Releases: OWASP/www-project-csrfguard
Releases · OWASP/www-project-csrfguard
4.5.0-jakarta
The same as 4.5.0, but for Jakarta.
4.5.0
What's Changed
- Add automation to minify and transpile the JS code by @forgedhallpass in #31
- Fix none match multi domain validation by @dgriffon in #305
- ci: Snyk check improvement by @forgedhallpass in #308
- Handle protocol (http, https) in URL normalisation. by @jayblanc in #330
- Improve JavaScriptServlet client side caching strategy by @jayblanc in #327
Version bumps
- build(deps): bump org.slf4j:slf4j-api from 2.0.13 to 2.0.16 by @dependabot in #289
- build(deps): bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 by @dependabot in #297
- build(deps): bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.7 by @dependabot in #303
- build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.0 to 3.5.2 by @dependabot in #315
- build(deps-dev): bump junit.version from 5.10.3 to 5.11.4 by @dependabot in #319
- build(deps): bump org.owasp:dependency-check-maven from 10.0.3 to 12.1.0 by @dependabot in #328
- build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.11.2 by @dependabot in #318
- build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.2 to 3.1.3 by @dependabot in #293
- build(deps): bump commons-io:commons-io from 2.16.1 to 2.18.0 by @dependabot in #316
- build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.5.0 by @dependabot in #312
- build(deps): bump org.apache.maven.plugins:maven-clean-plugin from 3.4.0 to 3.4.1 by @dependabot in #329
- build(deps): bump com.google.code.gson:gson from 2.11.0 to 2.12.1 by @dependabot in #325
New Contributors
Full Changelog: 4.4.0...4.5.0
Contributors
jayblanc, dgriffon, and 2 other contributors
Assets 11
4.4.0
What's Changed
- Request through a proxyPass problem by @stefano-1973 in #254
- TLD file location by @rameshkt in #277
- Updated documentation by @swetak20 and @forgedhallpass in #272
- JSP with CSRF Guard form tag having an action with query parameters fails validation by @Frank-St #287
Version changes
- Bump maven-war-plugin from 3.3.2 to 3.4.0 by @dependabot in #210
- Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 by @dependabot in #227
- Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 by @dependabot in #260
- Bump commons-io:commons-io from 2.15.1 to 2.16.1 by @dependabot in #261
- Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 by @dependabot in #252
- build(deps): bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.3 to 3.2.4 by @dependabot in #267
- build(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.2 by @dependabot in #269
- build(deps): bump org.slf4j:slf4j-api from 2.0.12 to 2.0.13 by @dependabot in #264
- build(deps): bump org.apache.maven.plugins:maven-scm-plugin from 2.0.1 to 2.1.0 by @dependabot in #266
- build(deps): bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0 by @dependabot in #273
- build(deps): bump com.google.code.gson:gson from 2.10.1 to 2.11.0 by @dependabot in #271
- build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 by @dependabot in #275
- build(deps): bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 by @dependabot in #279
- build(deps-dev): bump junit.version from 5.10.2 to 5.10.3 by @dependabot in #280
- build(deps): bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 by @dependabot in #284
- build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.8.0 by @dependabot in #286
- build(deps): bump org.owasp:dependency-check-maven from 8.4.3 to 10.0.3 by @dependabot in #285
New Contributors
Full Changelog: 4.3.0-jakarta...4.4.0-jakarta
Contributors
rameshkt, forgedhallpass, and 4 other contributors
Assets 2
4.4.0-jakarta
This is the same as the 4.4.0 release, but for Jakarta.
