**Introducing a new console experience for AWS WAF**

You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html). 

# AWS Managed Rules changelog
<a name="aws-managed-rule-groups-changelog"></a>

This section lists changes to the AWS Managed Rules for AWS WAF since their release in November, 2019.

**Note**  
This changelog reports changes to the rules and rule groups in AWS Managed Rules for AWS WAF.  
For the [IP reputation rule groups](aws-managed-rule-groups-ip-rep.md), this changelog reports changes to the rules and rule group, and it reports significant changes to the sources of the IP address lists that the rules use. It does not report changes to the IP address lists themselves, due to the dynamic nature of those lists. If you have questions about the IP address lists, contact your account manager or open a case at [AWS Support Center](https://console.aws.amazon.com/support/home#/). 


| Rule group and rules | Description | Date | 
| --- | --- | --- | 
| [Windows operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-windows-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 2.4 of this rule group.  Removed `WindowsShellCommands_COOKIE` and replaced it with `WindowsShellCommands_HEADER` which matches on all headers.  Added new rule `WindowsShellCommands_URIPATH`.  Added JSON body inspection to the `WindowsShellCommands_BODY`.  Added double `URL_DECODE_UNI` and `JS_DECODE` text transformations to the WindowsShellCommands rules.  Updated WindowsShellCommands rules to reduce false positives.  | 2026-04-28 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.21 of this rule group.  Improved detection signatures for these rules.  | 2026-04-06 | 
| [PHP application managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-php-app) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) |  Released static version 2.2 of this rule group.  Improved detections and added `PHPHighRiskMethodsVariables_URIPATH` rule.  | 2026-03-24 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) New rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 5.0 of this rule group. Added 400\$1 new bots across multiple categories, including two new bot categories with their respective rules: Page Preview and Webhooks. **Key Improvements** Improved accuracy of bot detection signals and generic bot pattern matching, resulting in more precise traffic classification.  This update changes how the managed rule group prioritizes bot detection. Specific unverified bot patterns are now evaluated before generic patterns and detection signals. This means that requests are more likely to be classified based on their most specific characteristics rather than generic indicators. **What this means for your traffic:** Generic bot pattern will now match less frequently. These patterns only apply when no more specific bot rule has already identified the traffic. This reduces over-classification and ensures that requests are labeled with the most accurate bot identification available. Detection signals such as indicators that a request originates from a cloud service provider, known bot data center, or uses a non-browser user agent, are now applied after bot identification rules. This ensures that specific bot classifications take precedence over generic traffic signals. **Impact:** You may see fewer labels for generic bot patterns in your traffic logs, as requests are now more accurately classified by specific bot rules. This provides clearer insight into the actual nature of your automated traffic and reduces noise from overly broad pattern matching. Unverified bot classifications will be more prominent and accurate, helping you better understand and manage automated requests to your applications. **Note:** This version includes the `awswaf:managed:aws:bot-control:bot:web_bot_auth` labels and rules updates from Version\$14.0, but the `Web Bot Auth` functionality is still only available in CloudFront.  | 2026-02-25 | 
| [POSIX operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-posix-os)  |  Released static version 3.2 of this rule group.  Improved detection signatures for all the rules.  | 2026-01-15 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.25 of this rule group. Updated the `ReactJSRCE_BODY` to improve detection.  | 2025-12-08 | 
