v3.7.0

What's Changed

🆕 Features

• feat: implement audit log Part J (uploaded files) by @fzipi in #1591
• feat: adds SecRxPreFilter directive to control @rx prefiltering by @M4tteoP in #1589

Fixes

• fix: recognize braced hex escapes in matchesArbitraryBytes by @fzipi in #1584
• fix: use Audit flag for audit log message filtering by @fzipi in #1587
• fix: ProcessPartial when DetectionOnly, revisits coraza.conf-recommended by @M4tteoP in #1588
• fix: align HIGHEST_SEVERITY with ModSecurity behavior by @majiayu000 in #1569
• fix: prevent superfluous WriteHeader and use structured logging by @fzipi in #1593
• fix: disruptive action chain validation by @soujanyanmbri in #1603

🚀 Performance enhancements

• perf: store transformationValue by value in cache map by @jptosso in #1528
• perf: skip matchedVars.Reset() when map is already empty by @fzipi in #1599

Other changes

• bumps CRS to 4.25, improves ftw testing by @M4tteoP in #1580
• chore(golangci): add quality parameters to golangci by @jptosso in #1204
• chore: change renovatebot config source from local to GitHub by @fzipi in #1592
• test: add nolog, auditlog test by @jcchavezs in #1307
• tests: move one ignore to overrides by @M4tteoP in #1586
• docs: strengthen SECURITY.md with mandatory PoC and anti-LLM reporting policy by @Copilot in #1585
• fix(docs): closes code block and nits by @M4tteoP in #1598

New Contributors

• @majiayu000 made their first contribution in #1569

Full Changelog: v3.6.0...v3.7.0

v3.6.0

What's Changed

New feature (compilation flag)

• perf: optimize @rx operator with literal pre-filtering by @jptosso in #1534

Fixes

• fix: SecAuditEngine RelevantOnly uses OR logic for status check by @fzipi in #1577
• fix: support WebSocket connections by tracking hijacked state by @fzipi in #1551
• docs,test: clarify OUTBOUND_DATA_ERROR behavior and fix phase numbers by @fzipi in #1578
• docs: updates variables by @M4tteoP in #1565

Others

• chore: ignore generated files in codecov coverage by @fzipi in #1571

Full Changelog: v3.5.0...v3.6.0

v3.5.0

What's Changed

Important

• feat: enable regex memoize by default by @jptosso in #1540

New Features

• feat: add regex support to ctl:ruleRemoveTargetById, ruleRemoveTargetByTag, and ruleRemoveTargetByMsg collection keys by @Copilot in #1561
• feat: implement SecUploadKeepFiles directive by @fzipi in #1557

Fixes

• fix(DetectionOnly): fixed RelevantOnly audit logs, improved matchedRules by @M4tteoP in #1549
• fix(deps): update module golang.org/x/net to v0.52.0 in go.mod by @renovate[bot] in #1553
• ci: increase fuzztime by @M4tteoP in #1554
• chore(ci): harden GHA workflows with least-privilege permissions by @fzipi in #1559
• docs: add structured documentation comments to variables.go by @fzipi in #1564
• chore(deps): update codecov/codecov-action action to v6 in .github/workflows/regression.yml by @renovate[bot] in #1570

Full Changelog: v3.4.0...v3.5.0

v3.4.0

What's Changed

Features

• feat: allow selectors on *_NAMES collections by @blotus in #1143
• feat: auditlog syslog writer by @Serjick in #1383
• feat: add json schema improvements by @jcchavezs in #1384
• feat: implement ctl:auditLogParts + and - for modifying audit logs by @fzipi in #1467
• feat(strmatch): add new operator by @fzipi in #1473
• feat: add optional rule observer callback to WAF config by @heaven in #1478
• feat: add WAFWithRules interface with RulesCount() by @ppomes in #1492
• feat: add SecRequestBodyJsonDepthLimit directive by @fzipi in #1110
• feat: ignore unexpected EOF in MIME multipart request body processor by @hnakamur in #1453
• feat: optimize ruleRemoveById range handling store ranges instead of expanding to int slices by @Copilot in #1538

