial CHANGELOG by @sts in https://github.com/corazawaf/coraza/pull/255
- Update README.md by @sts in https://github.com/corazawaf/coraza/pull/259
- Fix 209: Case sensitive evaluation by @piyushroshan in https://github.com/corazawaf/coraza/pull/260
- fix(multipart processor): capture original file name without using reflection by @jcchavezs in https://github.com/corazawaf/coraza/pull/229
- fix: fixes RBL leaks. by @jcchavezs in https://github.com/corazawaf/coraza/pull/243
- Remove wasm example file by @jptosso in https://github.com/corazawaf/coraza/pull/261
- Allow passthrough of variable Negations if not present by @piyushroshan in https://github.com/corazawaf/coraza/pull/265
- new variables engine for v3 by @jptosso in https://github.com/corazawaf/coraza/pull/277
- feat(operator): New RESTPATH operator support by @jptosso in https://github.com/corazawaf/coraza/pull/282
- chore: turns http server into an own module. by @jcchavezs in https://github.com/corazawaf/coraza/pull/281
- Turn utils into internal by @jcchavezs in https://github.com/corazawaf/coraza/pull/285
- V3/dev fixes by @jptosso in https://github.com/corazawaf/coraza/pull/288
- Adding support for the redirect action. closes #144 by @sts in https://github.com/corazawaf/coraza/pull/290
- chore: drops Transaction.ProcessRequest into an own package. by @jcchavezs in https://github.com/corazawaf/coraza/pull/296
- V3/dev fixes by @jptosso in https://github.com/corazawaf/coraza/pull/292
- remove tests by @jptosso in https://github.com/corazawaf/coraza/pull/300
- Migrate engine test profiles from yaml to go by @anuraaga in https://github.com/corazawaf/coraza/pull/306
- Move resetCaptures defer out of loop by @anuraaga in https://github.com/corazawaf/coraza/pull/304
- Use struct instead of slice for byte range validation by @anuraaga in https://github.com/corazawaf/coraza/pull/305
- Make sure temp files in tests are removed by using t.TempDir by @anuraaga in https://github.com/corazawaf/coraza/pull/310
- Reduce include recursion limit by @anuraaga in https://github.com/corazawaf/coraza/pull/307
- Fix flaky TestCollectionProxy by @anuraaga in https://github.com/corazawaf/coraza/pull/312
- Don't copy to bytes when validating byte range by @anuraaga in https://github.com/corazawaf/coraza/pull/309
- upgrade go version by @jptosso in https://github.com/corazawaf/coraza/pull/323
- Small optimizations to urlencode by @anuraaga in https://github.com/corazawaf/coraza/pull/320
- Small optimizations to base64decode by @anuraaga in https://github.com/corazawaf/coraza/pull/319
- Use go run instead of install for go-ftw by @anuraaga in https://github.com/corazawaf/coraza/pull/316
- Add more benchmarks by @jptosso in https://github.com/corazawaf/coraza/pull/301
- Separate out bodyprocessor implementations for TinyGo by @anuraaga in https://github.com/corazawaf/coraza/pull/311
- V3/url processor by @jptosso in https://github.com/corazawaf/coraza/pull/326
- V3/core fixes by @jptosso in https://github.com/corazawaf/coraza/pull/327
- feat: adds tinygo support. by @jcchavezs in https://github.com/corazawaf/coraza/pull/254
- Add benchmarks using ModSecurity for comparison by @anuraaga in https://github.com/corazawaf/coraza/pull/329
- Add magefile for running development commands by @anuraaga in https://github.com/corazawaf/coraza/pull/315
- Separate out bodybuffer implementation for tinygo that doesn't access… by @anuraaga in https://github.com/corazawaf/coraza/pull/332
- Run addlicense when formatting by @anuraaga in https://github.com/corazawaf/coraza/pull/333
- Add an interface for DebugLogger to be able to replace the logging me… by @anuraaga in https://github.com/corazawaf/coraza/pull/337
- Change license formatting to mention contributors and use SPDX by @anuraaga in https://github.com/corazawaf/coraza/pull/334
- Add command for installing precommit hook by @anuraaga in https://github.com/corazawaf/coraza/pull/339
- [v3] Bump required go version to 1.18 by @anuraaga in https://github.com/corazawaf/coraza/pull/343
- Remove usages of deprecated ioutil by @anuraaga in https://github.com/corazawaf/coraza/pull/342
- Case sensitive evaluation Fix for v3 by @piyushroshan in https://github.com/corazawaf/coraza/pull/346
- Remove usage of system /tmp from tests. by @anuraaga in https://github.com/corazawaf/coraza/pull/353
- [v3] Optimization for validate_nid operator by @bxlxx in https://github.com/corazawaf/coraza/pull/348
- Reduce some data copies in modsecurity bridge by @anuraaga in https://github.com/corazawaf/coraza/pull/359
- Run lint before formatting by @anuraaga in https://github.com/corazawaf/coraza/pull/358
- [v3] Use mage commands in CI instead of pre-commit by @anuraaga in https://github.com/corazawaf/coraza/pull/356
- add dataset support by @jptosso in https://github.com/corazawaf/coraza/pull/361
- Implements ipMatchFromDataset, parsing for ipMatchFromFile by @M4tteoP in https://github.com/corazawaf/coraza/pull/363
- chore: reallocate testdata. by @jcchavezs in https://github.com/corazawaf/coraza/pull/364
- chore: loads file inside operator when using FromFile. by @jcchavezs in https://github.com/corazawaf/coraza/pull/366
- chore: improves errors on tinygo. by @jcchavezs in https://github.com/corazawaf/coraza/pull/369
- Remove err return from NewParser by @anuraaga in https://github.com/corazawaf/coraza/pull/375
- chore: improves tx.Clean by @jcchavezs in https://github.com/corazawaf/coraza/pull/370
