This is a quick patch release to fix a potential data race that was noticed right after v3.2.0
(Thanks @MarcWort for reporting it!) and a minor fix about logging.
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.2.0...v3.2.1
Published by M4tteoP 4 months ago
Coraza v3.2.0 comes with:
SecRuleUpdateTargetByTag
, Base64DecodeExt
, extended support for ranges of IDs with SecRuleUpdateTargetByID
.ARGS
keys. It currently comes under the coraza.rule.case_sensitive_args_keys
. Mind that, in compliance with RFC 3986 specification, it is planned to become the default behavior starting from the next major version.RegisterFormatter
s for tinygo by @M4tteoP in https://github.com/corazawaf/coraza/pull/1027
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.1.0...v3.2.0
Published by jcchavezs 9 months ago
This is a new minor version release with emphasis in improving the overall logging experience, fixes for interoperability of the http middleware with other middlewares, better defaults, various fixes and a few new features like the uppercase transformation, the raw body processor (both thanks to @blotus) and a way to pass a context into a transaction to be later retrieved the error log callback.
http.Flusher
and io.ReaderFrom
implementation by @romainmenke in https://github.com/corazawaf/coraza/pull/923
ReadFrom
by @romainmenke in https://github.com/corazawaf/coraza/pull/925
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.4...v3.1.0
Published by jcchavezs about 1 year ago
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.3...v3.0.4
Published by jcchavezs about 1 year ago
log
by @M4tteoP in https://github.com/corazawaf/coraza/pull/848
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.2...v3.0.3
Published by jcchavezs over 1 year ago
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.1...v3.0.2
Published by jptosso over 1 year ago
This tag fixes a high-severity vulnerability. See https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.0...v3.0.1
Published by M4tteoP over 1 year ago
Coraza's latest v3.0.0 release brings a highly refactored engine that offers more flexibility and major improvements.
Notable changes include:
Go
and TinyGo
for WASM builds are now supported.Dataset
support: designed for in-config .data
files emulation.Many thanks to all the contributors and users that made this release possible:
Published by jcchavezs over 1 year ago
msg
/logdata
in inner rules by @M4tteoP in https://github.com/corazawaf/coraza/pull/792
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.0-rc.2...v3.0.0-rc.3
Published by jptosso over 1 year ago
Full Changelog: https://github.com/corazawaf/coraza/compare/v3.0.0-rc.1...v3.0.0-rc.2
Published by jcchavezs over 1 year ago
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0...v3.0.0-rc.1
Published by jptosso over 2 years ago
Huge performance improvements and a lot of bug fixes.
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0...v2.0.1
Published by jptosso over 2 years ago
V2 is a major rework of OWASP Coraza.
Full Changelog: https://github.com/corazawaf/coraza/compare/v1.2.0...v2.0.0
Published by jptosso over 2 years ago
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0-rc.2...v2.0.0-rc.3
Published by jptosso over 2 years ago
Full Changelog: https://github.com/corazawaf/coraza/compare/v2.0.0-rc.1...v2.0.0-rc.2
Published by jptosso almost 3 years ago
First release candidate for Coraza WAF v2
Full Changelog: https://github.com/jptosso/coraza-waf/compare/v1.2.0...v2.0.0-rc.1
Published by jptosso almost 3 years ago
Major release, it fixes tons of issues like:
Next release is v2.0.0 final :)
Published by jptosso almost 3 years ago
This is (not anymore) the final beta release (or not?), it contains:
v2.0 release's codename is wild pony 🦄
Next beta release will be 100% CRS compatibility and then the last low level API normalization, I will remove some pointers, change some names and unexport some stuff
Published by jptosso almost 3 years ago
There are not many changes but I fixed a huge bug with multipart, now it's working fine.
Published by jptosso almost 3 years ago
This is the first API change to break some implementations, but keep in mind there are only small changes, like function names.