4.0.1 (2025年02月02日)

Bug Fixes

• ignore duplicate identifier (#104) (2d1a44b)

This release is also available on:

• npm package (@latest dist-tag)

3.8.0 (2025年01月22日)

Features

• support custom pathToRegexpModule (#102) (8e12a8e)

This release is also available on:

• npm package (@release-3.x dist-tag)

4.0.0 (2025年01月17日)

⚠ BREAKING CHANGES

• drop Node.js < 18.19.0 support

part of eggjs/egg#3644

eggjs/egg#5257

Summary by CodeRabbit

Based on the comprehensive changes, here are the updated release notes:

• New Features

  • Migrated security plugin to TypeScript.
  • Enhanced type safety for security configurations.
  • Improved middleware and helper utilities.

• Introduced new middleware for handling Strict-Transport-Security,
  X-Frame-Options, and X-XSS-Protection headers.

  • Added support for new security configurations and helper functions.

• Breaking Changes

  • Renamed package from egg-security to @eggjs/security.
  • Dropped support for Node.js versions below 18.19.0.
  • Restructured module exports and configurations.
  • Removed several deprecated middleware and utility functions.

• Security Improvements

  • Updated CSRF, XSS, and SSRF protection mechanisms.
  • Enhanced middleware for handling security headers.
  • Refined configuration options for various security features.

• Performance

  • Modernized codebase with ES module syntax.
  • Improved type definitions and module structure.

• Enhanced test suite with TypeScript support and better resource
  management.

Features

• support cjs and esm both by tshy (#101) (a11661f)

This release is also available on:

• npm package (@latest dist-tag)

3.7.0 (2025年01月13日)

Features

• csrf support check origin header with referer type (#69) (2c950d3)

This release is also available on:

• npm package (@latest dist-tag)

3.6.0 (2024年07月08日)

Features

• add hostnameExceptionList for ssrf (#100) (92a34f3)

This release is also available on:

• npm package (@latest dist-tag)

3.5.0 (2024年07月03日)

Features

• add rotateWhenInvalid option for CSRF token (#98) (ae37c8f)

This release is also available on:

• npm package (@latest dist-tag)

3.4.0 (2024年07月01日)

Features

• support SSRF check on useHttpClientNext = true (#96) (1d6bfff)

This release is also available on:

• npm package (@latest dist-tag)

3.3.1 (2024年06月12日)

Bug Fixes

• use @eggjs/ip instead of ip (#95) (5e3ee95)

This release is also available on:

• npm package (@latest dist-tag)

3.3.0 (2024年05月29日)

Features

• use ip@v2 (#93) (ffb761d)

This release is also available on:

• npm package (@latest dist-tag)

3.2.0 (2024年01月04日)

Features

• CSRF cookies allow the use of signatures (#88) (da1b532)

This release is also available on:

• npm package (@latest dist-tag)