- chore: improves from file tests. by @jcchavezs in https://github.com/corazawaf/coraza/pull/367
- Use io.Discard instead of /dev/null for discarding output by @anuraaga in https://github.com/corazawaf/coraza/pull/354
- chore: removes unneeded code in operators. by @jcchavezs in https://github.com/corazawaf/coraza/pull/376
- v3: Remove unused mutex in RuleGroup by @nacx in https://github.com/corazawaf/coraza/pull/384
- add pre-alpha notice by @jptosso in https://github.com/corazawaf/coraza/pull/383
- Remove legacy pre-commit config by @anuraaga in https://github.com/corazawaf/coraza/pull/365
- codecov tests by @jptosso in https://github.com/corazawaf/coraza/pull/386
- chore(deps): bump github.com/tidwall/gjson from 1.14.2 to 1.14.3 by @dependabot in https://github.com/corazawaf/coraza/pull/382
- fix coverage by @jptosso in https://github.com/corazawaf/coraza/pull/387
- Rename Waf to WAF by @anuraaga in https://github.com/corazawaf/coraza/pull/390
- clean up unnecessary error judgments by @zc2638 in https://github.com/corazawaf/coraza/pull/389
- [v3] Display contributors in README by @anuraaga in https://github.com/corazawaf/coraza/pull/392
- tests: improves coverage. by @jcchavezs in https://github.com/corazawaf/coraza/pull/385
- chore: organize imports in 3 blocks: stdlib, 3rd party, coraza by @nacx in https://github.com/corazawaf/coraza/pull/394
- Optimize random string generation by @anuraaga in https://github.com/corazawaf/coraza/pull/403
- Document that RandomString is pseudorandom by @anuraaga in https://github.com/corazawaf/coraza/pull/405
- Allow setting a root fs.FS in a parser. by @anuraaga in https://github.com/corazawaf/coraza/pull/393
- fix: improves mage lint user experience. by @jcchavezs in https://github.com/corazawaf/coraza/pull/413
- tests: uses testing.TB interface for helper to avoid nil check. by @jcchavezs in https://github.com/corazawaf/coraza/pull/418
- chore: avoids too many open files error when running CRS. by @jcchavezs in https://github.com/corazawaf/coraza/pull/414
- chore: fixes example by not reusing the transaction. by @jcchavezs in https://github.com/corazawaf/coraza/pull/420
- chore: improves loggers by adding closer. by @jcchavezs in https://github.com/corazawaf/coraza/pull/415
- Update libinjection-go by @anuraaga in https://github.com/corazawaf/coraza/pull/421
- Register native auditlogformatter in TinyGo by @anuraaga in https://github.com/corazawaf/coraza/pull/402
- V3/improves parser performance by @jcchavezs in https://github.com/corazawaf/coraza/pull/412
- Don't write files during multipart processing in TinyGo by @anuraaga in https://github.com/corazawaf/coraza/pull/399
- fix audit filesizes audit bug by @jptosso in https://github.com/corazawaf/coraza/pull/411
- Use iter for pm operator instead of always finding all when capturing by @anuraaga in https://github.com/corazawaf/coraza/pull/424
- chore: improves logic in the operators. by @jcchavezs in https://github.com/corazawaf/coraza/pull/423
- Chore: buildExamples command, CI, http-server example tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/422
- Make RandomString concurrent-safe by @anuraaga in https://github.com/corazawaf/coraza/pull/430
- Fix handling of unicode in regex by @anuraaga in https://github.com/corazawaf/coraza/pull/425
- Fix parser backticks by @M4tteoP in https://github.com/corazawaf/coraza/pull/433
- tests: enrich backticks test. by @jcchavezs in https://github.com/corazawaf/coraza/pull/435
- Remove unescaping in string handling and use proper unicode regex syntax. by @anuraaga in https://github.com/corazawaf/coraza/pull/434
- Fix caddy CRS test config missing trailing quote by @anuraaga in https://github.com/corazawaf/coraza/pull/437
- Convert library entrypoints to immutable interfaces by @anuraaga in https://github.com/corazawaf/coraza/pull/397
- Improves ctl by @jcchavezs in https://github.com/corazawaf/coraza/pull/440
- chore: adds support for HTTP middleware. by @jcchavezs in https://github.com/corazawaf/coraza/pull/442
- Don't explicitly initialize empty slices by @anuraaga in https://github.com/corazawaf/coraza/pull/446
- Set debug logger implementation before parsing directives by @anuraaga in https://github.com/corazawaf/coraza/pull/444
- Add fast path for macro with single token by @anuraaga in https://github.com/corazawaf/coraza/pull/448
- chore(deps): bump github.com/magefile/mage from 1.13.0 to 1.14.0 by @dependabot in https://github.com/corazawaf/coraza/pull/428
- add support for MULTIPART_PART_HEADERS by @jptosso in https://github.com/corazawaf/coraza/pull/452
- chore: keeps clean method private. by @jcchavezs in https://github.com/corazawaf/coraza/pull/454
- chore: minor tweaks. by @jcchavezs in https://github.com/corazawaf/coraza/pull/450
- Add CODEOWNERS by @anuraaga in https://github.com/corazawaf/coraza/pull/400
- feat: adds support for stdout. by @jcchavezs in https://github.com/corazawaf/coraza/pull/449
- add waf.NewTransactionWithID by @jptosso in https://github.com/corazawaf/coraza/pull/455
- Fix validateUtf8Encoding by @anuraaga in https://github.com/corazawaf/coraza/pull/458
- Reads the request protocol instead of hacks by @codefromthecrypt in https://github.com/corazawaf/coraza/pull/459
- Add test using ftw and crs by @anuraaga in https://github.com/corazawaf/coraza/pull/457
- chore: drops context first param. by @jcchavezs in https://github.com/corazawaf/coraza/pull/462
- chore: makes sure body payload has a limit in tinygo. by @jcchavezs in https://github.com/corazawaf/coraza/pull/463
- Reuse body buffers and collections across transactions by @anuraaga in https://github.com/corazawaf/coraza/pull/464
- Implement a simple sync.Pool for TinyGo by @anuraaga in https://github.com/corazawaf/coraza/pull/465
- chore: adds support for closing logs. by @jcchavezs in https://github.com/corazawaf/coraza/pull/467
- Fix: Adjust parser activation rules in coraza.conf-recommended by @M4tteoP in https://github.com/corazawaf/coraza/pull/470
- chore: do not close future versions work by @fzipi in https://github.com/corazawaf/coraza/pull/471
- Fix collection of content with inner XML nodes. by @anuraaga in https://github.com/corazawaf/coraza/pull/473
- Use slice for collections instead of array by @anuraaga in https://github.com/corazawaf/coraza/pull/472
- docs: general tweaks to readme. by @jcchavezs in https://github.com/corazawaf/coraza/pull/476
- http-server: log error, response headers and readme by @M4tteoP in https://github.com/corazawaf/coraza/pull/460
- Remove many Get prefixes in interfaces by @anuraaga in https://github.com/corazawaf/coraza/pull/475
- Don't git stash when linting by @anuraaga in https://github.com/corazawaf/coraza/pull/479
- Small cleanups in collections by @anuraaga in https://github.com/corazawaf/coraza/pull/482
- Remove Transaction.Collections slice by @anuraaga in https://github.com/corazawaf/coraza/pull/481
- Convert rulematch types to interfaces by @anuraaga in https://github.com/corazawaf/coraza/pull/478
- Switch from operator Init mutator to operator factory by @anuraaga in https://github.com/corazawaf/coraza/pull/484
- Keep CRS in memory instead of writing to tmp in tests by @anuraaga in https://github.com/corazawaf/coraza/pull/485
- Initialize operators in each file and add build tags for excluding them by @anuraaga in https://github.com/corazawaf/coraza/pull/489
- Don't publish overall coverage flag by @anuraaga in https://github.com/corazawaf/coraza/pull/491
- Use lookup table for byte range validation by @anuraaga in https://github.com/corazawaf/coraza/pull/490
- Use gjson for json body processor for non-tinygo as well and use streaming parser by @anuraaga in https://github.com/corazawaf/coraza/pull/488
- Fix: adds http-server and coreruleset tests to coverage command, enabling them in CI by @M4tteoP in https://github.com/corazawaf/coraza/pull/492
- Don't use same output file for different coverage commands by @anuraaga in https://github.com/corazawaf/coraza/pull/493
- Address CRS response body tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/483
- Fix CRS Regression tests - Go 1.18 by @M4tteoP in https://github.com/corazawaf/coraza/pull/495
- Export Request/Response BodyAccess values by @M4tteoP in https://github.com/corazawaf/coraza/pull/499
- Copy rules slice when cloning config by @anuraaga in https://github.com/corazawaf/coraza/pull/501
- feat: optimize body buffering. by @jcchavezs in https://github.com/corazawaf/coraza/pull/505
- feat: changes WAF to accept a slice of rules instead of one rule. by @jcchavezs in https://github.com/corazawaf/coraza/pull/507
- Exports IsRuleEngineOff by @M4tteoP in https://github.com/corazawaf/coraza/pull/504
- chore: updates go-ftw to 0.4.3 by @M4tteoP in https://github.com/corazawaf/coraza/pull/516
- chore: only buffers response body if the mime type is the desired one. by @jcchavezs in https://github.com/corazawaf/coraza/pull/514
- breaking: rename methods for a better description of what they do. by @jcchavezs in https://github.com/corazawaf/coraza/pull/518
- feat: update upstream go-ftw by @fzipi in https://github.com/corazawaf/coraza/pull/523
- Skips Evaluate during ProcessLogging if EngineOff by @M4tteoP in https://github.com/corazawaf/coraza/pull/524
- chore: renames transaction tests with engine off by @M4tteoP in https://github.com/corazawaf/coraza/pull/529
- Simplify CodeQL workflow by @anuraaga in https://github.com/corazawaf/coraza/pull/528
- Updates CRS, fixes some tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/526
- Expose AddArgument on tx interface by @piyushroshan in https://github.com/corazawaf/coraza/pull/508
- optimize rx operator by @jptosso in https://github.com/corazawaf/coraza/pull/536
- Cache transformations within a phase by @anuraaga in https://github.com/corazawaf/coraza/pull/537
- Passthrough string in url decode transformations when no decoding by @anuraaga in https://github.com/corazawaf/coraza/pull/540
- Return number bytes, not runes, in length transformation by @anuraaga in https://github.com/corazawaf/coraza/pull/542
- Have cmdLine operate on bytes and passthrough non-transformed by @anuraaga in https://github.com/corazawaf/coraza/pull/543
- Passthrough non-transformed strings in compressWhitespace by @anuraaga in https://github.com/corazawaf/coraza/pull/544
- Use stdlib for replaceNulls by @anuraaga in https://github.com/corazawaf/coraza/pull/545
- Passthrough non-transformed strings (to some degree) in cssDecode by @anuraaga in https://github.com/corazawaf/coraza/pull/546
- WrapUnsafe in hash transformations by @anuraaga in https://github.com/corazawaf/coraza/pull/549
- Use pointer for arg key in cache key by @anuraaga in https://github.com/corazawaf/coraza/pull/553
- Rework utf8tounicode to match ModSecurity and passthrough non-utf8 by @anuraaga in https://github.com/corazawaf/coraza/pull/541
- chore: adds validation for limits. by @jcchavezs in https://github.com/corazawaf/coraza/pull/535
