docs: document shipped ModSecurity versions in README and wire Renovate to keep them updated

[Copilot]

The README’s OS variant section listed web server and CRS versions but not the exact ModSecurity releases being shipped. This change adds explicit ModSecurity versions and extends Renovate docs regex managers so those README values stay in sync with upstream ModSecurity releases.

• README: OS variants now include concrete ModSecurity releases

  • Updated nginx variant text to include ModSecurity v3.0.15
  • Updated Apache variant text to include ModSecurity v2.9.13

• Renovate: added docs managers for ModSecurity version strings

  • Added Docs: ModSecurity v3 manager for the nginx line in README.md
  • Added Docs: ModSecurity v2 manager for the Apache line in README.md
  • Both managers track owasp-modsecurity/ModSecurity GitHub releases and update captured semver in place

{
  "description": "Docs: ModSecurity v3",
  "matchStrings": [
    ".*ModSecurity v(?<currentValue>\\d+\\.\\d+\\.\\d+) on Nginx"
  ],
  "depNameTemplate": "ModSecurity3",
  "packageNameTemplate": "owasp-modsecurity/ModSecurity",
  "datasourceTemplate": "github-releases"
}

Summary by CodeRabbit

Documentation

• Clarified OS Variants section with specific ModSecurity versions and corresponding official base image versions for both nginx and Apache httpd environments
• Retained reference to latest stable OWASP CRS 4.26.0

Chores

• Implemented automated version tracking for ModSecurity documentation references

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates documentation with specific ModSecurity and base image versions for nginx and Apache httpd, replacing generic "latest stable" terminology. It then adds Renovate custom managers to automatically extract and track these versions from the README against GitHub releases.

Changes

ModSecurity Version Documentation and Automation

Layer / File(s)	Summary
README Version Specifications README.md	OS Variants section specifies exact ModSecurity versions for nginx and Apache httpd with corresponding upstream base image versions.
Renovate Custom Managers renovate.json	Two regex-based customManagers added to extract ModSecurity versions from README.md and track updates via github-releases datasource for both nginx and Apache variants.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related issues

• coreruleset/modsecurity-crs-docker#423: README OS Variants versioning and Renovate configuration for ModSecurity documentation version tracking directly address this issue's requirements.

Possibly related PRs

• coreruleset/modsecurity-crs-docker#421: Updates README OS variant version strings for nginx/ModSecurity which the renovate.json customManagers now track for automated updates.

Suggested labels

dependencies, github-releases

Suggested reviewers

• fzipi

Poem

🐰 A rabbit hops through version strings so clear,
No more "latest" guesses, specifics appear!
Renovate now watches with careful eyes,
Keeping ModSecurity updated and wise. 🔒✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title directly and accurately describes the main changes: documenting ModSecurity versions in README and configuring Renovate to maintain those versions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch copilot/update-readme-modsecurity-versions

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

renovate.json (1)

101-118: ⚡ Quick win

Add extractVersionTemplate to prevent "v" prefix in version replacements.

Both ModSecurity v3 (line 101) and v2 (line 114) configurations use github-releases datasource, which tags releases as vX.Y.Z. Without extractVersionTemplate, Renovate will write the "v" prefix directly into the captured numeric slot. Add extractVersionTemplate to strip it during replacement.

Suggested patch

     {
       "description": "Docs: ModSecurity v3",
       "customType": "regex",
       "managerFilePatterns": [
         "/^README\\.md$/"
       ],
       "matchStrings": [
         ".*ModSecurity v(?<currentValue>\\d+\\.\\d+\\.\\d+) on Nginx"
       ],
+      "extractVersionTemplate": "^v?(?<version>\\d+\\.\\d+\\.\\d+)$",
       "depNameTemplate": "ModSecurity3",
       "packageNameTemplate": "owasp-modsecurity/ModSecurity",
       "datasourceTemplate": "github-releases"
     },
     {
       "description": "Docs: ModSecurity v2",
       "customType": "regex",
       "managerFilePatterns": [
         "/^README\\.md$/"
       ],
       "matchStrings": [
         ".*ModSecurity v(?<currentValue>\\d+\\.\\d+\\.\\d+) on Apache"
       ],
+      "extractVersionTemplate": "^v?(?<version>\\d+\\.\\d+\\.\\d+)$",
       "depNameTemplate": "ModSecurity2",
       "packageNameTemplate": "owasp-modsecurity/ModSecurity",
       "datasourceTemplate": "github-releases"
     },

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@renovate.json` around lines 101 - 118, The Renovate rules for ModSecurity3
and ModSecurity2 (entries identified by depNameTemplate "ModSecurity3" and
"ModSecurity2" and using datasourceTemplate "github-releases") need an
extractVersionTemplate added to strip the leading "v" from GitHub release tags
so numeric versions are used in replacements; update both rule objects to
include an extractVersionTemplate that matches and captures the numeric X.Y.Z
portion (removing the "v" prefix) so renovate will write plain semantic versions
into the captured currentValue.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@renovate.json`:
- Around line 101-118: The Renovate rules for ModSecurity3 and ModSecurity2
(entries identified by depNameTemplate "ModSecurity3" and "ModSecurity2" and
using datasourceTemplate "github-releases") need an extractVersionTemplate added
to strip the leading "v" from GitHub release tags so numeric versions are used
in replacements; update both rule objects to include an extractVersionTemplate
that matches and captures the numeric X.Y.Z portion (removing the "v" prefix) so
renovate will write plain semantic versions into the captured currentValue.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3607a228-c5d4-4e60-b5c8-f4f9726f5f8d

📥 Commits

Reviewing files that changed from the base of the PR and between dbcb017 and ecd6b99.

📒 Files selected for processing (2)

• README.md
• renovate.json