Releases: nelmio/NelmioSecurityBundle
Releases · nelmio/NelmioSecurityBundle
v3.4.2
What's Changed
- Fix Twig version check to not depend on changing VERSION_ID constant by @glaubinix in #361
New Contributors
- @glaubinix made their first contribution in #361
Full Changelog: v3.4.1...v3.4.2
Contributors
glaubinix
Assets 2
v3.4.1
v3.4.0
What's Changed
- Deprecated X-Xss-Protection by @maxhelias in #342
- Deprecated the default signed cookie algorithm by @martijnc in #355
- Added
legacy_hash_algoto support backward-compatiblehash_algochanges in signed cookies by @martijnc in #351 - Added ability to set a custom CSP request matcher to define exactly which requests should receive CSP headers by @ihmels in #241
- Fixed DI Extension class deprecation with Symfony 7.1 by @norkunas in #350
- Fixed compatibility with twig 3.9 and yielding by @jderusse in #344 & #353
Full Changelog: v3.3.0...v3.4.0
Contributors
jderusse, martijnc, and 3 other contributors
Assets 2
v3.3.0
v3.2.0
What's Changed
- Added support for cookies with null value by @SerheyDolgushev in #338
Full Changelog: v3.1.1...v3.2.0
Contributors
SerheyDolgushev
Assets 2
v3.1.1
v3.1.0
v3.0.0
v3.0.0-alpha.1
- Bump minimal PHP version to 7.4
- Dropped support for Symfony < 4.4
- Dropped support for Twig 1
- Removed
DoctrineCacheUAFamilyParser(usePsrCacheUAFamilyParserinstead) - All classes have been marked as
final - Renamed
WhitelistBasedTargetValidatorclass toAllowListBasedTargetValidator - Removed
CookieSessionHandler - Allowed to define host restriction for clickjacking protection
v2.12.0
- Filter moz-extension reports
- Log user agent along with CSP report
- Deprecated external_redirects.whitelist option in favor of external_redirects.allow_list
- Deprecated forced_ssl.whitelist option in favor of forced_ssl.allow_list
- Deprecated
Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Eventclass in favor of
Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent.