Skip to content

Releases: nelmio/NelmioSecurityBundle

2.0.4

19 Oct 10:33
@romainneutron romainneutron
2.0.4
This tag was signed with the committer’s verified signature.
romainneutron Romain Neutron
GPG key ID: 201FC7CF9F0CA3ED
Learn about vigilant mode.
4b6d7f2
This commit was signed with the committer’s verified signature.
romainneutron Romain Neutron
GPG key ID: 201FC7CF9F0CA3ED
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0.4
  • Enable manifest-src directive for Chrome, Opera and Firefox
Assets 2
Loading

2.0.3

13 Oct 16:44
@Seldaek Seldaek
2.0.3
fb37cf3
Compare
Choose a tag to compare
2.0.3
  • Fix deprecation warning with latest Twig 1.x
Assets 2
Loading

2.0.2

24 Aug 11:06
@romainneutron romainneutron
2.0.2
This tag was signed with the committer’s verified signature.
romainneutron Romain Neutron
GPG key ID: 201FC7CF9F0CA3ED
Learn about vigilant mode.
6915cdd
Compare
Choose a tag to compare
2.0.2
  • Fix typo in the ALLOW-FROM implementation
  • Update browser_adaptive configuration. Allow custom adapters
  • Add Doctrine Cache and Psr Cache adapters for caching UA family parser
Assets 2
Loading

2.0.1

13 Jul 09:07
@romainneutron romainneutron
2.0.1
51deb40
Compare
Choose a tag to compare
2.0.1
  • Fix CookieSessionHandler::open that should return true unless there's an error
Assets 2
Loading

2.0.0

17 May 15:59
@romainneutron romainneutron
2.0.0
7d35527
Compare
Choose a tag to compare
2.0.0
  • Add support for Content-Security-Policy Level 2 directives
  • Add support for Content-Security-Policy Level 2 signatures (nonce and message digest)
  • Add browser adaptive directives - do not send directives not supported by browser - via browser_adaptive parameter
  • Allow report-uri to be defined as a scalar
  • Deprecate encrypted cookie support due to high coupling to the deprecated mcrypt extension
  • Drop backward-compatibility with first deprecated CSP configuration
Assets 2
Loading

1.10.0

18 Apr 08:17
@Seldaek Seldaek
1.10.0
4be243f
Compare
Choose a tag to compare
1.10.0
  • Added ability to restrict forced_ssl capability to some hostnames only
  • Fixed Symfony 3 compatibility
Assets 2
Loading

1.9.1

18 Apr 08:17
@Seldaek Seldaek
1.9.1
ef517bc
Compare
Choose a tag to compare
1.9.1
  • BugFix: Fix LoggerInterface type hints to support PSR-3 loggers and not only Symfony 2.0 loggers
Assets 2
Loading

1.9.0

04 Jan 10:39
@romainneutron romainneutron
1.9.0
afe4fcd
Compare
Choose a tag to compare
1.9.0
  • Add Symfony 3 compatibility
  • external_redirects definition can now contains full URL
  • Allow dynamic CSP configuration
  • BugFix: Fix clickjacking URL normalization when containing dash and no underscore
Assets 2
Loading

1.8.0

12 Sep 20:40
@Seldaek Seldaek
1.8.0
b45f81f
Compare
Choose a tag to compare
1.8.0
  • Added HTTP response's content-type restriction for Clickjacking and CSP headers.
  • Added Microsoft's XSS-Protection support
  • Disabled Clickjacking, CSP and NoSniff headers in the context of HTTP redirects
  • Fixed bug in handling of the external_redirects.log being disabled
Assets 2
Loading

1.7.0

10 May 17:09
@Seldaek Seldaek
1.7.0
9ef2764
Compare
Choose a tag to compare
1.7.0
  • Added a Nelmio\SecurityBundle\ExternalRedirect\TargetValidator interface to implement custom rules for the external_redirects feature. You can override the nelmio_security.external_redirect.target_validator service to change the default.
  • Added a hosts key in the CSP configuration to restrict CSP-checks to some host names
  • Fixed a bug in flexible_ssl where the auth cookie was updated with a wrong expiration time the second time the visitor comes to the site.
  • Removed X-Webkit-CSP header as none of the webkits using it are still current.
Assets 2
Loading