What's Changed
🆕 Features
- feat: implement audit log Part J (uploaded files) by @fzipi in #1591
- feat: adds SecRxPreFilter directive to control @rx prefiltering by @M4tteoP in #1589
Fixes
- fix: recognize braced hex escapes in matchesArbitraryBytes by @fzipi in #1584
- fix: use Audit flag for audit log message filtering by @fzipi in #1587
- fix: ProcessPartial when DetectionOnly, revisits
coraza.conf-recommendedby @M4tteoP in #1588 - fix: align HIGHEST_SEVERITY with ModSecurity behavior by @majiayu000 in #1569
- fix: prevent superfluous WriteHeader and use structured logging by @fzipi in #1593
- fix: disruptive action chain validation by @soujanyanmbri in #1603
🚀 Performance enhancements
- perf: store transformationValue by value in cache map by @jptosso in #1528
- perf: skip matchedVars.Reset() when map is already empty by @fzipi in #1599
Other changes
- bumps CRS to 4.25, improves ftw testing by @M4tteoP in #1580
- chore(golangci): add quality parameters to golangci by @jptosso in #1204
- chore: change renovatebot config source from local to GitHub by @fzipi in #1592
- test: add nolog, auditlog test by @jcchavezs in #1307
- tests: move one ignore to overrides by @M4tteoP in #1586
- docs: strengthen SECURITY.md with mandatory PoC and anti-LLM reporting policy by @Copilot in #1585
- fix(docs): closes code block and nits by @M4tteoP in #1598
New Contributors
- @majiayu000 made their first contribution in #1569
Full Changelog: v3.6.0...v3.7.0