Skip to content

Pull requests: coreruleset/coreruleset

New pull request New
42 Open 1,550 Closed
42 Open 1,550 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

refactor: drop older spelling variants
#4386 opened Dec 21, 2025 by fgsch Loading…
1 of 11 tasks
5
feat: block fake mozilla/5.g user-agent release:new-detection In this PR we introduce a new detection release:new-feature This PR introduces a new feature
#4383 opened Dec 17, 2025 by EsadCetiner Loading…
2 of 11 tasks
3
fix: FPs related to maxDB information leakage
#4382 opened Dec 11, 2025 by azurit Loading…
3 of 11 tasks
1
refactor(920120, 920121): relocation of the apostrophe into a standalone rule and addition of forbidden characters
#4381 opened Dec 11, 2025 by touchweb-vincent Loading…
10
feat(931131): removing off domain check
#4379 opened Dec 9, 2025 by touchweb-vincent Loading…
1
feat: resolve common false positives with ad and tracker cookies
#4378 opened Dec 9, 2025 by EsadCetiner Loading…
3 of 11 tasks
1
1
feat(942450): add another hex + binary declaration pattern
#4374 opened Dec 7, 2025 by touchweb-vincent Loading…
4
feat(942350): added replace keyword + c-type comment evasion
#4373 opened Dec 7, 2025 by touchweb-vincent Loading…
1
fix: remove bypass-vulnerable content types from default allow lists 🏁 ready to merge
#4365 opened Nov 28, 2025 by RedXanadu Loading…
4 of 11 tasks
1
@RedXanadu
4
test(920180): avoid content-type evasion on nginx release:fix
#4347 opened Nov 17, 2025 by touchweb-vincent Loading…
5
feat(933100, 933160): added t:urlDecodeUni for JSON / XML urlencoded
#4345 opened Nov 17, 2025 by touchweb-vincent Loading…
1
feat: adding new rule 920341 to avoid content-type evasion on HTTP/2
#4341 opened Nov 14, 2025 by touchweb-vincent Loading…
39
fix(933150): reduce substring false positive matches release:fix
#4340 opened Nov 14, 2025 by EsadCetiner Loading…
6 of 11 tasks
1
4
fix(942410): cleaning of duplicates with 942151
#4336 opened Nov 13, 2025 by touchweb-vincent Loading…
7
docs: comment on threshold should be more alarming
#4330 opened Nov 10, 2025 by touchweb-vincent Loading…
18
feat(942500): stronger hardening to improve PL1 protection
#4328 opened Nov 9, 2025 by touchweb-vincent Loading…
5
feat(941120): all HTTP headers should be checked
#4327 opened Nov 9, 2025 by touchweb-vincent Loading…
4
feat(941110): all HTTP headers should be checked
#4326 opened Nov 8, 2025 by touchweb-vincent Loading…
5
fix(942350,942360): avoid comment bypass - this should be catch on PL1
#4325 opened Nov 7, 2025 by touchweb-vincent Loading…
3
feat: add rule 920442 on PL3 to detect more file extensions
#4324 opened Nov 7, 2025 by touchweb-vincent Loading…
1
feat: add rule 920441 on PL2 to detect more file extensions
#4323 opened Nov 7, 2025 by touchweb-vincent Loading…
1
chore: improves quant output with run details release:ignore Ignore for changelog release Stale
#4318 opened Nov 3, 2025 by M4tteoP Loading…
1
fix(942431): updated regex pattern to NOT include non-ascii characters release:ignore Ignore for changelog release
#4307 opened Oct 23, 2025 by azurit Loading…
1
fix(931130): Isolating 2-chars sequence with high risk of false positive on high entropy input ⚠️ do not merge Additional work or discussion is needed despite passing tests
#4304 opened Oct 22, 2025 by touchweb-vincent Loading…
25
feat: add 921500 - Nonstandard urlencode characters in path
#4302 opened Oct 22, 2025 by touchweb-vincent Loading…
3
ProTip! Follow long discussions with comments:>50.