| [POSIX operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-posix-os)  |  Released static version 3.1 of this rule group.  Improved detection signatures for all the rules.  | 2025-12-08 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.24 of this rule group. Updated the `ReactJSRCE_BODY` to improve detection.  | 2025-12-04 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) New labels:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) Scope: CloudFront |  Deployed new static version `AWSManagedRulesBotControlRuleSet` Version\$14.0 with Web Bot Authentication (WBA) support for cryptographic bot verification. This version must be explicitly selected and does not automatically update existing deployments using the default version. New capabilities: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) Rule updates: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  Version\$14.0 is a static version only – it does not change the default version behavior. To use WBA features, explicitly select Version \$14.0 when configuring your web ACL.   | 2025-11-20 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) New verified bot labels:Advertising:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)AI:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)Content Fetcher:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)Social Media:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) |  Key improvements:  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  Bot category rules in Bot Control trigger only on unverified bots, except for CategoryAI which also triggers on verified bots. Version\$13.3 is a static version only – it doesn't change the default version behavior.   | 2025-11-17 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.20 of this rule group.  Improved detection signatures for the Server Side Request Forgery (SSRF) rules.  | 2025-10-02 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.19 of this rule group.  Improved detection signatures for the cross site scripting rules.  | 2025-08-14 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.18 of this rule group.  Improved detection signatures for the cross site scripting rules.  | 2025-06-18 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) New labels: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 3.2 of this rule group.  Added the listed new labels.   | 2025-05-29 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.17 of this rule group.  Improved detection signatures for the cross site scripting rules.  | 2025-03-03 | 
| [SQL database managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-sql-db) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.3 of this rule group.  Added double `URL_DECODE_UNI` text transformation to the listed rules.  | 2025-01-24 | 
| [Linux operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-linux-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.6 of this rule group.  Added signatures to improve detection.   | 2025-01-24 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) New bot name label in the Bot Control labels: `awswaf:managed:aws:bot-control:bot::name:nytimes`  | Released static version 3.1 of this rule group.  Added the New York Times label to the list of bot name labels.   | 2024-11-07 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.16 of this rule group.  Improved detection signatures for the cross site scripting rules.   | 2024-10-16 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) New rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) Deleted rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) New labels: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html) Additional labeling in existing rules.  | Released static versions 2.0 and 3.0 of this rule group. Version 2.0 is the same as version 3.0, but with rule actions for all new rules set to Count. This guide documents the latest version of each rule group.  Added the listed new rules.  Updated labeling so that all rules apply a label with the pattern `awswaf:managed:aws:bot-control:<RuleName>`.  Added cloud service provider labels to the Bot Control signal labels.  Added new bot name labels that are inspected for by bot category rules.   | 2024-09-13 | 
| [AWS WAF Fraud Control account takeover prevention (ATP) rule group](aws-managed-rule-groups-atp.md) All rules  | Released static version 1.1 of this rule group.  Updated labeling so that all rules apply a label with the pattern `awswaf:managed:aws:atp:<RuleName>`.   | 2024-09-13 | 
| [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](aws-managed-rule-groups-acfp.md) All rules  | Released static version 1.1 of this rule group.  Updated labeling so that all rules apply a label with the pattern `awswaf:managed:aws:acfp:<RuleName>`.   | 2024-09-13 | 
| [Linux operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-linux-os) All rules  | Released static version 2.5 of this rule group.  Added signatures to improve detection.   | 2024-09-02 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.15 of this rule group.  Improved detection signatures for the generic LFI rules.   | 2024-08-30 | 
