-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrades to CRS v4.0 #11
Conversation
We might even just stick with |
If I'm not mistaken, if using v4 this will need to go into a folder called v4, or a branch called v4. Just wondering what is the experience like upgrading from CRS v3 to v4 for example for modsecurity users? In Go, when a library changes major, the import statements have to change and I find it pretty annoying, in the case of this library, there would never be an API change to warrant it. But if the behavior change is too much, then it's probably worth it. The alternative is 1.4.x, 1.5.x I'm not sure how go would handle the coraza suffix, I have an impression that go interprets suffixes as prereleases or similar. I would just reserve the patch version as space to deviate from upstream, if upstream patch goes up then it goes up here, if something here causes a bump, the patch goes up and doesn't match upstream until the next minor. In practice it shouldn't be a huge issue to not match perfectly. |
Thanks for the input @anuraaga. I like the idea of having an own patch version, we just need to make sure CRS follows semver (opened an issue in coreruleset/coreruleset#3582). Still I think for 4.0.0 we can happily release |
I am merging this unless further concerns cc @anuraaga |
Friendly ping @anuraaga |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sure the module name works properly before tagging since it can be easy to require redactions when using non-v1
Yeah, I am pretty sure it won't work, it happened to me in the past. We
need to change the module name.
…On Thu, 29 Feb 2024, 00:57 Anuraag (Rag) Agrawal, ***@***.***> wrote:
***@***.**** approved this pull request.
Make sure the module name works properly before tagging since it can be
easy to require redactions when using non-v1
—
Reply to this email directly, view it on GitHub
<#11 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAQOCDF7CPK35A5GSSLYVZXGRAVCNFSM6AAAAABDSXUU3OVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTSMBXGY3TCNBZGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
I updated the module to |
As proposed in the issue, the new tag will follow CRS versioning with a coraza suffix for eventually further changes. Therefore it is going to be
v4.0.0-coraza.1
.Closes #10