AWS Security ChangesHomeSearch

AWS waf high security documentation change

Service: waf · 2025-08-19 · Security-related high

File: waf/latest/developerguide/aws-managed-rule-groups-changelog.md

Summary

Added documentation for Core Rule Set (CRS) version 1.19 with improved cross-site scripting (XSS) detection signatures.

Security assessment

The update explicitly mentions improved XSS detection, which addresses web application security vulnerabilities. Enhanced detection capabilities directly mitigate security risks associated with XSS attacks.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-changelog.md b/waf/latest/developerguide/aws-managed-rule-groups-changelog.md
index dd60d7933..8014e8d05 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-changelog.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-changelog.md
@@ -27,0 +28,8 @@ Rule group and rules | Description | Date
+|  Released static version 1.19 of this rule group.  Improved detection signatures for the cross site scripting rules. | 2025-08-14  
+[Core rule set (CRS) managed rule group](./aws-managed-rule-groups-baseline.html#aws-managed-rule-groups-baseline-crs)
+
+  * `CrossSiteScripting_BODY`
+  * `CrossSiteScripting_COOKIE`
+  * `CrossSiteScripting_QUERYARGUMENTS`
+  * `CrossSiteScripting_URIPATH`
+