| [Windows operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-windows-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.3 of this rule group.  Adjusted detection signatures in the listed rules to reduce false positives.   | 2024-08-28 | 
| [WordPress application managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-wordpress-app) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.3 of this rule group.  Added the JS\$1DECODE text transformation to the listed rule.   | 2024-07-15 | 
| [Linux operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-linux-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.4 of this rule group.  Added the JS\$1DECODE text transformation to the listed rule.   | 2024-07-12 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.14 of this rule group.  Added the JS\$1DECODE text transformation to the listed rules.   | 2024-07-09 | 
| [PHP application managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-php-app) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.1 of this rule group.  Added the JS\$1DECODE text transformation to the listed rules.   | 2024-07-03 | 
| [Windows operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-windows-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.2 of this rule group.  Added the JS\$1DECODE text transformation to the listed rules.   | 2024-07-03 | 
| [Linux operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-linux-os) All rules  | Released static version 2.3 of this rule group.  Added signatures to improve detection.   | 2024-06-06 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) [AWS WAF Fraud Control account takeover prevention (ATP) rule group](aws-managed-rule-groups-atp.md) [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](aws-managed-rule-groups-acfp.md)  | The bot and fraud rule groups are now versioned. If you're using any of these rule groups, this update doesn't change how they handle your web traffic.  This update sets the current rule group version to static version 1.0 and sets the default version to point to it.  For more information about versioned managed rules, see the following:  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | 2024-05-29 | 
| [POSIX operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-posix-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 3.0 of this rule group.  Removed `UNIXShellCommandsVariables_QUERYARGUMENTS` and replaced it with `UNIXShellCommandsVariables_QUERYSTRING`. If you have rules that match on the label for `UNIXShellCommandsVariables_QUERYARGUMENTS`, when you use this version, switch them to match on the label for `UNIXShellCommandsVariables_QUERYSTRING`. The new label is `awswaf:managed:aws:posix-os:UNIXShellCommandsVariables_QueryString`. Added the rule `UNIXShellCommandsVariables_HEADER`, which matches on all headers. Updated all the rules in the managed rule group with improved detection logic.  Corrected the documented capitalization of the label for `UNIXShellCommandsVariables_BODY`.   | 2024-05-28 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.12 of this rule group.  Added signatures to all of the cross site scripting rules to improve detection and reduce false positives.  | 2024-05-21 | 
| [SQL database managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-sql-db) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released static version 1.2 of this rule group. Added the `JS_DECODE` text transformation to the listed rules.   | 2024-05-14 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.22 of this rule group. Added the `JS_DECODE` text transformation to the listed rules.   | 2024-05-08 | 
| [POSIX operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-posix-os)  | Released static version 2.2 of this rule group.  Added the `JS_DECODE` text transformation to both rules.   | 2024-05-08 | 
| [Windows operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-windows-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.1 of this rule group.  Added signatures to `PowerShellCommands_BODY` to improve detection.   | 2024-05-03 | 
| [Amazon IP reputation list managed rule group](aws-managed-rule-groups-ip-rep.md#aws-managed-rule-groups-ip-rep-amazon) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Updated the sources of the IP reputation list, to improve identification of addresses that are actively engaging in malicious activities and to reduce false positives.  This update doesn't involve a new version because this rule group isn't versioned.   | 2024-03-13 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)  | Released static version 1.21 of this rule group. Added signatures to improve detection and reduce false positives.   | 2023-12-16 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.20 of this rule group. Updated the `ExploitablePaths_URIPATH` rule to add detection for requests that match the Atlassian Confluence CVE-2023-22518 Improper Authorization vulnerability. This vulnerability affects all versions of Confluence Data Center and Server. For more information, see [NIST: National Vulnerability Database: CVE-2023-22518 Detail](https://nvd.nist.gov/vuln/detail/CVE-2023-22518).  | 2023-12-14 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.11 of this rule group.  Added signatures to all of the cross site scripting rules to improve detection and reduce false positives.  | 2023-12-06 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added the coordinated activity low label to the rule group's targeted protection level labels. This label isn't associated with any rule. This labeling is in addition to the medium and high level rules and labels.  | 2023-12-05 | 
| [Bot Control labels](aws-managed-rule-groups-bot.md#aws-managed-rule-groups-bot-labels-rg) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added a signal label to the rule group that indicates the detection of a browser extension that assists in automation. This label isn't specific to an individual rule.   | 2023-11-14 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.10 of this rule group.  Updated one rule to improve detection and reduce false positives.  | 2023-11-02 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.9 of this rule group.  Updated rules to improve detection and reduce false positives.  | 2023-10-30 | 
| [POSIX operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-posix-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.1 of this rule group.  Updated the query arguments rule to improve detection.   | 2023-10-12 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.8 of this rule group.  Updated rules to improve detection.  | 2023-10-11 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Exception deployment: released static version 1.19 of this rule group. Updated the default version to use version 1.19. Updated the `ExploitablePaths_URIPATH` rule to add detection for requests matching the Atlassian Confluence CVE-2023-22515 Privilege Escalation Vulnerability. This vulnerability affects some versions of Atlassian Confluence. For more information, see [NIST: National Vulnerability Database: CVE-2023-22515 Detail](https://nvd.nist.gov/vuln/detail/CVE-2023-22515) and [Atlassian Support: FAQ for CVE-2023-22515](https://confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html). For information about this deployment type, see [Exception deployments for AWS Managed Rules](waf-managed-rule-groups-deployments-exceptions.md). | 2023-10-04 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Exception deployment: released static version 1.18 of this rule group. This is a quick rollout of this static version to accommodate the creation and rollout of version 1.19.  Updated the `Host_localhost_HEADER` rule and all Log4J and Java deserialization rules for improved detection.  For information about this deployment type, see [Exception deployments for AWS Managed Rules](waf-managed-rule-groups-deployments-exceptions.md). | 2023-10-04 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added rules to the rule group with Count action.  The token reuse IP rule detects and counts token sharing across IP addresses.  The coordinated activity rules use automated, machine-learning (ML) analysis of website traffic to detect bot-related activity. In your rule group configuration, you can opt out of the use of ML. With this release, customers who are currently using the targeted protection level are opted in to the use of ML. Opting out disables the coordinated activity rules.  | 2023-09-06 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added the rule `CategoryAI` to the rule group.  | 2023-08-30 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.7 of this rule group.  Updated restricted extensions and EC2 metadata SSRF rules to improve detection and reduce false positives.  | 2023-07-26 | 
| [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](aws-managed-rule-groups-acfp.md) All rules in new rule group  | Added the rule group AWSManagedRulesACFPRuleSet.  | 2023-06-13 | 
| [Linux operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-linux-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.2 of this rule group.  Added signatures to improve detection.   | 2023-05-22 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.6 of this rule group.  Updated cross-site scripting (XSS) and restricted extension rules to improve detection and reduce false positives.  | 2023-04-28 | 
