AWS waf high security documentation change
Summary
Added documentation for Core Rule Set (CRS) version 1.19 with improved cross-site scripting (XSS) detection signatures.
Security assessment
The update explicitly mentions improved XSS detection, which addresses web application security vulnerabilities. Enhanced detection capabilities directly mitigate security risks associated with XSS attacks.
Diff
diff --git a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md b/waf/latest/developerguide/aws-managed-rule-groups-changelog.md index dd60d7933..8014e8d05 100644 --- a//waf/latest/developerguide/aws-managed-rule-groups-changelog.md +++ b//waf/latest/developerguide/aws-managed-rule-groups-changelog.md @@ -27,0 +28,8 @@ Rule group and rules | Description | Date +| Released static version 1.19 of this rule group. Improved detection signatures for the cross site scripting rules. | 2025-08-14 +[Core rule set (CRS) managed rule group](./aws-managed-rule-groups-baseline.html#aws-managed-rule-groups-baseline-crs) + + * `CrossSiteScripting_BODY` + * `CrossSiteScripting_COOKIE` + * `CrossSiteScripting_QUERYARGUMENTS` + * `CrossSiteScripting_URIPATH` +