Fixes

• fix(go1.24): bump linter by @M4tteoP in #1330
• fix(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @renovate[bot] in #1326
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.18.0 in go.mod by @renovate[bot] in #1331
• audit: H should populate also with error logs. by @M4tteoP in #1310
• fix(deps): update module github.com/rs/zerolog to v1.34.0 in testing/coreruleset/go.mod by @renovate[bot] in #1332
• fix(deps): update module golang.org/x/net to v0.38.0 in go.mod by @renovate[bot] in #1337
• fixes misspelled build tag coraza.rule.multiphase_evaluation by @daum3ns in #1338
• fix(deps): update module github.com/corazawaf/coraza-coreruleset/v4 to v4.10.0 in testing/coreruleset/go.mod by @renovate[bot] in #1341
• fix(deps): update module golang.org/x/sync to v0.13.0 in go.mod by @renovate[bot] in #1344
• fix(deps): update module golang.org/x/net to v0.39.0 in go.mod by @renovate[bot] in #1346
• fix(deps): update go modules in go.mod by @renovate[bot] in #1354
• fix(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @renovate[bot] in #1342
• fix: coraza.conf-recommended, stricter parsing actions by @M4tteoP in #1352
• fix(deps): update go modules in go.mod by @renovate[bot] in #1372
• fix: regenerate variables map to allow selection on all supported collections by @blotus in #1371
• fix: nil deference on err.Error() by @ad3n in #1367
• fix(deps): update all non-major dependencies in go.mod by @renovate[bot] in #1373
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.18.3 in go.mod by @renovate[bot] in #1374
• fix(deps): update github.com/magefile/mage digest to 78acbaf in go.mod by @renovate[bot] in #1375
• fix: resolve cutQuotedString issue with double backslashes (\) by @trgalho in #1364
• fix(deps): update module github.com/corazawaf/coraza-coreruleset/v4 to v4.15.0 in testing/coreruleset/go.mod by @renovate[bot] in #1376
• fix: wrong status returned when SecResponseBodyLimit is reached and Action is Reject by @daum3ns in #1379
• fix(deps): update module golang.org/x/sync to v0.16.0 in go.mod by @renovate[bot] in #1385
• fix(deps): update module golang.org/x/net to v0.42.0 in go.mod by @renovate[bot] in #1386
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.9.0 in testing/coreruleset/go.mod by @renovate[bot] in #1388
• fix(deps): update all non-major dependencies in testing/coreruleset/go.mod by @renovate[bot] in #1392
• Fixed mandatory check of rule ID. by @brijeshjvalera in #1325
• fix: cutQuotedString - not working for \"" by @trgalho in #1394
• fix(deps): update module golang.org/x/net to v0.43.0 in go.mod by @renovate[bot] in #1397
• fix: lowercase regex patterns for case-insensitive variable collections by @fzipi in #1505
• fix: ctl:ruleRemoveTargetById to support whole-collection exclusion by @Copilot in #1495
• fix: update constants for recursion limit by @jcchavezs in #1512
• Fix HTTP middleware to process all Transfer-Encoding values by @Copilot in #1518
• fix: set changed flag in removeComments and escapeSeqDecode by @jptosso in #1532
• fix(testing): Correct use of ProcessURI in Benchmarks by @MarcWort in #1546
• fix: typo in responseWriter name in TestWriteResponseBody by @hnakamur in #1451
• fix: streamed responses by @daum3ns in #1449
• fix: adds timeout to tinygo by @jcchavezs in #1463
• fix: pass through respose body after process partial by @M4tteoP in #1461
• fix: directive name is SecAuditLogsStorageDir by @fzipi in #1466
• fix: SecRuleUpdateActionById should replace disruptive actions by @fzipi in #1471
• fix(1482): improve quotes parsing during seclang bootstrap by @jptosso in #1486
• fix(deps): update module golang.org/x/net to v0.45.0 [security] by @renovate[bot] in #1487
• fix(deps): update module golang.org/x/sync to v0.20.0 in go.mod by @renovate[bot] in #1543

Tests

• updates CRS tests from v4.10.0 to v4.14.0 by @M4tteoP in #1355
• updates tests to CRS 4.20 by @M4tteoP in #1444
• fix tinygo tests for go 25 by @jptosso in #1485
• fix(testing): Correct use of ProcessURI in Benchmarks by @MarcWort in #1546
• Pre add testcase for streamed responses by @jcchavezs in #1459

