Releases: nelmio/NelmioSecurityBundle
Releases · nelmio/NelmioSecurityBundle
v3.4.2
What's Changed
- Fix Twig version check to not depend on changing VERSION_ID constant by @glaubinix in #361
New Contributors
- @glaubinix made their first contribution in #361
Full Changelog: v3.4.1...v3.4.2
v3.4.1
v3.4.0
What's Changed
- Deprecated X-Xss-Protection by @maxhelias in #342
- Deprecated the default signed cookie algorithm by @martijnc in #355
- Added
legacy_hash_algo
to support backward-compatiblehash_algo
changes in signed cookies by @martijnc in #351 - Added ability to set a custom CSP request matcher to define exactly which requests should receive CSP headers by @ihmels in #241
- Fixed DI Extension class deprecation with Symfony 7.1 by @norkunas in #350
- Fixed compatibility with twig 3.9 and yielding by @jderusse in #344 & #353
Full Changelog: v3.3.0...v3.4.0
v3.3.0
v3.2.0
What's Changed
- Added support for cookies with null value by @SerheyDolgushev in #338
Full Changelog: v3.1.1...v3.2.0
v3.1.1
v3.1.0
v3.0.0
- Bump minimal PHP version to 7.4
- Dropped support for Symfony < 4.4
- Dropped support for Twig 1
- Removed
DoctrineCacheUAFamilyParser
(usePsrCacheUAFamilyParser
instead) - All classes have been marked as
final
- Renamed
WhitelistBasedTargetValidator
class toAllowListBasedTargetValidator
- Removed
CookieSessionHandler
- Allowed to define host restriction for clickjacking protection
v3.0.0-alpha.1
- Bump minimal PHP version to 7.4
- Dropped support for Symfony < 4.4
- Dropped support for Twig 1
- Removed
DoctrineCacheUAFamilyParser
(usePsrCacheUAFamilyParser
instead) - All classes have been marked as
final
- Renamed
WhitelistBasedTargetValidator
class toAllowListBasedTargetValidator
- Removed
CookieSessionHandler
- Allowed to define host restriction for clickjacking protection
v2.12.0
- Filter moz-extension reports
- Log user agent along with CSP report
- Deprecated external_redirects.whitelist option in favor of external_redirects.allow_list
- Deprecated forced_ssl.whitelist option in favor of forced_ssl.allow_list
- Deprecated
Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Event
class in favor of
Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent
.