NelmioSecurityBundle Versions Save

What's Changed

• Introduce ExternalRedirectResponse by @martijnc in https://github.com/nelmio/NelmioSecurityBundle/pull/331

New Contributors

• @martijnc made their first contribution in https://github.com/nelmio/NelmioSecurityBundle/pull/331

Full Changelog: https://github.com/nelmio/NelmioSecurityBundle/compare/v3.2.0...v3.3.0

What's Changed

• Added support for cookies with null value by @SerheyDolgushev in https://github.com/nelmio/NelmioSecurityBundle/pull/338

Full Changelog: https://github.com/nelmio/NelmioSecurityBundle/compare/v3.1.1...v3.2.0

• Filter view-source reports by @fritzmg in https://github.com/nelmio/NelmioSecurityBundle/pull/333

Full Changelog: https://github.com/nelmio/NelmioSecurityBundle/compare/v3.1.0...v3.1.1

• Fixed overriding CSP header
• Dropped support for Symfony < 5.4
• Added support for Symfony 7

• Bump minimal PHP version to 7.4
• Dropped support for Symfony < 4.4
• Dropped support for Twig 1
• Removed DoctrineCacheUAFamilyParser (use PsrCacheUAFamilyParser instead)
• All classes have been marked as final
• Renamed WhitelistBasedTargetValidator class to AllowListBasedTargetValidator
• Removed CookieSessionHandler
• Allowed to define host restriction for clickjacking protection

• Filter moz-extension reports
• Log user agent along with CSP report
• Deprecated external_redirects.whitelist option in favor of external_redirects.allow_list
• Deprecated forced_ssl.whitelist option in favor of forced_ssl.allow_list
• Deprecated Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Event class in favor of Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\ReportEvent.

• Added support for CSP "prefetch-src" directive
• Added support for CSP "wasm-unsafe-eval" keyword
• Added support for Symfony 6
• Fixed deprecations warnings using PHP 8.1

• Fixed Symfony 5 compatibility issues

• Fixed dependencies (allow installing on PHP 8 and explicitly require symfony/yaml)