| [PHP application managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-php-app) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.0 of this rule group.  Added signatures to improve detection in all rules.  Replaced the rule `PHPHighRiskMethodsVariables_QUERYARGUMENTS` with `PHPHighRiskMethodsVariables_QUERYSTRING`, which inspects the entire query string instead of just the query arguments.  Added the rule `PHPHighRiskMethodsVariables_HEADER`, to expand coverage to include all headers. Updated the following labels to align with standard AWS Managed Rules labeling: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | 2023-02-27 | 
| [AWS WAF Fraud Control account takeover prevention (ATP) rule group](aws-managed-rule-groups-atp.md)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added login response inspection rules for use with protected Amazon CloudFront distributions. These rules can block new login attempts from IP addresses and client sessions that have recently been the source of too many failed login attempts.  | 2023-02-15 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.5 of this rule group.  Updated Cross Site Scripting (XSS) filters to improve detection.  | 2023-01-25 | 
| [Linux operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-linux-os) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 2.1 of this rule group.  Removed the rule `LFI_COOKIE` and its label `awswaf:managed:aws:linux-os:LFI_Cookie`, and replaced them with the new rule `LFI_HEADER` and its label `awswaf:managed:aws:linux-os:LFI_Header`. This change expands inspection to multiple headers.  Added text transformations and signatures to all rules to improve detection.  | 2022-12-15 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.4 of this rule group.  Added a text transformation to `NoUserAgent_HEADER` to remove all null bytes. Updated the filters in the cross-site scripting rules to improve detection.  | 2022-12-05 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.17 of this rule group.  Updated the Java deserialization rules to add detection for requests matching Apache CVE-2022-42889, a remote code execution (RCE) vulnerability in Apache Commons Text versions prior to 1.10.0. For more information, see [NIST: National Vulnerability Database: CVE-2022-42889 Detail](https://nvd.nist.gov/vuln/detail/CVE-2022-42889) and [CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults](https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om). Improved detection in `Host_localhost_HEADER`. | 2022-10-20 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.16 of this rule group.  Removed false positives that AWS identified in version 1.15. | 2022-10-05 | 
| [POSIX operating system managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-posix-os) [PHP application managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-php-app)  [WordPress application managed rule group](aws-managed-rule-groups-use-case.md#aws-managed-rule-groups-use-case-wordpress-app)   | Corrected the documented label names.   | 2022-09-19 | 
| [IP reputation rule groups](aws-managed-rule-groups-ip-rep.md) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | This change doesn't alter how the rule group handles web traffic. Added a new rule with Count action to inspect for IP addresses that are actively engaging in DDoS activities, according to Amazon threat intelligence.  | 2022-08-30 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released static version 1.15 of this rule group.  Removed `Log4JRCE` and replaced it with `Log4JRCE_HEADER`, `Log4JRCE_QUERYSTRING`, `Log4JRCE_URI`, and `Log4JRCE_BODY`, for more granular monitoring and management of false positives.  Added signatures for improved detection and blocking to `PROPFIND_METHOD` and to all `JavaDeserializationRCE*` and `Log4JRCE*` rules.  Updated labels to correct capitalization in `Host_localhost_HEADER` and in all `JavaDeserializationRCE*` rules.  Corrected the description of `JavaDeserializationRCE_HEADER`. | 2022-08-22 | 
| [AWS WAF Fraud Control account takeover prevention (ATP) rule group](aws-managed-rule-groups-atp.md)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added a rule to prevent the use of the account takeover prevention managed rule group for Amazon Cognito user pool web traffic.  | 2022-08-11 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs)  | AWS has scheduled expiration for versions `Version_1.2` and `Version_2.0` of the rule group. The versions will expire on September 9, 2022. For information about version expiration, see [Using versioned managed rule groups in AWS WAF](waf-managed-rule-groups-versioning.md). | 2022-06-09 | 
| [Core rule set (CRS) managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-crs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.3 of this rule group. This release updates the match signatures in the rules `GenericLFI_URIPATH` and `GenericRFI_URIPATH`, to improve detection.  | 2022-05-24 | 
