Skip to content

update to CRS v4.3.0 #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 20, 2024
Merged

update to CRS v4.3.0 #276

merged 7 commits into from
Jun 20, 2024

Conversation

arminabf
Copy link
Contributor

@arminabf arminabf commented Jun 5, 2024

Updates the CRS version to v4.3.0

@arminabf arminabf requested a review from jcchavezs as a code owner June 5, 2024 15:04
M4tteoP
M4tteoP requested changes Jun 18, 2024
View reviewed changes
Copy link
Member

@M4tteoP M4tteoP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for raising this!

@M4tteoP
Copy link
Member

M4tteoP commented Jun 18, 2024

Regarding this, we should also agree on which are the CRS versions expected to be shipped in the wasm module. I would maybe update the CRS version until a v4.x version is marked as LTS and then clearly document (possibly also taking advantage of https://github.com/corazawaf/coraza-coreruleset) how to embed a specific CRS version, but sticking with the LTS ones in the main image. cc @jcchavezs

@arminabf @M4tteoP
enable early blocking
dcaa4ef 
Co-authored-by: Matteo Pace <[email protected]>
@arminabf
Copy link
Contributor Author

Thanks for raising this!

Thank you for the review and the suggested change!

@jcchavezs
Copy link
Member

jcchavezs commented Jun 19, 2024 via email

M4tteoP
M4tteoP reviewed Jun 19, 2024
View reviewed changes
Copy link
Member

@M4tteoP M4tteoP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Things are getting better and CRS tests are now running :)
What we are missing here is to also update them. CRS tests version is based on these lines: https://github.com/corazawaf/coraza-proxy-wasm/blob/main/ftw/Dockerfile#L10-L12.

Something like this should work (I'm unsure why we went with the sha, but try directly with the tag):

# TODO update when new CRS version is tagged: https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.0.0-rc2.tar.gz
ADD https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.3.0.tar.gz /workspace/coreruleset/
RUN cd coreruleset && tar -xf v4.3.0.tar.gz --strip-components 1

The final step will be to see if there are any failing tests and investigate why (probably some of them have a common root already spotted in Coraza upstream), I will keep an eye on it

@arminabf arminabf requested a review from M4tteoP June 19, 2024 13:12
M4tteoP
M4tteoP approved these changes Jun 19, 2024
View reviewed changes
Copy link
Member

@M4tteoP M4tteoP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a commit with a few more changes and some comments to explain them. Looks good to me, thanks again for your contribution!
@jcchavezs for a second check/approval considering rule changes

@M4tteoP M4tteoP mentioned this pull request Jun 19, 2024
Open
@arminabf
Copy link
Contributor Author

@M4tteoP, @jcchavezs Thank you for your contributions. We are eager to deploy the new version to production and would like to inquire about the timeline for the next release.

@M4tteoP
Copy link
Member

M4tteoP commented Jun 20, 2024

@arminabf plans are to have it by the end of this week including bringing in the Coraza v3.2 release that unblocks #263

@M4tteoP M4tteoP merged commit 2c5742e into corazawaf:main Jun 20, 2024
@arminabf arminabf deleted the update_crs_4_3_0 branch August 6, 2024 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcchavezs jcchavezs jcchavezs approved these changes

@M4tteoP M4tteoP M4tteoP approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arminabf @M4tteoP @jcchavezs