diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
index 58526f5..c18de89 100644
--- a/.github/workflows/gh-pages.yml
+++ b/.github/workflows/gh-pages.yml
@@ -46,7 +46,7 @@ jobs:
       - name: Install Dart Sass
         run: sudo snap install dart-sass
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           submodules: recursive
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c4a0a3d..7876f8e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -31,7 +31,7 @@ jobs:
         run: sudo snap install dart-sass
 
       - name: Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           submodules: recursive
 
@@ -55,7 +55,7 @@ jobs:
 
       - name: Restore lychee cache
         id: restore-cache
-        uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4
+        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
         with:
             path: .lycheecache
             key: cache-lychee-${{ github.sha }}
@@ -63,10 +63,10 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@7cd0af4c74a61395d455af97419279d86aafaede # v2.0.2
+        uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0
         with:
             fail: false
-            args: "--accept 200..=204,429 --cache --max-cache-age 1d -E './content/**/*.md'"
+            args: "--accept 200..=204,429 --cookie-jar /tmp/lychee-cookies --cache --max-cache-age 1d -E './content/**/*.md'"
             jobSummary: true
 
       - name: Create Issue From File
@@ -78,7 +78,7 @@ jobs:
           labels: report, automated issue
 
       - name: Save lychee cache
-        uses: actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4
+        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
         if: always()
         with:
           path: .lycheecache
diff --git a/config/_default/params.yaml b/config/_default/params.yaml
index f41822e..ddd2af5 100644
--- a/config/_default/params.yaml
+++ b/config/_default/params.yaml
@@ -13,8 +13,8 @@ images: ["images/social-preview.svg"]
 
 crs:
   release_url_prefix: "https://github.com/coreruleset/coreruleset/releases/tag"
-  latest_major_version: "4.7.0"
-  prev_major_version: "3.3.6"
+  latest_major_version: "4.8.0"
+  prev_major_version: "3.3.7"
 
 github:
   repo_url: "https://github.com/coreruleset/website/blob/main"
diff --git a/content/blog/2024-01-11-a-new-silver-sponsor-for-crs-swiss-post.md b/content/blog/2024-01-11-a-new-silver-sponsor-for-crs-swiss-post.md
index 61d9903..466f33d 100644
--- a/content/blog/2024-01-11-a-new-silver-sponsor-for-crs-swiss-post.md
+++ b/content/blog/2024-01-11-a-new-silver-sponsor-for-crs-swiss-post.md
@@ -7,7 +7,7 @@ title: 'A new silver sponsor for CRS: Swiss Post'
 ---
 
 
-We are proud to present [Swiss Post](https://swisspost.ch) as new silver sponsor for the OWASP ModSecurity Core Rule Set. Swiss Post is one of the longest-standing and best-known brands in Switzerland since its establishment in 1849. The company uses many open-source solutions for development and operation and in turn supports the community where possible. Ties between Swiss Post and the CRS project team have traditionally been strong with different core team members having worked for the premier Swiss provider of mail and logistics services.
+We are proud to present [Swiss Post](https://post.ch) as new silver sponsor for the OWASP ModSecurity Core Rule Set. Swiss Post is one of the longest-standing and best-known brands in Switzerland since its establishment in 1849. The company uses many open-source solutions for development and operation and in turn supports the community where possible. Ties between Swiss Post and the CRS project team have traditionally been strong with different core team members having worked for the premier Swiss provider of mail and logistics services.
 
