8000 Monthly Chat Agenda July 2024 (2024‐07‐01 and 2024‐07‐15) #3728 · Issue #3753 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Monthly Chat Agenda July 2024 (2024‐07‐01 and 2024‐07‐15) #3728 #3753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fzipi opened this issue Jul 1, 2024 · 3 comments
Closed

Monthly Chat Agenda July 2024 (2024‐07‐01 and 2024‐07‐15) #3728 #3753

fzipi opened this issue Jul 1, 2024 · 3 comments
Labels
🔖 Meeting Agenda

Comments

@fzipi
Copy link
Member
fzipi commented Jul 1, 2024
edited by dune73
Loading

This is the Agenda for the two Monthly CRS Chats.

The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-07-01, at 20:30 CEST. That's the 1st Monday of the month. A separate issue chat is happening at the same location, same time on Monday, 2024-07-15. That's the 3rd Monday of the month. Please note that we have a CRS calendar (maintained by @fzipi).

Archived previous meetings and their decision are here.

What happened in the meantime since the chat last month

Outside development

Blog posts that mention OWASP CRS found by dev-on-duty, to be added for the next meeting (external references):

Inside development

Rules

  • FIXME: Please fill in

CRS Sandbox

  • FIXME: Please fill in

Security

  • FIXME: Please fill in

Plugins

  • FIXME: Please fill in

Documentation and Public Relations

  • v4.4 release was deemed too small to require a blog post + announcements, social media, etc.
    • Probably requires a new policy, as the current release procedure document asks for publication of a blog post + mailing list announcements etc. for a release

Project Administration and Sponsor relationships

  • FIXME: Please fill in

Tools

  • go-ftw v1.0.3 released

Testing incl. Seaweed and many future plans

  • Updates on Seaweed were presented at the CRS Summit
    • new version based on docker-compose and Golang for parsing results
  • Support for platform platform specific tests using platform overrides has arrived. Includes improved schema for writing tests

Containers

  • Issue with running Docker test containers in vanilla CRS repo following changes to make containers root-less. A solution has been found and is pending.

CRS Status Page

  • Azure run failed and should be checked.

Project discussions and decisions

Rules development, key project numbers

PRs that have been merged since the last meeting

We merged 8 PRs since the last monthly project chat.

Open PRs

Open PRs marked DRAFT or work in progress or needs action

Separate 2nd Meeting (Monday, 2024-07-15)

We generally cover 10 issues per month in a separate issue meeting. Add them as you see fit.

Other topics

How to get to our slack and join the meeting?

If you are not yet on the OWASP Slack, here is your invite: https://owasp.org/slack/invite .

Everybody is welcome to join our community chat.
@franbuehler
Copy link
Contributor
franbuehler commented Jul 1, 2024
edited
Loading

Decisions / discussions July 1st 2024

CRS November Developer retreat updates

🔵 Information:

  • Details will be published in the next few weeks. But it's best to reserve the first full week in November.
  • The place will be London and we will try to maximize the amount of days we spend together, as usual.
  • This summit might bring together, for the first time, CRS, ModSecurity, and Coraza developers in a unique way
  • No naming discussions 😉

Implement JavaScript prototype pollution detection

🔵 @franbuehler will try and come up with a solution/proposal

Should CRS get involved with a new edition of the OWASP WAF Evaluation Criteria?

🔵 Ideas:

  • Pay someone to move it forward
  • Topic for the developer retreat
  • We definitely might involve OWASP somehow
  • Discussion / decision postponed

@fzipi
Copy link
Member Author
fzipi commented Jul 9, 2024

In the meantime, there are news in the #project-wafec slack channel and has been reactivated primary by the lead of Manuel Welder and Sam Stepanyan.

@airween airween mentioned this issue Jul 10, 2024
Closed
@fzipi
Copy link
Member Author
fzipi commented Jul 19, 2024

All relevant notes have been taken in the issues, closing.

@fzipi fzipi closed this as completed Jul 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🔖 Meeting Agenda
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fzipi @franbuehler
0