- Allocate transformation cache value on heap by @anuraaga in https://github.com/corazawaf/coraza/pull/554
- fix: minor cleanup in parseCtl, adds parseCtl test by @M4tteoP in https://github.com/corazawaf/coraza/pull/551
- Passthrough non-transformed strings (to some degree) in jsDecode by @anuraaga in https://github.com/corazawaf/coraza/pull/548
- chore: makes txPool a WAF attribute to avoid globals. by @jcchavezs in https://github.com/corazawaf/coraza/pull/558
- Don't seek output file when reading from buffer by @anuraaga in https://github.com/corazawaf/coraza/pull/562
- tests: simplify multipart test. by @jcchavezs in https://github.com/corazawaf/coraza/pull/561
- Passthrough non-transformed strings (to some degree) in escapeSeqDecode by @anuraaga in https://github.com/corazawaf/coraza/pull/547
- chore: dropping internal logger type used in the public API. by @jcchavezs in https://github.com/corazawaf/coraza/pull/559
- chore: Removes unused code by @M4tteoP in https://github.com/corazawaf/coraza/pull/563
- Add infrastructure for and a couple of fuzz tests by @anuraaga in https://github.com/corazawaf/coraza/pull/567
- Remove extraneous conditions from remove_comments by @anuraaga in https://github.com/corazawaf/coraza/pull/568
- missing hostname in logs by @M4tteoP in https://github.com/corazawaf/coraza/pull/517
- chore: implements idempotency for phase calling. by @jcchavezs in https://github.com/corazawaf/coraza/pull/571
- feat: avoids zero limit on request/response body. by @jcchavezs in https://github.com/corazawaf/coraza/pull/573
- chore: idempotency on ProcessX functions by @M4tteoP in https://github.com/corazawaf/coraza/pull/574
- Convert split of two items to cut by @anuraaga in https://github.com/corazawaf/coraza/pull/575
- chore(deps): bump github.com/corazawaf/libinjection-go from 0.1.1 to 0.1.2 by @dependabot in https://github.com/corazawaf/coraza/pull/577
- Add fuzz tests for injection operators by @anuraaga in https://github.com/corazawaf/coraza/pull/576
- Append request body by @jcchavezs in https://github.com/corazawaf/coraza/pull/560
- expose ID by @jptosso in https://github.com/corazawaf/coraza/pull/579
- Support evaluation of rules in multiple phases by @anuraaga in https://github.com/corazawaf/coraza/pull/565
- chore: updates x/net and gjson deps by @M4tteoP in https://github.com/corazawaf/coraza/pull/580
- fix: fixes side effects between calls when a file does not exist in parser by @jcchavezs in https://github.com/corazawaf/coraza/pull/584
- Write Body buffer: adds Limit check, overflow check and limits comments by @M4tteoP in https://github.com/corazawaf/coraza/pull/539
- remove old TODO by @jptosso in https://github.com/corazawaf/coraza/pull/586
- Flatters WAF config API for better flexibility in setting memory limits and enabling BodyAccess by @M4tteoP in https://github.com/corazawaf/coraza/pull/503
- docs: adds documentation for directives. by @jcchavezs in https://github.com/corazawaf/coraza/pull/590
- docs: improves docs for directives. by @jcchavezs in https://github.com/corazawaf/coraza/pull/591
- implements ReadResponseBodyFrom and WriteResponseBody by @M4tteoP in https://github.com/corazawaf/coraza/pull/587
- docs: more tweaks to docs. by @jcchavezs in https://github.com/corazawaf/coraza/pull/592
- docs: fixes doc for Include directive. by @jcchavezs in https://github.com/corazawaf/coraza/pull/596
- chore: Fixes limit check inside BodyBuffer.Write by @M4tteoP in https://github.com/corazawaf/coraza/pull/593
- breaking: drops content injection features. by @jcchavezs in https://github.com/corazawaf/coraza/pull/589
- chore: adds hard limit for body limit. by @jcchavezs in https://github.com/corazawaf/coraza/pull/597
- chore: fixes lint check in generation. by @jcchavezs in https://github.com/corazawaf/coraza/pull/601
- docs: small improvements in the directives docs. by @jcchavezs in https://github.com/corazawaf/coraza/pull/603
- docs: adds code backticks for directives. by @jcchavezs in https://github.com/corazawaf/coraza/pull/604
- Evaluate no return by @jcchavezs in https://github.com/corazawaf/coraza/pull/602
- Populates serverName variable implementing SetServerName by @M4tteoP in https://github.com/corazawaf/coraza/pull/572
- Use unknown instead of nil for macro without variable by @anuraaga in https://github.com/corazawaf/coraza/pull/607
- fix: fixes the superflous header write. by @jcchavezs in https://github.com/corazawaf/coraza/pull/605
- Simplify Map API by @anuraaga in https://github.com/corazawaf/coraza/pull/606
- Corrects SecDebugLogLevel doc, reorders logs levels by @M4tteoP in https://github.com/corazawaf/coraza/pull/519
- chore: updates directives doc about SecDebugLogLevel by @M4tteoP in https://github.com/corazawaf/coraza/pull/609
- Further simplify collections APIs by @anuraaga in https://github.com/corazawaf/coraza/pull/608
- tests: covers the wrapper for nil WAF. by @jcchavezs in https://github.com/corazawaf/coraza/pull/614
- Validate config consistently by @jcchavezs in https://github.com/corazawaf/coraza/pull/612
- Move debug formatting to collections and remove Map.Data by @anuraaga in https://github.com/corazawaf/coraza/pull/615
- Backfills in memory limit by @jcchavezs in https://github.com/corazawaf/coraza/pull/619
- fix: fixes the parser to avoid invalid rules. by @jcchavezs in https://github.com/corazawaf/coraza/pull/624
- add flexible xml body processing by @jptosso in https://github.com/corazawaf/coraza/pull/622