| [AWS WAF Bot Control rule group](aws-managed-rule-groups-bot.md)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added the rule `CategoryEmailClient` to the rule group.  | 2022-04-06 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.14 of this rule group. The four `JavaDeserializtionRCE` rules are moved to Block mode. | 2022-03-31 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.13 of this rule group. Updated the text transformation for Spring Core and Cloud Function RCE vulnerabilities. These rules are in count mode to gather metrics and evaluate matched patterns. The label can be used to block requests in a custom rule. A subsequent version will be deployed with these rules in block mode. | 2022-03-31 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.12 of this rule group. Added signatures for Spring Core and Cloud Function RCE vulnerabilities. These rules are in count mode to gather metrics and evaluate matched patterns. The label can be used to block requests in a custom rule. A subsequent version will be deployed with these rules in block mode. Removed the rules `Log4JRCE_HEADER`, `Log4JRCE_QUERYSTRING`, `Log4JRCE_URI`, and `Log4JRCE_BODY` and replaced them with the rule `Log4JRCE`. | 2022-03-30 | 
| [IP reputation rule groups](aws-managed-rule-groups-ip-rep.md) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Updated the AWSManagedReconnaissanceList rule to change the action from count to block.  | 2022-02-15 | 
| [AWS WAF Fraud Control account takeover prevention (ATP) rule group](aws-managed-rule-groups-atp.md) All rules in new rule group  | Added the rule group AWSManagedRulesATPRuleSet.  | 2022-02-11 | 
| [Known bad inputs managed rule group](aws-managed-rule-groups-baseline.md#aws-managed-rule-groups-baseline-known-bad-inputs)[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.9 of this rule group. Removed the rule `Log4JRCE` and replaced it with the rules `Log4JRCE_HEADER`, `Log4JRCE_QUERYSTRING`, `Log4JRCE_URI`, and `Log4JRCE_BODY`, for flexibility in the use of this functionality. Added signatures to improve detection and blocking. | 2022-01-28 | 
| Core rule set (CRS) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released version 2.0 of this rule group. For these rules, tuned detection signatures to reduce false positives. Replaced the `URL_DECODE` text transformation with the double `URL_DECODE_UNI` text transformation. Added the `HTML_ENTITY_DECODE` text transformation.  | 2022-01-10 | 
| Core rule set (CRS) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  As part of the release of version 2.0 of this rule group, added the `URL_DECODE_UNI` text transformation. Removed the `URL_DECODE` text transformation from `RestrictedExtensions_URIPATH`.  | 2022-01-10 | 
| SQL database [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  |  Released version 2.0 of this rule group. Replaced the `URL_DECODE` text transformation with the double `URL_DECODE_UNI` text transformation and added the `COMPRESS_WHITE_SPACE` text transformation. Added more detection signatures to `SQLiExtendedPatterns_QUERYARGUMENTS`. Added JSON inspection to `SQLi_BODY`. Added the rule `SQLiExtendedPatterns_BODY`. Removed the rule `SQLi_URIPATH`.  | 2022-01-10 | 
| Known bad inputs [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.8 of the rule `Log4JRCE` to improve header inspection and matching criteria. | 2021-12-17 | 
| Known bad inputs [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Released version 1.4 of the rule `Log4JRCE` to tune the matching criteria and to inspect additional headers. Released version 1.5 to tune the matching criteria. | 2021-12-11 | 
| Known bad inputs [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html)  | Added the rule `Log4JRCE` version 1.2 in response to the recently disclosed security issue within Log4j. For information see [CVE-2021-44228](https://www.cve.org/CVERecord?id=CVE-2021-44228). This rule inspects common URI paths, query strings, the first 8KB of the request body, and common headers. The rule uses double `URL_DECODE_UNI` text transformations. Released version 1.3 of `Log4JRCE` to tune the matching criteria and to inspect additional headers.  Removed the rule `BadAuthToken_COOKIE_AUTHORIZATION`.  | 2021-12-10 | 

The following table lists changes prior to December, 2021. 


| Rule group and rules | Description | Date | 
| --- | --- | --- | 
| Amazon IP reputation list | `AWSManagedReconnaissanceList` | Added the AWSManagedReconnaissanceList rule in monitoring/count mode. This rule contains IP addresses that are performing reconnaissance against AWS resources. | 2021-11-23 | 
| Windows operating system |  `WindowsShellCommands` `PowerShellCommands`  |  Added three new rules for WindowsShell commands: `WindowsShellCommands_COOKIE`, `WindowsShellCommands_QUERYARGUMENTS`, and `WindowsShellCommands_BODY`. Added a new PowerShell rule: `PowerShellCommands_COOKIE`. Restructured the `PowerShellComands` rules naming by removing the string \$1Set1 and \$1Set2. Added more comprehensive detection signatures to `PowerShellRules`. Added `URL_DECODE_UNI` text transformation to all Windows operating system rules.  | 2021-11-23 | 
| Linux operating system |  `LFI_URIPATH` `LFI_QUERYSTRING` `LFI_BODY` `LFI_COOKIE`  |  Replaced double `URL_DECODE` text transformation with double `URL_DECODE_UNI`. Added `NORMALIZE_PATH_WIN` as a second text transformation. Replaced the `LFI_BODY` rule with the `LFI_COOKIE` rule. Added more comprehensive detection signatures for all `LFI` rules.  | 2021-11-23 | 
| Core rule set (CRS) |  `SizeRestrictions_BODY`  | Reduced the size limit to block web requests with body payloads larger than 8 KB. Previously, the limit was 10 KB.  | 2021-10-27 | 
| Core rule set (CRS) |  `EC2MetaDataSSRF_BODY` `EC2MetaDataSSRF_COOKIE` `EC2MetaDataSSRF_URIPATH` `EC2MetaDataSSRF_QUERYARGUMENTS`  | Added more detection signatures. Added double unicode URL decode to improve blocking.  | 2021-10-27 | 
| Core rule set (CRS) |  `GenericLFI_QUERYARGUMENTS` `GenericLFI_URIPATH` `RestrictedExtensions_URIPATH` `RestrictedExtensions_QUERYARGUMENTS`  | Added double unicode URL decode to improve blocking.  | 2021-10-27 | 
| Core rule set (CRS) |  `GenericRFI_QUERYARGUMENTS` `GenericRFI_BODY` `GenericRFI_URIPATH`  | Updated the rule signatures to reduce false positives, based on customer feedback. Added double unicode URL decode to improve blocking.  | 2021-10-27 | 
| All | All rules | Added support for AWS WAF labels to all rules that didn't already support labeling.  | 2021-10-25 | 
| Amazon IP reputation list | `AWSManagedIPReputationList_xxxx` | Restructured the IP reputation list, removed suffixes from rule name, and added support for AWS WAF labels.  | 2021-05-04 | 
| Anonymous IP list | `AnonymousIPList` `HostingProviderList` | Added support for AWS WAF labels.  | 2021-05-04 | 
| Bot Control | All | Added the Bot Control rule set.  | 2021-04-01 | 
| Core rule set (CRS) | `GenericRFI_QUERYARGUMENTS`  | Added double URL decode.  | 2021-03-03 | 
| Core rule set (CRS) | `RestrictedExtensions_URIPATH`  | Improved the configuration of the rules and added an extra URL decode.  | 2021-03-03 | 
| Admin protection | `AdminProtection_URIPATH`  | Added double URL decode.  | 2021-03-03 | 
| Known bad inputs | `ExploitablePaths_URIPATH`  | Improved the configuration of the rules and added an extra URL decode.  | 2021-03-03 | 
| Linux operating system | `LFI_QUERYARGUMENTS`  | Improved the configuration of the rules and added an extra URL decode.  | 2021-03-03 | 
| Windows operating system | All | Improved the configuration of the rules.  | 2020-09-23 | 
| PHP application | `PHPHighRiskMethodsVariables_QUERYARGUMENTS` `PHPHighRiskMethodsVariables_BODY`  | Changed the text transformation from HTML decode to URL decode, to improve blocking.  | 2020-09-16 | 
| POSIX operating system | `UNIXShellCommandsVariables_QUERYARGUMENTS` `UNIXShellCommandsVariables_BODY`  | Changed the text transformation from HTML decode to URL decode, to improve blocking.  | 2020-09-16 | 
| Core rule set | `GenericLFI_QUERYARGUMENTS` `GenericLFI_URIPATH` GenericLFI\$1BODY  | Changed the text transformation from HTML decode to URL decode, to improve blocking.  | 2020-08-07 | 
| Linux operating system | `LFI_URIPATH` `LFI_QUERYARGUMENTS` `LFI_BODY`  | Changed the text transformation from HTML entity decode to URL decode, to improve detection and blocking.  | 2020-05-19 | 
| Anonymous IP List | All | New rule group in [IP reputation rule groups](aws-managed-rule-groups-ip-rep.md) to block requests from services that permit the obfuscation of viewer identity, to help mitigate bots and evasion of geographic restrictions.  | 2020-03-06 | 
| WordPress application | `WordPressExploitableCommands_QUERYSTRING`  | New rule that checks for exploitable commands in the query string. | 2020-03-03 | 
| Core rule set (CRS) | `SizeRestrictions_QUERYSTRING` `SizeRestrictions_Cookie_HEADER` `SizeRestrictions_BODY` `SizeRestrictions_URIPATH`  | Adjusted the size value constraints for improved accuracy.  | 2020-03-03 | 
| SQL database | `SQLi_URIPATH`  | The rules now check the message URI. | 2020-01-23 | 
| SQL database | `SQLi_BODY` `SQLi_QUERYARGUMENTS` `SQLi_COOKIE`  | Updated text transformations. | 2019-12-20 | 
| Core rule set (CRS) | `CrossSiteScripting_URIPATH` `CrossSiteScripting_BODY` `CrossSiteScripting_QUERYARGUMENTS` `CrossSiteScripting_COOKIE`  | Updated text transformations. | 2019-12-20 |