From edbd913a0999eb0f126fce9d4b21037c3a5bccb6 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Tue, 8 Oct 2024 22:33:27 -0300 Subject: [PATCH 1/2] fix: update upstream modsecurity.conf-recommended Signed-off-by: Felipe Zipitria --- .github/workflows/verifyimage.yml | 2 +- src/etc/modsecurity.d/modsecurity.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/verifyimage.yml b/.github/workflows/verifyimage.yml index 2abe4c0..8d785e1 100644 --- a/.github/workflows/verifyimage.yml +++ b/.github/workflows/verifyimage.yml @@ -7,7 +7,7 @@ on: env: REPO: "owasp/modsecurity-crs" # sha256sum format: - MODSECURITY_RECOMMENDED: "d9e164c508218202eba13d37cf661baacb8600706e618ce93ccc91c74c51449e modsecurity.conf-recommended" + MODSECURITY_RECOMMENDED: "ccff8ba1f12428b34ff41960d8bf773dd9f62b9a7c77755247a027cb01896d4f modsecurity.conf-recommended" jobs: prepare: diff --git a/src/etc/modsecurity.d/modsecurity.conf b/src/etc/modsecurity.d/modsecurity.conf index 682924d..f6c24bb 100644 --- a/src/etc/modsecurity.d/modsecurity.conf +++ b/src/etc/modsecurity.d/modsecurity.conf @@ -65,7 +65,7 @@ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" SecRule TX:/^MSC_/ "!@streq 0" \ - "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + "id:'200005',phase:2,t:none,log,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" # Additional rules SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ From 98f69863b0efb8854c2c132b0508d0bedb2464db Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 04:59:27 +0000 Subject: [PATCH 2/2] chore(deps): update nginxinc/nginx-unprivileged docker tag to v1.27.2 in readme.md --- README.md | 2 +- docker-bake.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 34973c9..f510cc4 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Examples: ## OS Variants -* nginx – *latest stable ModSecurity v3 on Nginx 1.27.1 official stable base image, and latest stable OWASP CRS 4.7.0* +* nginx – *latest stable ModSecurity v3 on Nginx 1.27.2 official stable base image, and latest stable OWASP CRS 4.7.0* * [nginx](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile) * [nginx-alpine](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile-alpine) * Openresty - *last stable ModSecurity v3 on OpenResty 1.25.3.1 official stable base image, and latest stable OWASP CRS 4.7.0* diff --git a/docker-bake.hcl b/docker-bake.hcl index 10e58c1..5ed34e8 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -16,7 +16,7 @@ variable "crs-version" { variable "nginx-version" { # renovate: depName=nginxinc/nginx-unprivileged datasource=docker - default = "1.27.1" + default = "1.27.2" } variable "httpd-version" {