- doc: v3 changelog by @sts in https://github.com/corazawaf/coraza/pull/538
- chore: removes support for SecTmpDir. by @jcchavezs in https://github.com/corazawaf/coraza/pull/625
- Needed change: type AuditLogParts []auditLogPart should be exported #628 by @jptosso in https://github.com/corazawaf/coraza/pull/637
- feat: implement allow disruptive action by @fzipi in https://github.com/corazawaf/coraza/pull/527
- chore: generates variable map and variable count. by @jcchavezs in https://github.com/corazawaf/coraza/pull/641
- feat: move collections to noop by @fzipi in https://github.com/corazawaf/coraza/pull/640
- Remove Collection.Reset from public API by @anuraaga in https://github.com/corazawaf/coraza/pull/644
- chore: avoids mutating the rule during evaluation. by @jcchavezs in https://github.com/corazawaf/coraza/pull/645
- Only expose supported variables in public API by @anuraaga in https://github.com/corazawaf/coraza/pull/642
- chore: avoids tmp dir instantiation when no FS access environment. by @jcchavezs in https://github.com/corazawaf/coraza/pull/626
- Remove VariablesCount and use an iterator instead by @anuraaga in https://github.com/corazawaf/coraza/pull/647
- chore(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 by @dependabot in https://github.com/corazawaf/coraza/pull/621
- chore: removes CodeQL analysis on the push events by @M4tteoP in https://github.com/corazawaf/coraza/pull/650
- chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 by @dependabot in https://github.com/corazawaf/coraza/pull/649
- chore: change readme coverage by @jptosso in https://github.com/corazawaf/coraza/pull/651
- Remove MatchData.VariableName by @anuraaga in https://github.com/corazawaf/coraza/pull/643
- Remove WithRules from config by @anuraaga in https://github.com/corazawaf/coraza/pull/656
- fix: missing response body mime type config by @jptosso in https://github.com/corazawaf/coraza/pull/654
- tests: covers macro coverage. by @jcchavezs in https://github.com/corazawaf/coraza/pull/655
- Improves actions code by @jcchavezs in https://github.com/corazawaf/coraza/pull/646
- chore(deps): bump golang.org/x/net from 0.1.0 to 0.7.0 in /testing/coreruleset by @dependabot in https://github.com/corazawaf/coraza/pull/663
- move actions to plugins by @jptosso in https://github.com/corazawaf/coraza/pull/661
- Revert "move actions to plugins" by @jptosso in https://github.com/corazawaf/coraza/pull/665
- upgrade codecov to v3 by @jptosso in https://github.com/corazawaf/coraza/pull/667
- fix(ci): codecov issues by @jptosso in https://github.com/corazawaf/coraza/pull/668
- refactor tx addargument by @jptosso in https://github.com/corazawaf/coraza/pull/659
- fix(921180): NamedCollection not unique, adds redundancy in MatchData by @M4tteoP in https://github.com/corazawaf/coraza/pull/618
- chore: updates CRS, more tests passing by @M4tteoP in https://github.com/corazawaf/coraza/pull/674
- Remove MatchData.IsNil by @anuraaga in https://github.com/corazawaf/coraza/pull/677
- tests: adds more coverage for CTL action. by @jcchavezs in https://github.com/corazawaf/coraza/pull/679
- Avoid intermediate string when formatting variables for debug by @anuraaga in https://github.com/corazawaf/coraza/pull/675
- Use string builder in parseActions() to optimize memory usage. by @manojgop in https://github.com/corazawaf/coraza/pull/681
- Enable xml processor on TinyGo by @anuraaga in https://github.com/corazawaf/coraza/pull/685
- Rework Logger API by @jcchavezs in https://github.com/corazawaf/coraza/pull/682
- chore(readme): remove roadmap from readme by @jptosso in https://github.com/corazawaf/coraza/pull/686
- chore: reallocate loggers by @jcchavezs in https://github.com/corazawaf/coraza/pull/687
- Use coraza-coreruleset for FTW test by @anuraaga in https://github.com/corazawaf/coraza/pull/689
- chore(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 by @dependabot in https://github.com/corazawaf/coraza/pull/690
- fix: default Event in log levels, adds test by @M4tteoP in https://github.com/corazawaf/coraza/pull/691
- chore: adds phases check before processing body by @M4tteoP in https://github.com/corazawaf/coraza/pull/680
- Fix(980170): Correlation rules, SecAction messages, flow actions with DetectionOnly by @M4tteoP in https://github.com/corazawaf/coraza/pull/684
- chore: runs go work sync on format. by @jcchavezs in https://github.com/corazawaf/coraza/pull/693
- feat: adds support for response args and response body processor. by @jcchavezs in https://github.com/corazawaf/coraza/pull/695
- Small cleanups to parser by @anuraaga in https://github.com/corazawaf/coraza/pull/697
- Replace action/operator tokenization from regex to code by @anuraaga in https://github.com/corazawaf/coraza/pull/700
- breaking: removes INBOUND_ERROR_DATA in favour of INBOUND_DATA_ERROR. by @jcchavezs in https://github.com/corazawaf/coraza/pull/706
- Small cleanups to actions parsing by @anuraaga in https://github.com/corazawaf/coraza/pull/703
- Only log requested parts in native formatter by @anuraaga in https://github.com/corazawaf/coraza/pull/704
- Rework actions parsing by @anuraaga in https://github.com/corazawaf/coraza/pull/709
- Some cleanups to debuglog API by @anuraaga in https://github.com/corazawaf/coraza/pull/708
- Add typesafe auditlog config by @anuraaga in https://github.com/corazawaf/coraza/pull/699
