All Versions
69
Latest Version
Avg Release Cycle
55 days
Latest Release
-

Changelog History
Page 1

  • v6.3.2 Changes

    โž• Add support for style-src-attr, style-src-elem, script-src-attr, and script-src-elem directives (@ggalmazor)

  • v6.3.1 Changes

    June 26, 2020

    ๐Ÿ›  Fixes deprecation warnings when running under ruby 2.7

  • v6.3.0 Changes

    January 21, 2020

    ๐Ÿ›  Fixes newline injection issue

  • v6.2.0 Changes

    January 21, 2020

    ๐Ÿ›  Fixes semicolon injection issue reported by @mvgijssel see https://github.com/twitter/secure_headers/issues/418

  • v6.1.2 Changes

    January 08, 2020

    โž• Adds the ability to specify SameSite=none with the same configurability as Strict/Lax in order to disable Chrome's soon-to-be-lax-by-default state.

  • v6.1.1 Changes

    June 26, 2019

    โž• Adds the ability to disable the automatically-appended 'unsafe-inline' value when nonces are used #404 (@will)

  • v6.1 Changes

    โž• Adds support for navigate-to, prefetch-src, and require-sri-for #395

    ๐Ÿšš NOTE: this version is a breaking change due to the removal of HPKP. Remove the HPKP config, the standard is dead. Apologies for not doing a proper deprecate/major rev cycle :pray:

  • v6.0 Changes

    • โฌ†๏ธ See the [upgrading to 6.0](docs/upgrading-to-6-0.md) guide for the breaking changes.
  • v5.2.0

    January 21, 2020
  • v5.1.0

    January 21, 2020