OWASP ModSecurity Core Rule Set (CRS) v2.0.8 Released

Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.
Download page
You can also use the util/rules-updater.pl script to auto-download the latest ZIP archive (see the rules-updater-example.conf file for Repo data).
We have integrated the new CRS into the Demo page to help facilitate community testing -
Version 2.0.8 - 08/27/2010
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo == bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters
Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed rules-updater.pl script to better handle whitespace
- Fixed missing pass action bug in modsecurity_crs_21_protocol_anomalies.conf
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf file
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false postives

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.