- breaking: removes logger from the WrapHandler function. by @jcchavezs in https://github.com/corazawaf/coraza/pull/714
- chore: improves debug log by adding the status. by @jcchavezs in https://github.com/corazawaf/coraza/pull/715
- fix: allow:phase and allow:request actions, extends related tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/707
- chore: removes CTL regex. by @jcchavezs in https://github.com/corazawaf/coraza/pull/701
- feat(transformation): add trim transformation by @jptosso in https://github.com/corazawaf/coraza/pull/717
- Reduce stuttering in auditlog package by @anuraaga in https://github.com/corazawaf/coraza/pull/722
- Don't remove GET keys in json processor by @anuraaga in https://github.com/corazawaf/coraza/pull/720
- Replace remaining usage of generic config map with internal struct by @anuraaga in https://github.com/corazawaf/coraza/pull/721
- Only log requested parts in audit log by @anuraaga in https://github.com/corazawaf/coraza/pull/705
- fix: skip action within the phase, adds tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/723
- Propagate parsed line for raw rule storage by @anuraaga in https://github.com/corazawaf/coraza/pull/724
- chore: Adds checks for SecDefaultActions and related tests by @M4tteoP in https://github.com/corazawaf/coraza/pull/712
- Cleanup and optimize rulegroup by @anuraaga in https://github.com/corazawaf/coraza/pull/726
- chore: avoids initializing the audit log on every directive. by @jcchavezs in https://github.com/corazawaf/coraza/pull/725
New Contributors
- @y05h1k1ng made their first contribution in https://github.com/corazawaf/coraza/pull/214
- @piyushroshan made their first contribution in https://github.com/corazawaf/coraza/pull/220
- @zc2638 made their first contribution in https://github.com/corazawaf/coraza/pull/236
- @codefromthecrypt made their first contribution in https://github.com/corazawaf/coraza/pull/459
- @manojgop made their first contribution in https://github.com/corazawaf/coraza/pull/681
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0...v3.0.0-rc.1
coraza
- v2.0.1
Published by jptosso over 2 years ago
Huge performance improvements and a lot of bug fixes.
What's Changed
- fix: default actions for phase 2 are now hardcoded #191 by @jptosso in https://github.com/corazawaf/coraza/pull/198
- change the URL protocol(git -> https) by @y05h1k1ng in https://github.com/corazawaf/coraza/pull/214
- fix(actions): Remove branch patterns from action scope by @jptosso in https://github.com/corazawaf/coraza/pull/217
- fix(tx): Force Request Body now works by @jptosso in https://github.com/corazawaf/coraza/pull/219
- fix(@rx): add @rx captured data into Tx variable by @bxlxx in https://github.com/corazawaf/coraza/pull/215
- Rule matches optimization: Fix for #183 by @piyushroshan in https://github.com/corazawaf/coraza/pull/220
- fix: remove unused code by @bxlxx in https://github.com/corazawaf/coraza/pull/228
- fix(rx): support non utf-8 format data matching by @bxlxx in https://github.com/corazawaf/coraza/pull/231
- feat(directive): Implement include directive by @jptosso in https://github.com/corazawaf/coraza/pull/232
- simplified iota definition by @zc2638 in https://github.com/corazawaf/coraza/pull/236
- Fix Include Directive by @piyushroshan in https://github.com/corazawaf/coraza/pull/240
- Update README.md by @jptosso in https://github.com/corazawaf/coraza/pull/238
- Enhance github actions for sonarcloud and regression by @jptosso in https://github.com/corazawaf/coraza/pull/248
- update pre-commit, dependencies and fix linters by @jptosso in https://github.com/corazawaf/coraza/pull/250
- fix issue #241 (replaces #242) by @jptosso in https://github.com/corazawaf/coraza/pull/249
- fix: sonar checks on forks. by @jcchavezs in https://github.com/corazawaf/coraza/pull/256
- chore: move all linters to golangci-lint by @jcchavezs in https://github.com/corazawaf/coraza/pull/258
- Updating README & CONTRIBUTING guidelines and adding an initial CHANGELOG by @sts in https://github.com/corazawaf/coraza/pull/255
- Update README.md by @sts in https://github.com/corazawaf/coraza/pull/259
- Fix 209: Case sensitive evaluation by @piyushroshan in https://github.com/corazawaf/coraza/pull/260
- fix(multipart processor): capture original file name without using reflection by @jcchavezs in https://github.com/corazawaf/coraza/pull/229
- fix: fixes RBL leaks. by @jcchavezs in https://github.com/corazawaf/coraza/pull/243
- Remove wasm example file by @jptosso in https://github.com/corazawaf/coraza/pull/261
- Allow passthrough of variable Negations if not present by @piyushroshan in https://github.com/corazawaf/coraza/pull/265
- fix(rbl): close the channel in the sub goroutine by @bxlxx in https://github.com/corazawaf/coraza/pull/280
- chore: improves error handling on rule parsing. by @jcchavezs in https://github.com/corazawaf/coraza/pull/278
- Improve performance by @bxlxx in https://github.com/corazawaf/coraza/pull/293
- replace aho corasick by @jptosso in https://github.com/corazawaf/coraza/pull/302
New Contributors
- @y05h1k1ng made their first contribution in https://github.com/corazawaf/coraza/pull/214
- @piyushroshan made their first contribution in https://github.com/corazawaf/coraza/pull/220
- @zc2638 made their first contribution in https://github.com/corazawaf/coraza/pull/236
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0...v2.0.1
coraza
- V2 Release
Published by jptosso over 2 years ago
V2 is a major rework of OWASP Coraza.
