I would like to get an impression whether there are plans to implement the https://coreruleset.org/ as part of Spring Security or what other alternatives are recommended to support that as part of a Java application.
Comment From: rwinch
There is no intention to provide support for ModSecurity CRS within Spring Security. If you want support, I'd suggest using ModSecurity in front of your application rather than integrating directly in the application itself.
I'm closing this as becoming a full fledged WAF is beyond the scope of Spring Security. Generally, for larger features we look for an underlying library to provide support and then consider if we could/should integrate. If one becomes available, we might consider integrating with it.