4.3.0-jakarta
What's Changed
- Add Jakarta support by @stefano-1973 & @forgedhallpass in #176
Full Changelog: 4.3.0...4.3.0-jakarta
Contributors
forgedhallpass and stefano-1973
Assets 12
4.3.0
What's Changed
- Add support for validating multiple domain origins by @gflores-jahia in #200
- Fixed Printing the CsrfGuard's config leads to java.lang.reflect.InaccessibleObjectException in Java 17 by @forgedhallpass in #179
Version updates
- Bump junit.version from 5.9.2 to 5.9.3 by @dependabot in #197
- Bump dependency-check-maven from 8.1.2 to 8.2.1 by @dependabot in #190
- Bump maven-deploy-plugin from 3.1.0 to 3.1.1 by @dependabot in #191
- Bump maven-surefire-plugin from 3.0.0 to 3.1.0 by @dependabot in #198
- Bump maven-gpg-plugin from 3.0.1 to 3.1.0 by @dependabot in #199
- Bump commons-io from 2.11.0 to 2.12.0 by @dependabot in #201
- Bump maven-scm-plugin from 2.0.0 to 2.0.1 by @dependabot in #202
- Bump maven-source-plugin from 3.2.1 to 3.3.0 by @dependabot in #203
New Contributors
- @gflores-jahia made their first contribution in #200
Full Changelog: 4.2.1...4.3.0
Contributors
forgedhallpass, dependabot, and gflores-jahia
Assets 12
4.2.1
What's Changed
- Bump mockito.version from 4.5.1 to 4.6.0 by @dependabot in #103
- Bump maven-scm-plugin from 1.12.2 to 1.13.0 by @dependabot in #104
- Bump mockito.version from 4.6.0 to 4.6.1 by @dependabot in #105
- Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7 by @dependabot in #106
- Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 by @dependabot in #107
- Bump dependency-check-maven from 7.1.0 to 7.1.1 by @dependabot in #108
- Bump maven-deploy-plugin from 3.0.0-M2 to 3.0.0 by @dependabot in #111
- Bump junit.version from 5.8.2 to 5.9.0 by @dependabot in #114
- Bump gson from 2.9.0 to 2.9.1 by @dependabot in #117
- Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 by @dependabot in #119
- Bump mockito.version from 4.6.1 to 4.7.0 by @dependabot in #118
- Bump slf4j-api from 1.7.36 to 2.0.0 by @dependabot in #123
- Bump dependency-check-maven from 7.1.1 to 7.1.2 by @dependabot in #124
- Bump mockito.version from 4.7.0 to 4.8.0 by @dependabot in #126
- Bump logback-classic from 1.2.11 to 1.4.1 by @dependabot in #127
- Bump slf4j-api from 2.0.0 to 2.0.1 by @dependabot in #129
- Bump dependency-check-maven from 7.1.2 to 7.2.0 by @dependabot in #128
- Bump maven-jar-plugin from 3.2.2 to 3.3.0 by @dependabot in #132
- Bump slf4j-api from 2.0.1 to 2.0.2 by @dependabot in #135
- Bump junit.version from 5.9.0 to 5.9.1 by @dependabot in #134
- Bump dependency-check-maven from 7.2.0 to 7.2.1 by @dependabot in #133
- Bump slf4j-api from 2.0.2 to 2.0.3 by @dependabot in #136
- Bump logback-classic from 1.4.1 to 1.4.3 by @dependabot in #137
- Bump mockito.version from 4.8.0 to 4.8.1 by @dependabot in #141
- Bump logback-classic from 1.4.3 to 1.4.4 by @dependabot in #140
- Bump dependency-check-maven from 7.2.1 to 7.3.0 by @dependabot in #142
- Bump gson from 2.9.1 to 2.10 by @dependabot in #144
- Bump maven-release-plugin from 3.0.0-M6 to 3.0.0-M7 by @dependabot in #147
- Bump slf4j-api from 2.0.3 to 2.0.5 by @dependabot in #153
- Bump dependency-check-maven from 7.3.0 to 7.3.2 by @dependabot in #152
- Bump mockito.version from 4.8.1 to 4.9.0 by @dependabot in #148
- Bump dependency-check-maven from 7.3.2 to 7.4.1 by @dependabot in #155
- Bump logback-classic from 1.4.4 to 1.4.5 by @dependabot in #151
- Bump slf4j-api from 2.0.5 to 2.0.6 by @dependabot in #156
- Bump mockito.version from 4.9.0 to 4.10.0 by @dependabot in #158
- Bump mockito.version from 4.10.0 to 4.11.0 by @dependabot in #160
- Bump dependency-check-maven from 7.4.1 to 7.4.2 by @dependabot in #159
- Bump dependency-check-maven from 7.4.2 to 7.4.3 by @dependabot in #161
- Bump dependency-check-maven from 7.4.3 to 7.4.4 by @dependabot in #163
- Bump junit.version from 5.9.1 to 5.9.2 by @dependabot in #164