- Better APIs and linting
- Better plugin support
- Better performance
- Better compatibility
- Better logging
What's Changed
- fix(op): move operator to native utf8.ValidString method by @fzipi in https://github.com/corazawaf/coraza/pull/88
- fix(removewhitespace): move to golang funcs by @fzipi in https://github.com/corazawaf/coraza/pull/92
- fix(removenull): move to golang funcs by @fzipi in https://github.com/corazawaf/coraza/pull/91
- fix(utf8toUnicode): change to golang standard funcs by @fzipi in https://github.com/corazawaf/coraza/pull/90
- fix(lint): fixes golang linter errors by @fzipi in https://github.com/corazawaf/coraza/pull/89
- Add error log support by @jptosso in https://github.com/corazawaf/coraza/pull/93
- Add tx tests by @jptosso in https://github.com/corazawaf/coraza/pull/94
- Bump github.com/antchfx/xmlquery from 1.3.6 to 1.3.7 by @dependabot in https://github.com/corazawaf/coraza/pull/95
- Bump github.com/antchfx/xmlquery from 1.3.7 to 1.3.8 by @dependabot in https://github.com/corazawaf/coraza/pull/96
- Bump github.com/antchfx/jsonquery from 1.1.4 to 1.1.5 by @dependabot in https://github.com/corazawaf/coraza/pull/97
- V2/testing rework by @jptosso in https://github.com/corazawaf/coraza/pull/109
- V2/testing rework by @jptosso in https://github.com/corazawaf/coraza/pull/110
- V2/testing rework by @jptosso in https://github.com/corazawaf/coraza/pull/111
- V2/directive plugins by @jptosso in https://github.com/corazawaf/coraza/pull/120
- V2/fix byteranges by @jptosso in https://github.com/corazawaf/coraza/pull/123
- Rules refactor by @jptosso in https://github.com/corazawaf/coraza/pull/125
- V2/crs tests by @jptosso in https://github.com/corazawaf/coraza/pull/128
- V2/parser rework by @jptosso in https://github.com/corazawaf/coraza/pull/131
- V2/audit rework by @jptosso in https://github.com/corazawaf/coraza/pull/133
- V2/rc1 by @jptosso in https://github.com/corazawaf/coraza/pull/135
- V2/tx syncpool by @jptosso in https://github.com/corazawaf/coraza/pull/136
- build(deps): bump go.uber.org/zap from 1.19.1 to 1.20.0 by @dependabot in https://github.com/corazawaf/coraza/pull/139
- fix for auditlog by @ShiMing-Q in https://github.com/corazawaf/coraza/pull/140
- Fix for some config does not work by @ShiMing-Q in https://github.com/corazawaf/coraza/pull/142
- feat: integrate libinjection-go by @jptosso in https://github.com/corazawaf/coraza/pull/149
- V2/master code specification and remove some useless code by @bxlxx in https://github.com/corazawaf/coraza/pull/157
- V2/rc2 by @jptosso in https://github.com/corazawaf/coraza/pull/158
- fix: chain loop for #159 by @jptosso in https://github.com/corazawaf/coraza/pull/166
- update module name by @bxlxx in https://github.com/corazawaf/coraza/pull/169
- build(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in https://github.com/corazawaf/coraza/pull/155
- fix for #176 by @bxlxx in https://github.com/corazawaf/coraza/pull/184
- fix MATCHED VARS issues by @jptosso in https://github.com/corazawaf/coraza/pull/189
- fix for #172 by @bxlxx in https://github.com/corazawaf/coraza/pull/188
- feat(operator): support SecRule "! ^some" as a valid rx negation by @bxlxx in https://github.com/corazawaf/coraza/pull/197
- fix(test): Update go-ftw action with new org by @jptosso in https://github.com/corazawaf/coraza/pull/201
- README: add owasp status, pre-commit and new org by @jptosso in https://github.com/corazawaf/coraza/pull/202
- fix: support array format for parsing json data in the body processor by @bxlxx in https://github.com/corazawaf/coraza/pull/205
- feat: use DirectiveOptions instead of waf.Config to share variables across directives by @bxlxx in https://github.com/corazawaf/coraza/pull/206
New Contributors
- @fzipi
- @ShiMing-Q
- @bxlxx
- @airween
Full Changelog: https://github.com/corazawaf/coraza/compare/v1.2.0...v2.0.0
coraza
- V2 release candidate 3
Published by jptosso over 2 years ago
What's Changed
- fix: chain loop for #159 by @jptosso in https://github.com/corazawaf/coraza/pull/166
- update module name by @bxlxx in https://github.com/corazawaf/coraza/pull/169
- build(deps): bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in https://github.com/corazawaf/coraza/pull/155
- fix for #176 by @bxlxx in https://github.com/corazawaf/coraza/pull/184
- fix MATCHED VARS issues by @jptosso in https://github.com/corazawaf/coraza/pull/189
- fix for #172 by @bxlxx in https://github.com/corazawaf/coraza/pull/188
- feat(operator): support SecRule "! ^some" as a valid rx negation by @bxlxx in https://github.com/corazawaf/coraza/pull/197
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0-rc.2...v2.0.0-rc.3
coraza