Chores and Other

• chore(deps): update github/codeql-action digest to 1b549b9 in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1335
• chore: improves coraza.conf-recommended comments by @M4tteoP in #1334
• chore: update tinygo 0.34.0 by @M4tteoP in #1353
• Add @pmf short alias for @pmFromFile by @dmefs in #1356
• Add @ipMatchF short alias for @ipMatchFromFile by @dmefs in #1357
• chore(deps): update codecov/codecov-action digest to 18283e0 in .github/workflows/regression.yml by @renovate[bot] in #1359
• chore(deps): update github/codeql-action digest to ff0a06e in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1361
• docs: add RuiQi to integrations list by @HUAHUAI23 in #1368
• chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @renovate[bot] in #1369
• chore: add tx to context by @trgalho in #1345
• Revert "chore: add tx to context" by @jcchavezs in #1378
• chore(deps): update github/codeql-action digest to 39edc49 in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1380
• chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.3.0 [security] by @renovate[bot] in #1381
• chore(deps): update github/codeql-action digest to 181d5ee in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1382
• chore(deps): update github/codeql-action digest to d6bbdef in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1390
• chore(deps): update github/codeql-action digest to 4e828ff in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1391
• chore(deps): update github/codeql-action digest to 51f7732 in .github/workflows/codeql-analysis.yml by @renovate[bot] in #1393
• chore(deps): update actions/cache digest to 0400d5f in .github/workflows/tinygo.yml by @renovate[bot] in #1396
• chore(deps): update github/codeql-action digest to...

v3.3.3

Important

This release has a fix for GHSA-q9f5-625g-xm39.

Thanks to @blotus for finding it and providing a proper discloruse AND fix! ❤️

What's Changed

• fix(deps): update module github.com/corazawaf/coraza/v3 to v3.3.2 in testing/coreruleset/go.mod by @renovate in #1282
• chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql-analysis.yml by @renovate in #1284
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.0 in testing/coreruleset/go.mod by @renovate in #1285
• ci: add wait-for-status check by @fzipi in #1286
• chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @renovate in #1289
• chore(deps): pin poseidon/wait-for-status-checks action to 899c768 in .github/workflows/regression.yml by @renovate in #1288
• chore(deps): update github/codeql-action digest to dd196fa in .github/workflows/codeql-analysis.yml by @renovate in #1293
• chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @renovate in #1295
• fix(ci): ignore codecov tests from wait-for-status-checks by @M4tteoP in #1292
• feat: add hexDecode transformation by @tty2 in #1275
• chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @renovate in #1296
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.1 in testing/coreruleset/go.mod by @renovate in #1297
• fix(deps): update all non-major dependencies in go.mod by @renovate in #1298
• chore(deps): update github/codeql-action digest to dd74661 in .github/workflows/codeql-analysis.yml by @renovate in #1299
• fix(deps): update module golang.org/x/sync to v0.11.0 in go.mod by @renovate in #1302
• chore(deps): update github/codeql-action digest to 9e8d078 in .github/workflows/codeql-analysis.yml by @renovate in #1303
• fix(deps): update module golang.org/x/net to v0.35.0 in go.mod by @renovate in #1306
• fix(deps): update module github.com/coreruleset/go-ftw to v1.3.0 in testing/coreruleset/go.mod by @renovate in #1308
• chore(deps): update actions/cache digest to 0c907a7 in .github/workflows/tinygo.yml by @renovate in #1309
• chore(deps): update all non-major dependencies in .github/workflows/codeql-analysis.yml by @renovate in #1312
• chore: update to golang 1.23.6 by @fzipi in #1313
• inspectFile: False-positive match fixed by @vimusov in #1311
• chore(deps): update codecov/codecov-action digest to 0565863 in .github/workflows/regression.yml by @renovate in #1314
• chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tinygo.yml by @renovate in #1315
• fix(deps): update all non-major dependencies in go.mod by @renovate in #1317
• chore(deps): update module golang.org/x/crypto to v0.35.0 [security] by @renovate in #1319
• fix(deps): update module golang.org/x/net to v0.36.0 in go.mod by @renovate in #1318
• fix(deps): update go modules in go.mod by @renovate in #1320
• chore(deps): update github/codeql-action digest to 6bb031a in .github/workflows/codeql-analysis.yml by @renovate in #1323
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go.mod by @renovate in #1324
• chore(deps): update module golang.org/x/net to v0.36.0 [security] by @renovate in #1327
• chore: points to Go v1.23.0 and some clean ups by @M4tteoP in #1328