 {{< figure src="images/2024/01/Post_Logo_digital_RGB.png" >}}
 
diff --git a/content/blog/2024-10-29-crs-versions-4-8-0-and-3-3-7-released.md b/content/blog/2024-10-29-crs-versions-4-8-0-and-3-3-7-released.md
new file mode 100644
index 0000000..7d0f00e
--- /dev/null
+++ b/content/blog/2024-10-29-crs-versions-4-8-0-and-3-3-7-released.md
@@ -0,0 +1,37 @@
+---
+author: RedXanadu
+categories:
+  - Blog
+date: '2024-10-29T18:59:58+00:00'
+title: CRS versions 4.8.0 and 3.3.7 released
+slug: 'crs-versions-4-8-0-and-3-3-7-released'
+---
+
+The OWASP CRS team is pleased to announce the release of two new CRS versions: v4.8.0 and v3.3.7.
+
+For downloads and installation instructions, please refer to the [Installation](https://coreruleset.org/docs/deployment/install/) page.
+
+These are security releases which fix a recently discovered partial request body bypass of CRS. On some platforms running CRS v3.3.6 and earlier on the v3 release line or v4.7.0 and earlier on the v4 release line, it is possible to submit a specially crafted multipart or JSON request whose body content will bypass the inspection of the majority of CRS rules on a default installation. CRS users are strongly encouraged to update to a fixed version to resolve this issue.
+
+#### Bypass details
+
+This bypass was possible due to the fact that the default list of allowed request content types in CRS (both v3 and v4) included the content type `multipart/related`, which cannot be processed by current free & open-source WAF engine implementations, and the content types `application/cloudevents+json` and `application/cloudevents-batch+json`, which are not processed by default. This created a situation where a request with body content would be allowed by CRS but the request body could not, or would not, be processed by the engine. Many CRS rules thus lost the ability to perform meaningful inspection of such requests, in the absence of processed and parsed request body content. In particular, the `ARGS` collection (and related collections) was not populated by the engine: many CRS rules rely on inspecting the contents of this important collection.
+
+The newly released fixed versions remove the offending content types from the default list of allowed request content types. New advice is also provided on how to handle additional JSON content types beyond the standard `application/json` content type.
+
+Users making use of additional JSON content types, for example `application/cloudevents+json`, should follow the new advice and ensure that an appropriate rule is in place to enable JSON request body processing for these content types. Most affected users can uncomment and use optional rule 200006 in the file “modsecurity.conf-recommended” to achieve this.
+
+Note that the [official CRS Docker container images](https://github.com/coreruleset/modsecurity-crs-docker), by default, already correctly handle extended JSON types and are therefore not affected by the JSON part of this problem.
+
+#### For users unable to update
+
+Any users unable to update to a fixed version of CRS are strongly encouraged to implement the fix steps themselves by removing the content types `multipart/related`, `application/cloudevents+json`, and `application/cloudevents-batch+json` from the variable `tx.allowed_request_content_type` as set in the files `crs-setup.conf` and `REQUEST-901-INITIALIZATION.conf`. The advice on JSON processing should also be followed.
+
+#### Other release changes
+
+Aside from the security fix, the v4.8.0 release also includes a few other minor changes and improvements as part of the normal release cycle for CRS v4. The full changes included in v4.8.0 can be found on the [GitHub release page](https://github.com/coreruleset/coreruleset/releases/tag/v4.8.0).
+
+Please feel free to contact us with any questions or concerns about this release via the usual channels: directly via the [CRS GitHub repository](https://github.com/coreruleset/coreruleset), in our Slack channel (#coreruleset on [owasp.slack.com](https://owasp.slack.com/)), or on our [mailing list](https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project).
+
+Sincerely,  
+Andrew Howe on behalf of the CRS development team
diff --git a/layouts/partials/header.html b/layouts/partials/header.html
index 7208bda..ebc21fd 100644
--- a/layouts/partials/header.html
+++ b/layouts/partials/header.html
@@ -14,6 +14,8 @@
             <span class="site-title">{{ $.Site.Title }}</span>
         </a>
         {{ end }}
+        <!-- scarf pixel -->
+        <img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=f0ac4a06-c84b-444a-ab50-3ec839b2aca7" />
         
         {{ with .Site.Menus.main }}
         <nav class="main-menu">
diff --git a/package-lock.json b/package-lock.json
index 8cc1bda..1ba5fe9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "autoprefixer": "^10.4.19",
-        "hugo-extended": "^0.135.0",
+        "hugo-extended": "^0.137.0",
         "postcss": "^8.4.38",
         "postcss-cli": "^11.0.0"
       },
@@ -1032,9 +1032,9 @@
       }
     },
     "node_modules/hugo-extended": {
-      "version": "0.135.0",
-      "resolved": "https://registry.npmjs.org/hugo-extended/-/hugo-extended-0.135.0.tgz",
-      "integrity": "sha512-euXZ3PhV5FOYFAHa6qjA3zPB6XHisqsU+HckV+siqRUQn5ebHcY3mAGejxO/VAM6qM8yiM5KyN+h06x+54hFQA==",
+      "version": "0.137.0",
+      "resolved": "https://registry.npmjs.org/hugo-extended/-/hugo-extended-0.137.0.tgz",
+      "integrity": "sha512-KdMXtat0ixT+9kSkQuVMOun+a8oFExiZFAfocJuAIr5d4ko+QzIGf5Uum+Ec0rwCWl6GLhEoVn/tEwP1/8sgoA==",
       "hasInstallScript": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index 31bc322..9b50fb6 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
   "homepage": "https://github.com/coreruleset/website#readme",
   "dependencies": {
     "autoprefixer": "^10.4.19",
-    "hugo-extended": "^0.135.0",
+    "hugo-extended": "^0.137.0",
     "postcss": "^8.4.38",
     "postcss-cli": "^11.0.0"
   },
diff --git a/subsite/docs b/subsite/docs
index ac72ad9..4b69d02 160000
--- a/subsite/docs
+++ b/subsite/docs
@@ -1 +1 @@
-Subproject commit ac72ad96ede09221f24e2138b05d982066b351a7
+Subproject commit 4b69d02f639402f10b8f62136f84def73862acae
diff --git a/themes/dot-org-hugo-theme b/themes/dot-org-hugo-theme
index 57c1fc6..736d939 160000
--- a/themes/dot-org-hugo-theme
+++ b/themes/dot-org-hugo-theme
@@ -1 +1 @@
-Subproject commit 57c1fc627edcc358d083274593919074623e38ec
+Subproject commit 736d939dd0c2694548d36d5446e3fe435cb4a212