Skip to content

Releases: GaProgMan/OwaspHeaders.Core

Improved memory footprint and execution speed of middleware's Invoke method

27 Dec 00:09
54fc9a1
Compare
Choose a tag to compare

By leveraging an in-memory dictionary which we populate on the first run through the Invoke method, we can drastically speed up the execution speed whilst reducing the memory footprint of the middleware class.

Also included are a number of changes to the documentation site.

What's Changed

New Contributors

Full Changelog: v9.1.0...v9.6.0

Removed X-Powered-By tag

02 Dec 17:03
Compare
Choose a tag to compare

Summary

It's not possible for ASP .NET Core to remove the X-Powered-By header. As such, even though the OWASP Secure Headers project recommends removing it, OwaspHeaders.Core no longer attempts to remove it.

This is because ASP .NET Core cannot remove this header, as it's set at the reverse proxy level. A solution has been provided in the Server Header: A Warning section of the readme and package documentation.

What's Changed

Full Changelog: v9.1.0...v9.2.0

Correct max-age value for HSTS header

28 Nov 16:23
18c6333
Compare
Choose a tag to compare

Summary

At some point recently, the default value for the Strict-Transport-Security (aka HSTS) header was changed from 63072000 (730 days) to 31536000 (365 days). This release fixes that oversight.

What's Changed

Full Changelog: v9.0.0...v9.1.0

.NET 9 support

20 Nov 06:24
62367f4
Compare
Choose a tag to compare

Summary

As of November 12th, .NET 9 has been RTM'd. This release marks the first version of OwaspHeaders.Core which supports .NET 9.

Please see the .NET support lifecycle documentation for details: https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core#lifecycle

What's Changed

Full Changelog: v8.1.3...v9.0.0

Final version which supports .NET 6

20 Nov 06:23
1f3a692
Compare
Choose a tag to compare

Summary

As of November 12th, both .NET 6 is out of support. This release marks the final version of OwaspHeaders.Core which works .NET 6 or .NET 7.

Included in this release is both the NuGet package and symbols package for version 8.1.3 of OwaspHeaders.Core.

Please see the .NET support lifecycle documentation for details: https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core#lifecycle

What's Changed

New Contributors

Full Changelog: v6.1.0...v8.1.3

.NET Framework final version

07 Jun 16:25
e2b9631
Compare
Choose a tag to compare

Summary

This release marks the final version of OwaspHeaders.Core which works with .NET Framework hosted ASP .NET Core 2.2 (or lower) applications.

The library no longer supports .NET Framework hosting situations due to Microsoft having dropped support for them back in the ASP .NET Core 3.0 time frame. Please see the following for details aspnet/Announcements#324