NelmioSecurityBundle Versions Save

Adds extra security-related features in your Symfony application

v2.10.1

3 years ago
  • Fix ContentSecurityPolicyController

v2.10.0

3 years ago
  • Ensure compatibility with Symfony EventDispatcher 5.x

v2.9.1

4 years ago
  • Ensure passing the correct type to UAParser::parse
  • Use Symfony DI Reference instead of Definition
  • Optimize regular expressions in the sha computer
  • Show non-deprecated usage of the csp_nonce Twig function

v2.9.0

4 years ago
  • Symfony 5 compatibility added
  • Bump minimal Twig version to 1.38.0

v2.8.0

4 years ago
  • Fixed deprecated/invalid method usage on logger interface
  • Drop tests for PHP 5.4

2.7.0

5 years ago
  • Use base64 for encoding nonces
  • Support more CSP level 3 keywords
  • Allow configuring a report URI for XSS

2.6.0

5 years ago
  • Support random_compat v9.99.99
  • Don't ship unneeded files for composer installs
  • Change controller action reference
  • Add worker-src directive
  • Fix deprecation for symfony/config 4.2+

2.5.1

6 years ago
  • Abort CSP compiler pass when CSP is not enabled

2.5.0

6 years ago
  • Allows matching the query parameter for clickjacking protection
  • Cleanup content type restrictable listener
  • Added Symfony 4 support
  • Added support for 'worker-src' CSP directive
  • Removed PHP 5.3 support guarantees F- ix CSP noise filter compiler pass registration

2.4.0

6 years ago
  • Deprecate calling ContentSecurityPolicyListener::getNonce without usage ('script' or 'style')
  • Added forced_ssl > redirect_status_code option to allow switching to permanent redirect (301) responses
  • Fixed HSTS header being sent even in non-secure responses unnecessarily
  • Fixed URLs with whitespace prefix not being seen as external redirects