Why Sophos XG 430 use OWASP Modesecurity old version

Question

Hello, 
 Can any body tell me why Sophos XG 430 WAF use old version of OWASP Modesecurity CRS although there is latest release 3.2.0 is available. 
 firmware version is SFOS 17.5.9 MR-9 
 [Mon Jan 27 12:25:43.650238 2020] [security2:error] [pid 25334:tid 140702658754304] [client 39.43.72.228:52802] [client 39.43.72.228] ModSecurity: Warning. Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\$\$\\-\\+\\=\\{\\}\$$\$$\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}" at ARGS:ctl00$MainContent$ScriptManager1. [file "/content/waf/2.7.3/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:ctl00$MainContent$ScriptManager1: ctl00$MainContent$UpdatePanel1|ctl00$MainContent$gvLst$ctl03$JobID"] [ ver "OWASP_CRS/2.2.7" ] [maturity "9"] [accuracy "8"] [tag] [hostname "hcm.asd.com.pk"] [uri "/Trns/ExternalJobCardList.aspx"] [unique_id "Xi6Qd38AAAEAAGL2AEoAAAHa"], referer: comi.asd.com.pk/.../ExternalJobCardList.aspx

FormerMember · Accepted Answer

Hi Imran Khalid, 
 According to the internal documents SFOS v18 has been updated with the OWASP Modesecurity CRS version 3.2.0. 
 Thanks,

Prism · Answer

It's already out on EAP3R1. 
 ModSecurity: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/usr/apache/conf/waf/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "###"] [uri "/"]