New Contributors

• @vimusov made their first contribution in #1311

Full Changelog: v3.3.2...v3.3.3

Version 3.3.2

What's Changed

• fix: warn instead of returning error on empty glob result (#1280) by @jcchavezs in #1281

Full Changelog: v3.3.1...v3.3.2

Version 3.3.1

Thanks to @cognitivegears for fixing @restpath failing on query string or extra path info. Reference #1266

What's Changed

• Fixed #1266 @restpath failing on query string or extra path info by @cognitivegears in #1267

New Contributors

• @cognitivegears made their first contribution in #1267

Full Changelog: v3.3.0...v3.3.1

v3.3.0

Another year, another version 🎉 !

Version 3.3.0 comes with some nice new features, extended compatibility with ModSecurity SecLang, and some quick performance improvements.

The minimum required Go version is 1.22.

New features:

• The coraza.rule.no_regex_multiline build tag has been added. It disables enabling by default regexes multiline modifiers in @rx operator. It aligns with CRS expected behavior, reduces false positives and might improve performances. Mind that it is planned to become the default behavior starting from the next major version. Check details and review available build tags here.
• Added support to OCSF (v1.2.0) audit log format by @durg78. Reference: #1089
• Improved compatibility with Windows by @jabdr. Reference: #1132 & #1133 & #1136 & #1137 & #1138
• Added MULTIPART_STRICT_ERROR variable. It is set when mutipart fails to parse by @fzipi, @M4tteoP. Reference: #1098 & #1166
• Added SecRuleUpdateActionById directive support by @fzipi. Reference: #1071
• Added TIME variables support by @geoolekom and @jcchavezs for the sake of compatibility with modsec and existing rulesets e.g. Imunify360. Some use cases are described in #1223 (comment). Reference: #1223 & #1242
• Allow square brackets in variables during macro expansion by @geoolekom as a query parameter can be a slice and hence its name contains square brackets. Reference: #1226
• Added base64 encode transformation by @tty2 as it wasn't supported. Reference: #1257

Fixes:

• Fixed incorrect parsing of regex in SecRule with multiple ARGS specifiers by @geekeryy. Reference: #1087
• Fixed default deny action status code to 403 by @M4tteoP. Reference: #1097
• Fixed setvar action to allow values to start with - or + by @soujanyanmbri. Reference: #1125
• Fixed macro parsing to handle additional border cases by @fzipi. Reference: #1180
• Fixed default redirect action status code by @fzipi. Reference: #1183
• Improved noisy warn level debug logging when the body limit action is ProcessPartial. Reference: #1187
• Added empty glob error when no files match by @gantony as we don't want to accidentally miss rules to be loaded because an incorrect glob. Reference: #1259
• Go version was pinned to 1.22.0 as coraza is a library and we should not target patch versions. Reference: #1246

Performance improvements

• Improvements on GetField by reducing heap allocations by @M4tteoP. Reference: #1195
• Improvements on transformArg by reducing heap allocations by @M4tteoP. Reference: #1198
• Improvements on collections by reducing heap allocations by @soujanyanmbri. Reference: #1202

