Skip to content

Releases: corazawaf/coraza

v2.0.0-beta.2

27 Nov 01:21
@jptosso jptosso
v2.0.0-beta.2
4dd0ba7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0-beta.2
  • A lot of fixes
  • 99% CRS compatibility
  • Variable system rework and optimization
  • Lot of lint fixes
  • 90% coverage
  • A few low level api changes
Assets 2
Loading

v2.0.0-beta.1

19 Nov 15:52
@jptosso jptosso
v2.0.0-beta.1
89239d6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0-beta.1
  • Complete testing engine rework
  • 96%+ crs compatibility
  • Lots of bug fixes
  • A lot of linter fixes
Assets 2
Loading

v2.0.0-alpha.1

14 Nov 21:09
@jptosso jptosso
v2.0.0-alpha.1
43e047a
Compare
Choose a tag to compare
v2.0.0-alpha.1 Pre-release
Pre-release
  • Most external APIs removed
  • Types were moved to the types package
  • Variables were moved to the variables package
  • Now the plugin engine is native and part of the core design
  • New audit log plugins for writers and formatters
  • New body processor plugins system
Assets 2
Loading

v1.2.0

10 Sep 15:37
@jptosso jptosso
v1.2.0
5059f5b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0

Added Content injection (prepend and append actions)

Added a lot of debug logs

Fixed variable parser

Assets 2
Loading

v1.1.0

06 Sep 21:21
@jptosso jptosso
v1.1.0
f78c89b
Compare
Choose a tag to compare
v1.1.0
Assets 2
Loading

First stable release v1

01 Sep 21:59
@jptosso jptosso
v1.0.0
083a463
Compare
Choose a tag to compare
First stable release v1

First stable release 🎉

Welcome to the first stable release of Coraza Web Application Firewall. This version is highly stable and production ready. Fully compatible with OWASP CRS.

What is working

  • Rules
  • Directives
  • Actions
  • Operators
  • Transformations
  • Variables
  • Interruptions
  • Audit Logging

What is not working

  • JSON body processor
  • Persistent Collections

Important considerations

Most features require CGO enabled, libpcre and libinjection, if none of these are available, you won't have @detectXSS, @detectSQLi nor PCRE expressions (OWASP CRS compatibility)

Assets 2
Loading

v1.0.0-beta.7 (Final RC)

27 Aug 00:29
@jptosso jptosso
v1.0.0-beta.7
fc2e9d7
Compare
Choose a tag to compare
v1.0.0-beta.7 (Final RC) Pre-release
Pre-release

This is the final release candidate, OWASP CRS compatibility is at 96,4%

We are almost there :D

v1.0 won't contain many changes, we are production ready.

Assets 2
Loading

v1.0.0-beta.6

26 Aug 02:14
@jptosso jptosso
v1.0.0-beta.6
fc63d67
Compare
Choose a tag to compare
v1.0.0-beta.6 Pre-release
Pre-release

Many small fixes and an important fix for default variables, now they are set properly.

Assets 2
Loading

v1.0.0-beta.5

23 Aug 00:04
@jptosso jptosso
v1.0.0-beta.5
2b2b706
Compare
Choose a tag to compare
v1.0.0-beta.5 Pre-release
Pre-release

This update fixes some logging issues and an important rule variable parser bug.

Assets 2
Loading

v1.0.0-beta.4 (bugged rule parser)

21 Aug 06:13
@jptosso jptosso
v1.0.0-beta.4
f77c1bd
Compare
Choose a tag to compare
v1.0.0-beta.4 (bugged rule parser) Pre-release
Pre-release

This is the most important release by now, CGO_ENABLED=1 is not mandatory anymore, you might disable CGO but you will lose some features, check the README for more inforamtion.

  • CGO is not mandatory anymore
  • Rule variable parser was completely rewritten
  • A lot of bug fixes
  • More error reporting for seclang
  • Removed pcre-only tests
  • New URL parsing for transactions
  • Test engine api refactor
Assets 2
Loading