- Bump maven-surefire-plugin from 3.0.0-M7 to 3.0.0-M8 by @dependabot in #165
- Bump dependency-check-maven from 7.4.4 to 8.0.0 by @dependabot in #166
- Bump gson from 2.10 to 2.10.1 by @dependabot in #162
- Bump dependency-check-maven from 8.0.0 to 8.0.1 by @dependabot in #168
- Bump dependency-check-maven from 8.0.1 to 8.0.2 by @dependabot in #171
- Bump maven-deploy-plugin from 3.0.0 to 3.1.0 by @dependabot in #174
- Bump maven-surefire-plugin from 3.0.0-M8 to 3.0.0-M9 by @dependabot in #180
- Bump dependency-check-maven from 8.0.2 to 8.1.0 by @dependabot in #177
- Bump maven-javadoc-plugin from 3.4.1 to 3.5.0 by @dependabot in #181
- Bump dependency-check-maven from 8.1.0 to 8.1.1 by @dependabot in #182
- Bump maven-compiler-plugin from 3.10.1 to 3.11.0 by @dependabot in #183
- Bump dependency-check-maven from 8.1.1 to 8.1.2 by @dependabot in #184
- Bump maven-surefire-plugin from 3.0.0-M9 to 3.0.0 by @dependabot in #185
- Bump maven-scm-plugin from 1.13.0 to 2.0.0 by @dependabot in #186
Full Changelog: 4.2.0...4.2.1
Contributors
dependabot
Assets 12
4.2.0
What's Changed
- Disable serving Internet Explorer by default by @forgedhallpass
- Making the regexpPatternCache thread safe by @forgedhallpass
Version updates
- Bump mockito.version from 4.5.1 to 4.6.0 by @dependabot in #103
- Bump maven-scm-plugin from 1.12.2 to 1.13.0 by @dependabot in #104
- Bump mockito.version from 4.6.0 to 4.6.1 by @dependabot in #105
- Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7 by @dependabot in #106
- Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 by @dependabot in #107
- Bump dependency-check-maven from 7.1.0 to 7.1.1 by @dependabot in #108
- Bump maven-deploy-plugin from 3.0.0-M2 to 3.0.0 by @dependabot in #111
- Bump junit.version from 5.8.2 to 5.9.0 by @dependabot in #114
- Bump gson from 2.9.0 to 2.9.1 by @dependabot in #117
- Bump maven-javadoc-plugin from 3.4.0 to 3.4.1 by @dependabot in #119
- Bump mockito.version from 4.6.1 to 4.7.0 by @dependabot in #118
Full Changelog: 4.1.4...4.2.0
Contributors
forgedhallpass and dependabot
Assets 12
4.1.4
What's Changed
- Performance improvement in placeholder replacements of javascript #82 by @bpapez and @forgedhallpass in #83
- Adding support for un-exploded deployments by @lav023 and @forgedhallpass in #99
Version updates:
- Bump dependency-check-maven from 7.0.0 to 7.0.1 by @dependabot in #84
- Bump dependency-check-maven from 7.0.1 to 7.0.2 by @dependabot in #85
- Bump dependency-check-maven from 7.0.2 to 7.0.3 by @dependabot in #86
- Bump dependency-check-maven from 7.0.3 to 7.0.4 by @dependabot in #87
- Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6 by @dependabot in #89
- Bump mockito.version from 4.4.0 to 4.5.0 by @dependabot in #92
- Bump maven-javadoc-plugin from 3.3.2 to 3.4.0 by @dependabot in #93
- Bump mockito.version from 4.5.0 to 4.5.1 by @dependabot in #94
- Bump nexus-staging-maven-plugin from 1.6.12 to 1.6.13 by @dependabot in #95
- Bump dependency-check-maven from 7.0.4 to 7.1.0 by @dependabot in #97
New Contributors
Full Changelog: 4.1.3...4.1.4
Contributors
bpapez, forgedhallpass, and 2 other contributors
Assets 12
4.1.3
What's Changed
- Bump nexus-staging-maven-plugin from 1.6.11 to 1.6.12 by @dependabot in #73
- Bump maven-war-plugin from 3.3.1 to 3.3.2 by @dependabot in #74
- Bump dependency-check-maven from 6.5.3 to 7.0.0 by @dependabot in #75
- Bump logback-classic from 1.2.10 to 1.2.11 by @dependabot in #76
- Bump mockito.version from 4.3.1 to 4.4.0 by @dependabot in #77
- Added flag to initialise the javascript settings for new ConfigurationProvider instances by @renewolfert in #78
- Bump maven-compiler-plugin from 3.10.0 to 3.10.1 by @dependabot in #80
New Contributors
- @renewolfert made their first contribution in #78
Full Changelog: 4.1.2...4.1.3
Contributors
renewolfert and dependabot