What's Changed

• fix: variable parsing error by @geekeryy in #1087
• fix: deny action with default status 403 by @M4tteoP in #1097
• chore(goversion): upgrade minimum version to 1.21 by @jptosso in #1099
• feat: set MULTIPART_STRICT_ERROR value when mutipart fails to parse by @fzipi in #1098
• chore: finalizes go 1.21 bump, point to local version for crs tests, minor docs by @M4tteoP in #1102
• chore: config renovate to update up to our supported go version by @fzipi in #1105
• fix: broken renovatebot config by @fzipi in #1107
• chore(deps): pin dependencies by @renovate in #1108
• chore(deps): update github/codeql-action digest to 5cf07d8 by @renovate in #1113
• chore(README): removes mention to EOL of Modsec by @M4tteoP in #1115
• chore(deps): update github/codeql-action digest to afb54ba by @renovate in #1114
• chore(deps): update github/codeql-action digest to eb055d7 by @renovate in #1126
• fix(deps): update module golang.org/x/net to v0.28.0 by @renovate in #1127
• chore(deps): update github/codeql-action digest to 29d86d2 by @renovate in #1129
• chore(deps): update github/codeql-action digest to 429e197 by @renovate in #1130
• fix(deps): update module golang.org/x/sync to v0.8.0 by @renovate in #1124
• fix: broken TestInspectFile on windows by @jabdr in #1133
• fix: broken multipart processor on windows by @jabdr in #1137
• fix: broken TestDirectives SecUploadDir on windows by @jabdr in #1132
• fix: broken TestConcurrentWriterSuccess on windows by @jabdr in #1138
• chore(goversion): upgrade minimum version to 1.22 by @M4tteoP in #1145
• chore: update tinygo to 0.33.0 by @fzipi in #1148
• fix(deps): update module github.com/tidwall/gjson to v1.17.3 by @renovate in #1116
• feat: ocsf audit logging by @durg78 in #1089
• fix: update auditlog test names by @jcchavezs in #1152
• fix: broken TestHardcodedIncludeDirectiveDDOS2 on windows by @jabdr in #1136
• updates tests to CRS 4.5, albedo by @M4tteoP in #1122
• fix(deps): update github.com/coreruleset/go-ftw digest to 8474a93 by @renovate in #1155
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.15.0 by @renovate in #1142
• chore: ports interceptor correction by @M4tteoP in #1123
• Bug Fix: The value in the setvar should be able to start with - or +. by @soujanyanmbri in #1125
• fix(deps): update module github.com/coreruleset/albedo to v0.0.16 by @renovate in #1158
• tests: unknown key. by @jcchavezs in #1156
• chore(deps): update codecov/codecov-action digest to b9fd7d1 by @renovate in #1160
• fix(deps): update module github.com/tidwall/gjson to v1.18.0 by @renovate in #1161
• refactor: replace reflect.StringHeader with unsafe.StringData by @Juneezee in #1162
• chore(deps): update github/codeql-action digest to 2c779ab by @renovate in #1131
• fix(deps): update module golang.org/x/net to v0.30.0 by @renovate in #1165
• chore(deps): update github/codeql-action digest to 6db8d63 by @renovate in #1164
• fix: MULTIPART_STRICT_ERROR, updates CRS tests to v4.6.0 by @M4tteoP in #1166
• docs: SecAuditLogDir, removes mention of SecAuditLogStorageDir by @M4tteoP in #1167
• fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.2 by @renovate in #1172
• fix: actions comment by @fzipi in #1173
• chore(deps): update actions/setup-go digest to 41dfa10 by @renovate in #1179
• fix: apply mage format by @fzipi in #1181
• fix: handle additional broken macro definitions by @fzipi in #1180
• fix: redirect action status codes by @fzipi in #1183
• feat: add SecRuleUpdateActionById directive by @fzipi in #1071
• chore(deps): update github/codeql-action digest to 6624720 by @renovate in #1169
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.7.1 by @renovate in #1171
• chore(deps): update actions/checkout digest to 11bd719 by @renovate in #1168
• nits: SecRuleUpdateActionById doc by @M4tteoP in #1185
• chore: update renovate config to use common by @fzipi in #1184
• fix(deps): update module github.com/coreruleset/go-ftw to v1.1.0 in testing/coreruleset/go.mod by @renovate in #1188
• chore(deps): update actions/cache action to v4 in .github/workflows/tinygo.yml by @renovate in #1189
• Revert "fix(deps): update module github.com/coreruleset/go-ftw to v1.1.0 in testing/coreruleset/go.mod" by @fzipi in #1190
• fix: toolchain version in go.mod by @fzipi in #1192
• chore: refactor process body related logs and doc by @M4tteoP in #1187
• fix(deps): update module github.com/coreruleset/go-ftw to v1.1.1 in testing/coreruleset/go.mod by @renovate in #1191
• perf: GetField reduce allocations by @M4tteoP in #1195
• docs: nits and avoids mentioning not existing resources by @M4tteoP in #1203
• fix(deps): update module golang.org/x/s...

Coraza 3.2.1

This is a quick patch release to fix a potential data race that was noticed right after v3.2.0 (Thanks @MarcWort for reporting it!) and a minor fix about logging.

What's Changed

• fix: race condition on StrID by @M4tteoP in #1084
• fix: makes max size log message CRS correlation rule friendly by @M4tteoP in #1085

Full Changelog: v3.2.0...v3.2.1

Version 3.2.0

Coraza v3.2.0 comes with:

• Support for SecRuleUpdateTargetByTag, Base64DecodeExt, extended support for ranges of IDs with SecRuleUpdateTargetByID.
• Support for case-sensitive matching for ARGS keys. It currently comes under the coraza.rule.case_sensitive_args_keys. Mind that, in compliance with RFC 3986 specification, it is planned to become the default behavior starting from the next major version.
• Support for auditlog formatters for tinygo builds.
• Various bug fixes, among other things, around log generation and Coraza middleware.
• Performance implements and reduced memory allocation mostly thanks to @noboruma.
• Updated CRS support to the latest CRS v4.3.0 version.

What's Changed

• fix(deps): update module github.com/tidwall/gjson to v1.17.1 by @renovate in #1004
• fix(deps): update module golang.org/x/net to v0.22.0 by @renovate in #1011
• feat: expose expected directives for e2e test by @fionera in #1012
• avoid executing costly With if noop logger by @noboruma in #1015
• tests: covers eq operator. by @jcchavezs in #1002
• fix: RegisterWriter/RegisterFormatter case insensitive by @M4tteoP in #1026
• feat: Implements SecRuleUpdateTargetByTag, extends ByID with ranges by @M4tteoP in #1020
• tests: covers zero case in eq operator. by @jcchavezs in #1029
• feat: registers RegisterFormatters for tinygo by @M4tteoP in #1027
• fix(deps): update module golang.org/x/net to v0.23.0 by @renovate in #1033
• Fix: audit logs RelevantOnly match if interruption happens by @M4tteoP in #1025
• tests: adds logs for unexpected status code. by @jcchavezs in #1037
• fix(deps): update module golang.org/x/net to v0.24.0 by @renovate in #1035
• cache Rule ID string version by @noboruma in #1039
• chore: adds fs access check at startup time by @M4tteoP in #1030
• Add support for Base64DecodeExt by @soujanyanmbri in #1046
• fix: FuzzB64Decode regexp match for fuzzing by @fzipi in #1054
• chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 in /testing/coreruleset in the go_modules group across 1 directory by @dependabot in #1043
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.13.4 by @renovate in #1001
• fix(deps): update module github.com/petar-dambovaliev/aho-corasick to v0.0.0-20240411101913-e07a1f0e8eb4 by @renovate in #1057
• feat: add new maps with case sensitive keys by @fzipi in #1055
• fix: http parameter pollution test cases by @fzipi in #1058
• fix(deps): update module golang.org/x/sync to v0.7.0 by @renovate in #1034
• fix(deps): update module golang.org/x/net to v0.25.0 by @renovate in #1060
• fix: RemoveTargetById Args in multiphase mode by @M4tteoP in #1061
• fix: headers leaked during interruptions at phase 3/4 by @M4tteoP in #1062
• chore: deletes content temporary file on close. by @jcchavezs in #924
• chore: upgrades to CRS 4.1. by @jcchavezs in #1032
• chore: updates CRS tests to CRS4.2 by @M4tteoP in #1066
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.14.0 by @renovate in #1067
• feat: add support for case sensitive args by @fzipi in #1059
• fix: logs multiple vars matched by same rule by @M4tteoP in #1074
• fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.0 by @renovate in #1076
• fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.1 by @renovate in #1079
• fix(deps): update module golang.org/x/net to v0.26.0 by @renovate in #1075
• fix: setters of INBOUND_DATA_ERROR and OUTBOUND_DATA_ERROR by @M4tteoP in #1078
• fix(deps): update module github.com/rs/zerolog to v1.33.0 by @renovate in #1073
• chore: updates CRS tests to CRS4.3 by @M4tteoP in #1081

New Contributors (thanks a lot!)

• @fionera made their first contribution in #1012
• @noboruma made their first contribution in #1015
• @soujanyanmbri made their first contribution in #1046

Full Changelog: v3.1.0...v3.2.0