- V2 release candidate 2
Published by jptosso over 2 years ago
What's Changed
- Minor low level API changes
- Many performance improvements
- syncpool fix
- A lot of aesthetic improvements
- Added examples
- Added inbound and outbound error support
- Enhance testing and actions
- A few minor bugfixes
- Add official libinjection support, go native without CGO
- Project renamed to OWASP Coraza Web Application Firewall and moved to corazawaf organization
New contributors:
- bxlxx: https://github.com/corazawaf/coraza/pull/157 and https://github.com/corazawaf/libinjection-go
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0-rc.1...v2.0.0-rc.2
coraza
- v2 release candidate 1
Published by jptosso almost 3 years ago
First release candidate for Coraza WAF v2
- New tx.Clean function used to free the memory and get the transaction back to the sync pool
- Tons of lot fixes
- Minor low level api changes
- Huge performance improvements
- Remove GEO plugins, now you can share info between operators and directives
- New interface to share information between operators and directives, waf.Config
- Rule parser was refactored
- Lot of audit engine fixes and rework
What's Changed
- fix(op): move operator to native utf8.ValidString method by @fzipi in https://github.com/jptosso/coraza-waf/pull/88
- fix(removewhitespace): move to golang funcs by @fzipi in https://github.com/jptosso/coraza-waf/pull/92
- fix(removenull): move to golang funcs by @fzipi in https://github.com/jptosso/coraza-waf/pull/91
- fix(utf8toUnicode): change to golang standard funcs by @fzipi in https://github.com/jptosso/coraza-waf/pull/90
- fix(lint): fixes golang linter errors by @fzipi in https://github.com/jptosso/coraza-waf/pull/89
- Add error log support by @jptosso in https://github.com/jptosso/coraza-waf/pull/93
- Add tx tests by @jptosso in https://github.com/jptosso/coraza-waf/pull/94
- Bump github.com/antchfx/xmlquery from 1.3.6 to 1.3.7 by @dependabot in https://github.com/jptosso/coraza-waf/pull/95
- Bump github.com/antchfx/xmlquery from 1.3.7 to 1.3.8 by @dependabot in https://github.com/jptosso/coraza-waf/pull/96
- Bump github.com/antchfx/jsonquery from 1.1.4 to 1.1.5 by @dependabot in https://github.com/jptosso/coraza-waf/pull/97
- V2/testing rework by @jptosso in https://github.com/jptosso/coraza-waf/pull/109
- V2/testing rework by @jptosso in https://github.com/jptosso/coraza-waf/pull/110
- V2/testing rework by @jptosso in https://github.com/jptosso/coraza-waf/pull/111
- V2/directive plugins by @jptosso in https://github.com/jptosso/coraza-waf/pull/120
- V2/fix byteranges by @jptosso in https://github.com/jptosso/coraza-waf/pull/123
- Rules refactor by @jptosso in https://github.com/jptosso/coraza-waf/pull/125
- V2/crs tests by @jptosso in https://github.com/jptosso/coraza-waf/pull/128
- V2/parser rework by @jptosso in https://github.com/jptosso/coraza-waf/pull/131
- V2/audit rework by @jptosso in https://github.com/jptosso/coraza-waf/pull/133
- V2/rc1 by @jptosso in https://github.com/jptosso/coraza-waf/pull/135
- V2/tx syncpool by @jptosso in https://github.com/jptosso/coraza-waf/pull/136
New Contributors
- @fzipi made their first contribution in https://github.com/jptosso/coraza-waf/pull/88
Full Changelog: https://github.com/jptosso/coraza-waf/compare/v1.2.0...v2.0.0-rc.1
coraza
- Release v2 beta 6
Published by jptosso almost 3 years ago
Major release, it fixes tons of issues like:
- @validateByteRange
- @utf8ToUnicode
- issues with log action
- Now rules will match not only once but every variable that matches
- Setvar now supports loops
Next release is v2.0.0 final :)
coraza
- Release v2 beta 5 🦄
Published by jptosso almost 3 years ago
This is (not anymore) the final beta release (or not?), it contains:
- New macro engine
- 25%+ performance improvements
- 99,7% crs compatibility
- Minor low level api changes
v2.0 release's codename is wild pony 🦄
Next beta release will be 100% CRS compatibility and then the last low level API normalization, I will remove some pointers, change some names and unexport some stuff
coraza
- v2.0.0-beta.4
Published by jptosso almost 3 years ago
There are not many changes but I fixed a huge bug with multipart, now it's working fine.
coraza
- v2.0.0-beta.3 (api breaking)
Published by jptosso almost 3 years ago
This is the first API change to break some implementations, but keep in mind there are only small changes, like function names.
- Plugins API rework, operators.RegisterOperator was redundant and changed to operators.RegisterPlugin
- All the API is compliant against golint
- A lot of audit logging fixes
Package Rankings
Top 1.77% on Proxy.golang.org
Badges
Extracted from project README
