Releases: gorilla/csrf
Releases · gorilla/csrf
v1.3
v1.3 includes an important security fix for users of Go 1.2 (Debian <=7, Ubuntu <=14.10, etc.). This would cause token comparison to fail: https://groups.google.com/forum/#!topic/gorilla-web/G3aIFrm0LVI
CHANGELOG:
- [bugfix] Token comparison could fail on versions of Go < 1.3.
- [ci] Updated Travis to use matrix builds.
v1.2
CHANGELOG:
- [feature] Custom field names are now passed to TemplateField implicitly.
- [feature] Expose an Option type for building functional options.
- [ci] Run go vet, gofmt and the race detector during tests
ADDENDUM:
Note that gorilla/csrf respects SemVer as defined at http://semver.org/ but will not make backward-incompatible changes unless a security fix requires it (which is extremely unlikely given the small API of the package!). "MINOR" versions as defined in SemVer will encapsulate additions to the API or resolving implicit behaviour, whereas "PATCH" versions will typically encapsulate documentation changes or clarifications.