Skip to content

Releases: nelmio/NelmioSecurityBundle

v3.5.1

13 Mar 09:27
b1c5e32
Compare
Choose a tag to compare

What's Changed

Full Changelog: v3.5.0...v3.5.1

v3.5.0

11 Mar 09:52
140a3dc
Compare
Choose a tag to compare

What's Changed

  • Added support for the report-to directive by @martijnc in #357
  • Added DirectiveSetBuilderInterface to allow runtime modification of CSP rules by @martijnc in #348
  • Fixed ExternalRedirectListener issue parsing some invalid URLs by @Seldaek in #364

Full Changelog: v3.4.2...v3.5.0

v3.4.2

11 Sep 06:22
3c47396
Compare
Choose a tag to compare

What's Changed

  • Fix Twig version check to not depend on changing VERSION_ID constant by @glaubinix in #361

New Contributors

Full Changelog: v3.4.1...v3.4.2

v3.4.1

03 Sep 15:07
00d275a
Compare
Choose a tag to compare

What's Changed

  • Fix twig deprecation warning with twig 3.12 by @pscheit in #359

Full Changelog: v3.4.0...v3.4.1

v3.4.0

05 Jul 07:33
de34d69
Compare
Choose a tag to compare

What's Changed

  • Deprecated X-Xss-Protection by @maxhelias in #342
  • Deprecated the default signed cookie algorithm by @martijnc in #355
  • Added legacy_hash_algo to support backward-compatible hash_algo changes in signed cookies by @martijnc in #351
  • Added ability to set a custom CSP request matcher to define exactly which requests should receive CSP headers by @ihmels in #241
  • Fixed DI Extension class deprecation with Symfony 7.1 by @norkunas in #350
  • Fixed compatibility with twig 3.9 and yielding by @jderusse in #344 & #353

Full Changelog: v3.3.0...v3.4.0

v3.3.0

10 Apr 08:12
6a6c75e
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v3.2.0...v3.3.0

v3.2.0

08 Mar 09:00
b9b68b4
Compare
Choose a tag to compare

What's Changed

Full Changelog: v3.1.1...v3.2.0

v3.1.1

17 Jan 14:33
9ae9fab
Compare
Choose a tag to compare

Full Changelog: v3.1.0...v3.1.1

v3.1.0

03 Dec 08:46
Compare
Choose a tag to compare
  • Fixed overriding CSP header
  • Dropped support for Symfony < 5.4
  • Added support for Symfony 7

v3.0.0

17 Mar 07:33
34699d4
Compare
Choose a tag to compare
  • Bump minimal PHP version to 7.4
  • Dropped support for Symfony < 4.4
  • Dropped support for Twig 1
  • Removed DoctrineCacheUAFamilyParser (use PsrCacheUAFamilyParser instead)
  • All classes have been marked as final
  • Renamed WhitelistBasedTargetValidator class to AllowListBasedTargetValidator
  • Removed CookieSessionHandler
  • Allowed to define host restriction for clickjacking protection