AWS Security ChangesHomeSearch

AWS waf high security documentation change

Service: waf · 2025-03-05 · Security-related high

File: waf/latest/developerguide/aws-managed-rule-groups-changelog.md

Summary

Added entry for Core Rule Set (CRS) update v1.17 with improved XSS detection signatures across multiple attack vectors.

Security assessment

Explicitly documents security improvements to XSS detection rules, indicating proactive security hardening against cross-site scripting vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md
index 63cbe1070..f318a3cb8 100644
--- a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md
+++ b/waf/latest/developerguide/aws-managed-rule-groups-changelog.md
@@ -16,0 +17,8 @@ Rule group and rules | Description | Date
+[Core rule set (CRS) managed rule group](./aws-managed-rule-groups-baseline.html#aws-managed-rule-groups-baseline-crs)
+
+  * `CrossSiteScripting_BODY`
+  * `CrossSiteScripting_COOKIE`
+  * `CrossSiteScripting_QUERYARGUMENTS`
+  * `CrossSiteScripting_URIPATH`
+
+| Released static version 1.17 of this rule group.  Improved detection signatures for the cross site scripting rules. | 2023-03-03