Skip to content

Releases: nelmio/NelmioSecurityBundle

v3.4.2

11 Sep 06:22
3c47396
Compare
Choose a tag to compare

What's Changed

  • Fix Twig version check to not depend on changing VERSION_ID constant by @glaubinix in #361

New Contributors

Full Changelog: v3.4.1...v3.4.2

v3.4.1

03 Sep 15:07
00d275a
Compare
Choose a tag to compare

What's Changed

  • Fix twig deprecation warning with twig 3.12 by @pscheit in #359

Full Changelog: v3.4.0...v3.4.1

v3.4.0

05 Jul 07:33
de34d69
Compare
Choose a tag to compare

What's Changed

  • Deprecated X-Xss-Protection by @maxhelias in #342
  • Deprecated the default signed cookie algorithm by @martijnc in #355
  • Added legacy_hash_algo to support backward-compatible hash_algo changes in signed cookies by @martijnc in #351
  • Added ability to set a custom CSP request matcher to define exactly which requests should receive CSP headers by @ihmels in #241
  • Fixed DI Extension class deprecation with Symfony 7.1 by @norkunas in #350
  • Fixed compatibility with twig 3.9 and yielding by @jderusse in #344 & #353

Full Changelog: v3.3.0...v3.4.0

v3.3.0

10 Apr 08:12
6a6c75e
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v3.2.0...v3.3.0

v3.2.0

08 Mar 09:00
b9b68b4
Compare
Choose a tag to compare

What's Changed

Full Changelog: v3.1.1...v3.2.0

v3.1.1

17 Jan 14:33
9ae9fab
Compare
Choose a tag to compare

Full Changelog: v3.1.0...v3.1.1

v3.1.0

03 Dec 08:46
Compare
Choose a tag to compare
  • Fixed overriding CSP header
  • Dropped support for Symfony < 5.4
  • Added support for Symfony 7

v3.0.0

17 Mar 07:33
34699d4
Compare
Choose a tag to compare
  • Bump minimal PHP version to 7.4
  • Dropped support for Symfony < 4.4
  • Dropped support for Twig 1
  • Removed DoctrineCacheUAFamilyParser (use PsrCacheUAFamilyParser instead)
  • All classes have been marked as final
  • Renamed WhitelistBasedTargetValidator class to AllowListBasedTargetValidator
  • Removed CookieSessionHandler
  • Allowed to define host restriction for clickjacking protection

v3.0.0-alpha.1

23 Feb 06:38
39a523c
Compare
Choose a tag to compare
v3.0.0-alpha.1 Pre-release
Pre-release
  • Bump minimal PHP version to 7.4
  • Dropped support for Symfony < 4.4
  • Dropped support for Twig 1
  • Removed DoctrineCacheUAFamilyParser (use PsrCacheUAFamilyParser instead)
  • All classes have been marked as final
  • Renamed WhitelistBasedTargetValidator class to AllowListBasedTargetValidator
  • Removed CookieSessionHandler
  • Allowed to define host restriction for clickjacking protection

v2.12.0

23 Feb 06:21
Compare
Choose a tag to compare
  • Filter moz-extension reports
  • Log user agent along with CSP report
  • Deprecated external_redirects.whitelist option in favor of external_redirects.allow_list
  • Deprecated forced_ssl.whitelist option in favor of forced_ssl.allow_list
  • Deprecated Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Event class in favor of
    Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent.