Skip to content

Latest commit

 

History

History
345 lines (214 loc) · 13.9 KB

CHANGELOG.md

File metadata and controls

345 lines (214 loc) · 13.9 KB

Changelog

3.6.0 (2024-07-08)

Features

3.5.0 (2024-07-03)

Features

  • add rotateWhenInvalid option for CSRF token (#98) (ae37c8f)

3.4.0 (2024-07-01)

Features

  • support SSRF check on useHttpClientNext = true (#96) (1d6bfff)

3.3.1 (2024-06-12)

Bug Fixes

3.3.0 (2024-05-29)

Features

3.2.0 (2024-01-04)

Features

  • CSRF cookies allow the use of signatures (#88) (da1b532)

3.1.0 (2023-08-09)

Features

  • context 中的 isSafeDomain() 函数增加自定义白名单参数 (#86) (a178552)

3.0.0 (2023-05-10)

⚠ BREAKING CHANGES

  • drop Node.js < 14 support

Features

2.11.0 / 2022-07-20

features

2.10.1 / 2022-04-10

others

2.10.0 / 2022-04-05

features

others

2.9.1 / 2022-03-29

fixes

others

2.9.0 / 2021-04-21

others

2.8.0 / 2020-04-16

features

others

2.7.1 / 2019-11-14

fixes

2.7.0 / 2019-10-25

features

others

2.6.1 / 2019-08-09

fixes

2.6.0 / 2019-08-09

features

others

2.5.0 / 2019-03-08

others

2.4.3 / 2019-02-19

fixes

2.4.2 / 2019-01-04

fixes

2.4.1 / 2018-11-15

  • fix: shtml check domainWhiteList hostname get null (#49)

2.4.0 / 2018-08-24

others

2.3.1 / 2018-08-16

fixes

others

2.3.0 / 2018-08-14

fixes

others

2.2.3 / 2018-07-11

fixes

2.2.2 / 2018-04-12

fixes

others

2.2.1 / 2018-03-28

others

2.2.0 / 2018-03-27

features

fixes

others

2.1.0 / 2018-03-14

features

others

2.0.1 / 2018-03-14

  • fix: absolute path detect should ignore evil path (#28)

2.0.0 / 2017-11-10

others

1.12.1 / 2017-08-03

others

1.12.0 / 2017-07-19

  • feat: make session plugin optional (#22)

1.11.0 / 2017-06-19

  • feat: add global path blocking to avoid directory traversal attack (#19)

1.10.2 / 2017-06-14

  • fix: should not assert csrf when path match ignore (#20)

1.10.1 / 2017-06-04

  • docs: fix License url (#18)

1.10.0 / 2017-05-09

  • feat: config.security.csrf.cookieDomain can be function (#17)

1.9.0 / 2017-03-28

  • feat: use egg-path-matching to support fn (#15)

1.8.0 / 2017-03-07

  • feat:support muiltiple query/body key to valid csrf token (#14)

1.7.0 / 2017-03-07

  • feat: add ctx.rotateCsrfToken (#13)

1.6.0 / 2017-02-20

  • refactor: add csrf faq url to error msg in local env (#12)

1.5.0 / 2017-02-17

  • feat: surl support protocol whitelist (#11)

1.4.0 / 2017-01-22

  • refactor: rewrite csrf (#10)

1.3.0 / 2016-12-28

  • feat: support hash link in shtml (#7)
  • test: fix test (#8)

1.2.1 / 2016-09-01

  • fix: make sure every middleware has name (#6)

1.2.0 / 2016-08-31

  • feat: disable hsts for default (#5)

1.1.0 / 2016-08-31

  • refactor: remove ctoken, csrf check all post/put/.. requests (#4)

1.0.3 / 2016-08-30

  • fix: lower case header will get better performance (#3)

1.0.2 / 2016-08-29

  • refactor: use setRawHeader

1.0.1 / 2016-08-21

  • First version