AWS waf documentation change
Summary
Added console experience notice and updated Core Rule Set (CRS) with improved XSS detection signatures in version 1.18
Security assessment
Documentation of improved XSS detection signatures enhances security feature documentation but doesn't indicate remediation of a specific vulnerability
Diff
diff --git a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md b/waf/latest/developerguide/aws-managed-rule-groups-changelog.md index 2a3068383..9cc1d792d 100644 --- a//waf/latest/developerguide/aws-managed-rule-groups-changelog.md +++ b//waf/latest/developerguide/aws-managed-rule-groups-changelog.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -16,0 +21,8 @@ Rule group and rules | Description | Date +[Core rule set (CRS) managed rule group](./aws-managed-rule-groups-baseline.html#aws-managed-rule-groups-baseline-crs) + + * `CrossSiteScripting_BODY` + * `CrossSiteScripting_COOKIE` + * `CrossSiteScripting_QUERYARGUMENTS` + * `CrossSiteScripting_URIPATH` + +| Released static version 1.18 of this rule group. Improved detection signatures for the cross site scripting rules. | 2025-06-18