Skip to content

Releases: eggjs/security

v4.0.0

17 Jan 16:58
@github-actions github-actions
v4.0.0
2bfc810
Compare
Choose a tag to compare
v4.0.0 Latest
Latest

4.0.0 (2025-01-17)

⚠ BREAKING CHANGES

  • drop Node.js < 18.19.0 support

part of eggjs/egg#3644

eggjs/egg#5257

Summary by CodeRabbit

Based on the comprehensive changes, here are the updated release notes:

  • New Features

    • Migrated security plugin to TypeScript.
    • Enhanced type safety for security configurations.
    • Improved middleware and helper utilities.

  • Introduced new middleware for handling Strict-Transport-Security,
    X-Frame-Options, and X-XSS-Protection headers.

    • Added support for new security configurations and helper functions.

  • Breaking Changes

    • Renamed package from egg-security to @eggjs/security.
    • Dropped support for Node.js versions below 18.19.0.
    • Restructured module exports and configurations.
    • Removed several deprecated middleware and utility functions.

  • Security Improvements

    • Updated CSRF, XSS, and SSRF protection mechanisms.
    • Enhanced middleware for handling security headers.
    • Refined configuration options for various security features.

  • Performance

    • Modernized codebase with ES module syntax.
    • Improved type definitions and module structure.

  • Enhanced test suite with TypeScript support and better resource
    management.

Features

This release is also available on:

Assets 2
Loading

v3.7.0

13 Jan 12:18
@github-actions github-actions
v3.7.0
d1299a3
Compare
Choose a tag to compare
v3.7.0

3.7.0 (2025-01-13)

Features

  • csrf support check origin header with referer type (#69) (2c950d3)

This release is also available on:

Assets 2
Loading

v3.6.0

08 Jul 15:03
@github-actions github-actions
v3.6.0
f4500db
Compare
Choose a tag to compare
v3.6.0

3.6.0 (2024-07-08)

Features

This release is also available on:

Assets 2
Loading

v3.5.0

03 Jul 13:00
@github-actions github-actions
v3.5.0
ab21532
Compare
Choose a tag to compare
v3.5.0

3.5.0 (2024-07-03)

Features

  • add rotateWhenInvalid option for CSRF token (#98) (ae37c8f)

This release is also available on:

Assets 2
Loading

v3.4.0

01 Jul 15:25
@github-actions github-actions
v3.4.0
4711437
Compare
Choose a tag to compare
v3.4.0

3.4.0 (2024-07-01)

Features

  • support SSRF check on useHttpClientNext = true (#96) (1d6bfff)

This release is also available on:

Assets 2
Loading

v3.3.1

12 Jun 08:37
@github-actions github-actions
v3.3.1
3f225df
Compare
Choose a tag to compare
v3.3.1

3.3.1 (2024-06-12)

Bug Fixes

This release is also available on:

Assets 2
Loading

v3.3.0

29 May 09:43
@github-actions github-actions
v3.3.0
b7d47ec
Compare
Choose a tag to compare
v3.3.0

3.3.0 (2024-05-29)

Features

This release is also available on:

Assets 2
Loading

v3.2.0

04 Jan 09:49
@github-actions github-actions
v3.2.0
9f469ec
Compare
Choose a tag to compare
v3.2.0

3.2.0 (2024-01-04)

Features

  • CSRF cookies allow the use of signatures (#88) (da1b532)

This release is also available on:

Assets 2
Loading

v3.1.0

09 Aug 13:25
@github-actions github-actions
v3.1.0
7777aa8
Compare
Choose a tag to compare
v3.1.0

3.1.0 (2023-08-09)

Features

  • context 中的 isSafeDomain() 函数增加自定义白名单参数 (#86) (a178552)

This release is also available on:

Assets 2
Loading

v3.0.0

10 May 10:40
@github-actions github-actions
v3.0.0
17ccfb5
Compare
Choose a tag to compare
v3.0.0

3.0.0 (2023-05-10)

⚠ BREAKING CHANGES

  • drop Node.js < 14 support

Features

This release is also available on:

Assets 2
Loading