Releases: GaProgMan/OwaspHeaders.Core
Improved memory footprint and execution speed of middleware's Invoke method
By leveraging an in-memory dictionary which we populate on the first run through the Invoke
method, we can drastically speed up the execution speed whilst reducing the memory footprint of the middleware class.
Also included are a number of changes to the documentation site.
What's Changed
- Feature/docs basic entries by @GaProgMan in #122
- Feature/docs basic entries by @GaProgMan in #123
- Feature/docs basic entries by @GaProgMan in #124
- Feature/docs basic entries by @GaProgMan in #125
- Feature/docs basic entries by @GaProgMan in #126
- Feature/docs basic entries by @GaProgMan in #127
- Feature/docs basic entries by @GaProgMan in #128
- Feature/docs basic entries by @GaProgMan in #129
- Feature/optimisations for header value builders by @GaProgMan in #130
- Feature/docs basic entries by @GaProgMan in #131
- Feature/docs basic entries by @GaProgMan in #132
- Simplification of project layout; Updated all relevant GitHub actions files by @GaProgMan in #133
- Feature/docs basic entries by @GaProgMan in #134
- Fixed #135 by replacing the incorrect default values for the Cache-Control header with the correct ones. by @jamie-taylor-rjj in #136
- Feature/configuration docs by @jamie-taylor-rjj in #137
- Feature/docs basic entries by @GaProgMan in #138
- Feature/add issue types by @jamie-taylor-rjj in #139
- Feature/ignore provided urls by @jamie-taylor-rjj in #142
- Attempted to add manual steps for the CodeQL yml file by @jamie-taylor-rjj in #143
- Feature/adding integration tests by @jamie-taylor-rjj in #144
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #145
- Bugfix/fix release ci by @GaProgMan in #146
- Fix .NET SDK mismatches in actions by @jamie-taylor-rjj in #147
- Add Attestations to build and release workflow by @GaProgMan in #148
- Updated docs for attestations on release by @jamie-taylor-rjj in #150
- Fix for images not displaying in attestations docs by @GaProgMan in #151
- Header Caching by @GaProgMan in #152
- Bugfix/editorconfig bug by @jamie-taylor-rjj in #154
New Contributors
- @step-security-bot made their first contribution in #145
Full Changelog: v9.1.0...v9.6.0
Removed X-Powered-By tag
Summary
It's not possible for ASP .NET Core to remove the X-Powered-By
header. As such, even though the OWASP Secure Headers project recommends removing it, OwaspHeaders.Core no longer attempts to remove it.
This is because ASP .NET Core cannot remove this header, as it's set at the reverse proxy level. A solution has been provided in the Server Header: A Warning
section of the readme and package documentation.
What's Changed
- Feature/docs basic entries by @GaProgMan in #122
- Feature/docs basic entries by @GaProgMan in #123
- Feature/docs basic entries by @GaProgMan in #124
- Feature/docs basic entries by @GaProgMan in #125
- Feature/docs basic entries by @GaProgMan in #126
- Feature/docs basic entries by @GaProgMan in #127
- Feature/docs basic entries by @GaProgMan in #128
- Feature/docs basic entries by @GaProgMan in #129
Full Changelog: v9.1.0...v9.2.0
Correct max-age value for HSTS header
Summary
At some point recently, the default value for the Strict-Transport-Security (aka HSTS) header was changed from 63072000 (730 days) to 31536000 (365 days). This release fixes that oversight.
What's Changed
- Added .github dir to ignore for action by @GaProgMan in #101
- scorecard.yml updated to latest best-practise by @GaProgMan in #102
- Added warnings as errors to csproj files by @jamie-taylor-rjj in #104
- Initial commit of the Just-The-Docs template files by @GaProgMan in #106
- Fixed URL in config for docs directory by @GaProgMan in #110
- Initial Customisation of docs theme by @GaProgMan in #111
- Fixed location of logo in docs config by @GaProgMan in #112
- Bugfix/docs logo location by @GaProgMan in #113
- Feature/basic docs by @GaProgMan in #114
- Feature/basic docs by @GaProgMan in #115
- Feature/basic docs by @GaProgMan in #116
- Feature/basic docs by @GaProgMan in #117
- Fixed gemfile.lock by @jamie-taylor-rjj in #118
- Very basic documentation files by @GaProgMan in #119
- Feature/docs basic entries by @GaProgMan in #120
- The max-age value used by the default HSTS header is no longer correct by @jamie-taylor-rjj in #121
Full Changelog: v9.0.0...v9.1.0
.NET 9 support
Summary
As of November 12th, .NET 9 has been RTM'd. This release marks the first version of OwaspHeaders.Core which supports .NET 9.
Please see the .NET support lifecycle documentation for details: https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core#lifecycle
What's Changed
- Removed Support For .NET 6; Added Support For .NET 9 by @jamie-taylor-rjj in #100
Full Changelog: v8.1.3...v9.0.0
Final version which supports .NET 6
Summary
As of November 12th, both .NET 6 is out of support. This release marks the final version of OwaspHeaders.Core which works .NET 6 or .NET 7.
Included in this release is both the NuGet package and symbols package for version 8.1.3 of OwaspHeaders.Core.
Please see the .NET support lifecycle documentation for details: https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core#lifecycle
What's Changed
- Implemented Cross-Origin-Resource-Policy response header by @miguelcrpinto in #86
- Feature/add dotnet format to readme by @jamie-taylor-rjj in #87
- Feature/simplifiy first use by @jamie-taylor-rjj in #89
- Removed references to Moq by @jamie-taylor-rjj in #90
- Version bump by @GaProgMan in #91
- Fixed version bump by @GaProgMan in #92
- Removed support for .NET Framework-based ASP .NET Core applications by @jamie-taylor-rjj in #93
- Feature/add net 8 by @jamie-taylor-rjj in #94
- Improve NuGet package metadata by @swharden in #96
- Enhanced readability of the csproj by @GaProgMan in #97
- GitHub Actions Upgrades by @GaProgMan in #98
New Contributors
- @miguelcrpinto made their first contribution in #86
- @swharden made their first contribution in #96
Full Changelog: v6.1.0...v8.1.3
.NET Framework final version
Summary
This release marks the final version of OwaspHeaders.Core which works with .NET Framework hosted ASP .NET Core 2.2 (or lower) applications.
The library no longer supports .NET Framework hosting situations due to Microsoft having dropped support for them back in the ASP .NET Core 3.0 time frame. Please see the following for details aspnet/Announcements#324