Skip to content

Latest commit

 

History

History
206 lines (159 loc) · 8.22 KB

CHANGELOG.md

File metadata and controls

206 lines (159 loc) · 8.22 KB

8.x

  • 8.0.0 (2024-10-13)
    • Support X-DNS-Prefetch-Control header.
    • Support clientHints for Clear-Site-Data header.
    • Support Reporting-Endpoints and NEL headers. (#49)
    • Update directives for Content-Security-Policy header.
      • The following directives were updated:
        • sandbox
        • trusted-types
      • The following directives were added:
        • fenced-frame-src
      • The following directives were removed:
        • navigate-to
        • plugin-types
    • Update directives for Permissions-Policy header.
      • The following directives were added:
        • attribution-reporting
        • bluetooth
        • browsing-topics
        • compute-pressure
        • gamepad
        • hid
        • identity-credentials-get
        • idle-detection
        • local-fonts
        • otp-credentials
        • publickey-credentials-create
        • serial
        • speaker-selection
        • storage-access
        • window-management
      • The following directives were removed:
        • battery
        • execution-while-not-rendered
        • execution-while-out-of-viewport
        • navigation-override
        • sync-xhr

7.x

  • 7.5.0 (2024-03-14)

    • Support Laravel 11
  • 7.4.0 (2023-02-07)

    • Support Laravel 10
  • 7.3.0 (2022-11-20)

    • remove illuminate/support from dependencies. (#78)
    • support Cross-Origin-Policy headers. (#79)
      • Cross-Origin-Embedder-Policy
      • Cross-Origin-Opener-Policy
      • Cross-Origin-Resource-Policy
    • add removeNonce helper method. (#48)
  • 7.2.0 (2022-02-10)

    • Support Laravel 9
  • 7.1.0 (2020-12-12)

    • Add csp_nonce helper function, it is alias of Bepsvpt\SecureHeaders\SecureHeaders::nonce method.
  • 7.0.0 (2020-10-14)

    • BREAKING CHANGE
      • Feature-Policy was replaced with Permissions-Policy.

6.x

  • 6.3.0 (2020-09-07)

    • Support Laravel 8
  • 6.2.0 (2020-08-09)

    • Support Permissions-Policy without breaking change.
  • 6.1.0 (2020-07-27)

    • Fix X-Powered-By header name. (#50)
  • 6.0.1 (2020-04-15)

    • Fix nonces are not cleared. (#46)
  • 6.0.0 (2020-03-07)

    • BREAKING CHANGE
      • Lumen project does not automatically add SecureHeadersMiddleware to global middleware.
      • Remove HPKP (Public Key Pinning mechanism was deprecated in favor of Certificate Transparency and Expect-CT header)
      • Feature-Policy remove speaker and vr directives
      • Disable HSTS preload by default (#42)
      • Content-Security-Policy remove custom-csp key
      • Content-Security-Policy empty directive config will just be omitted(before 6.0 was set to 'none').
      • Content-Security-Policy directive keyword unsafe-hashed-attributes is replaced by unsafe-hashes
      • Content-Security-Policy directive nonces array had removed(according to RFC, it should generate a unique nonce value each time. Thus, it should not setup by user).
      • SecureHeaders::nonce method requires one parameter now, it should be 'script' or 'style'(default is 'script').
    • Content-Security-Policy directive add-generated-nonce key was removed, it is no longer needed.
    • Content-Security-Policy supports following directives: report-to, child-src, navigate-to, prefetch-src, require-trusted-types-for, script-src-attr, script-src-elem, style-src-attr, style-src-elem, trusted-types
    • Feature-Policy supports following directives: battery, execution-while-not-rendered, execution-while-out-of-viewport, layout-animations, legacy-image-formats, navigation-override, oversized-images, publickey-credentials, unoptimized-images, unsized-media, wake-lock, xr-spatial-tracking

5.x

  • 5.6.0 (2020-03-05)

    • Support Laravel 7.0
  • 5.5.0 (2019-09-07)

    • Support Laravel 6.0
    • Support X-Power-By header
  • 5.4.0 (2019-06-07)

    • Support disable HSTS preload
    • Add display-capture and document-domain to Feature-Policy
    • Add src allowlist to Feature-Policy
  • 5.3.3 (2019-02-28)

    • Support Laravel 5.8
    • Let Travis CI cover all supported PHP and Laravel versions
  • 5.3.2 (2018-10-26)

    • Support Feature-Policy sync-xhr directive
  • 5.3.1 (2018-09-06)

    • Support Laravel 5.7
  • 5.3.0 (2018-08-04)

    • Support Feature-Policy header
  • 5.2.1 (2018-07-31)

    • Update document
  • 5.2.0 (2018-06-09)

    • Support Clear-Site-Header header
    • Support Server header
  • 5.1.0 (2018-05-07)

    • Support Expect-CT header
  • 5.0.0 (2018-04-09)

    • Support Content Security Policy Level 3.
    • Change HPKP hashes field scheme.
    • Change CSP directive hashes field scheme.
    • Rename CSP directive type field to schemes.
    • Remove CSP https-transform-on-https-connections directive.
    • Remove CSP image-src directive data field.
    • Do not use another packages for build csp and hpkp header.

4.x

3.x

  • 3.1.0 (2017-07-18)

    • Support Lumen framework (ddc61b1)
  • 3.0.7 (2017-05-16)

    • Change referrer-policy header default value (8367d29)
  • 3.0.6 (2017-04-20)

    • Use set method instead of excluding class when adds headers (#7) (#8) (1455748)
  • 3.0.5 (2017-04-09)

    • Fix call to undefined method when download file (#5) (5b7ccd3)
  • 3.0.4 (2017-02-21)

    • Fix Laravel 5.1 compatibility (#3)
  • 3.0.3 (2017-01-29)

  • 3.0.2 (2017-01-23)

    • Support disable specific header (9d995f7)
  • 3.0.1 (2017-01-19)

    • Remove incorrect dependents (64e0f93)
  • 3.0.0 (2016-12-19)

    • Support non Laravel project
      • Remove env helper function from config file (d4379b0)
    • Change namespace
    • Change project name

2.x

  • 2.2.0 (2016-10-03)

    • Add X-Download-Options, X-Permitted-Cross-Domain-Policies, Referrer-Policy headers
  • 2.1.1 (2016-08-24)

    • Prevent testing pollute helper functions
  • 2.1.0 (2016-08-24)

    • Revert config file from json format to php
  • 2.0.0 (2016-08-18)

    • Transform config file to json format
    • Remove force https config
    • Increase minimum php version to 7.0

1.x

  • 1.1.2 (2016-01-02)
    • Code refactoring
    • Debug mode will add csp header now