Releases: coreruleset/modsecurity-crs-docker
release/20250227
What's Changed
- docs: add k8s errors by @fzipi in #335
- fix: Add allowedVersions to restrict Nginx to stable releases by @nakamo326 in #337
- feat: enable running nginx containers with read-only root fs by @theseion in #210
- fix: use correct tags for read-only images by @theseion in #338
- chore(deps): update dependency modsecurity3 to v3.0.14 in docker-bake.hcl by @renovate in #333
- fix: default paranoia settings break CRS by @theseion in #339
New Contributors
- @nakamo326 made their first contribution in #337
Full Changelog: release/20250207...release/20250227
Contributors
Assets 2
release/20250207
Important
Do not use the *nginx images in this release. They are affected by a vulnerability in libmodsecurity3 v3.0.13.
What's Changed
Full Changelog: release/20250205...release/20250207
Contributors
Assets 2
release/20250205
Important
This release fixes an issue with the nginx* images in the two previous releases. Those images were accidentally built with an unstable version of the ModSecurity-Nginx nginx connector.
What's Changed
Full Changelog: release/20250201...release/20250205
Contributors
Assets 2
release/20250201
Important
Please do not use the nginx* images from this release. They are broken.
What's Changed
- chore(deps): update dependency coreruleset/coreruleset to v4.11.0 in readme.md by @renovate in #325
- fix: set correct variable names for ANOMALY_INBOUND and OUTBOUND by @franbuehler in #321
- use stable version of modsecurity nginx connector by @fichte in #328
New Contributors
Full Changelog: release/20250127...release/20250201
Contributors
Assets 2
release/20250127
Important
Please do not use the nginx* images from this release. They are broken.
What's Changed
- docs: fix default value for ALLOWED_REQUEST_CONTENT_TYPE by @andreasferber in #318
- chore(deps): update httpd docker tag to v2.4.63 in readme.md by @renovate in #322
- chore: update QEMU by @theseion in #323
New Contributors
- @andreasferber made their first contribution in #318
Full Changelog: release/20250105...release/20250127
Contributors
Assets 2
release/20250105
Important
Do not use the *nginx images in this release. They are affected by a vulnerability in libmodsecurity3 v3.0.13.
What's Changed
- fix: wait for logs when verifying by @theseion in #308
- docs: document REPORTING_LEVEL by @theseion in #312
- chore: remove openresty, no maintainer by @fzipi in #315
- feat: improve rule configuration by @theseion in #314
- chore(deps): update dependency coreruleset/coreruleset to v4.10.0 in readme.md by @renovate in #317
- fix: nginx module more headers by @fzipi in #310
Full Changelog: release/20241212...release/20250105
Contributors
Assets 2
release/20241212
Important
Do not use the *nginx images in this release. They are affected by a vulnerability in libmodsecurity3 v3.0.13.
What's Changed
Full Changelog: release/20241209...release/20241212
Contributors
Assets 2
release/20241209
Important
This release breaks the nginx images because the config tries to load a module that doesn't exist.
Please do not use this release.
What's Changed
Full Changelog: release/20241202...release/20241209
Contributors
Assets 2
release/20241202
Important
Do not use the *nginx images in this release. They are affected by a vulnerability in libmodsecurity3 v3.0.13.
What's Changed
Full Changelog: release/20241107...release/20241202
Contributors
Assets 2
release/20241107
Important
Do not use the *nginx images in this release. They are affected by a vulnerability in libmodsecurity3 v3.0.13.
What's Changed
- Fix /tmp/modsecurity/* directories permissions so nginx workers can write to them by @isavcic in #300
New Contributors
Full Changelog: release/20241030...release/20241107
