2.5.0

What's Changed

• Update README.md by @Baroshem in #653
• fix(csrf): add csrf config to routeRules by @kouts in #652
• fix(cspSsrNonce): more robust tag replacement by @GalacticHypernova in #658
• fix(headers): add ssg hashes for script-src-elem and style-src-elem by @dargmuesli in #659
• chore(types): resolve unstorage issue by @dargmuesli in #660
• fix(types): add type templates by @dargmuesli in #661
• feat(types): upgrade to kit v4 by @dargmuesli in #662
• Chore/2.5.0 by @Baroshem in #663

Full Changelog: v2.4.0...v2.5.0

2.4.0

What's Changed

• feat(rate limiter): #643 add new option for custom IP header name by @jelmerdemaat in #644
• Update STS header generation by @FBFunnyBunnyFB in #649
• Chore/2.4.0 by @Baroshem in #650

New Contributors

• @jelmerdemaat made their first contribution in #644
• @FBFunnyBunnyFB made their first contribution in #649

Full Changelog: v2.3.0...v2.4.0

2.3.0

What's Changed

• #624 - Update incorrect permissions policy docs by @OndrejSerek in #625
• feat(node)!: upgrade to v20 by @dargmuesli in #635
• test: update for most recent Nuxt v3 by @dargmuesli in #640
• fix(types): declare module nitropack/types by @dargmuesli in #634
• chore(deps)!: upgrade module builder to v1 by @dargmuesli in #636
• Chore/2.3.0 by @Baroshem in #641

New Contributors

• @OndrejSerek made their first contribution in #625

Full Changelog: v2.2.0...v2.3.0

v2.2.0

This version introduces a new feature to the rate limiter middleware by adding a whitelist option, along with several related changes to the codebase and documentation.

New Feature: Whitelist Option for Rate Limiter

• Rate Limiter Configuration:

  • Added a whiteList property to the RateLimiter type, allowing specific IP addresses to bypass rate limiting. (docs/content/3.middleware/1.rate-limiter.md, src/types/middlewares.ts, src/defaultConfig.ts) [1] [2] [3]
  • Updated documentation to include details about the new whiteList property. (docs/content/3.middleware/1.rate-limiter.md)

• Security Configuration:

  • Fixed an issue where securityConfig was not correctly initialized in the basic authentication middleware. (src/runtime/server/middleware/basicAuth.ts)

• Nonce Handling:

  • Improved the handling of nonces in CSP headers by ensuring existing nonces are replaced instead of duplicated. (src/runtime/nitro/plugins/40-cspSsrNonce.ts) [1] [2]

What's Changed

• Bug reports in repo: Use new template forms by @vejja in #578
• bug reports: update placeholders by @vejja in #579
• Update bug-report.yml by @vejja in #581
• docs(fix): readme license link by @IO-Fire in #591
• [ci skip] docs: update license year by @IO-Fire in #592
• Enhance header filtering in getHeadersApplicableToAllResources function to exclude falsy values by @ivanvakulov in #588
• Update GitHub question issue template with the correct link by @nicokempe in #600
• Fix/docs typo by @fahdarafat in #596
• fix(nonce): override user-defined nonce values with Nuxt Image by @GalacticHypernova in #593
• Add basic rate limiter whitelist (specific IPs only) by @zguig52 in #573
• Refactor basicAuth middleware to use runtime configuration correctly by @ivanvakulov in #599
• Chore/2.2.0 by @Baroshem in #607

New Contributors

• @IO-Fire made their first contribution in #591
• @ivanvakulov made their first contribution in #588
• @nicokempe made their first contribution in #600
• @fahdarafat made their first contribution in #596
• @zguig52 made their first contribution in #573

Full Changelog: v2.1.5...v2.2.0

v2.1.5

🚨Hotfix Release : disable minification by default

This release fixes an issue reported in #576 whereby Nuxt UI v3 styles could break.
The issue was related to minification settings.

This release also deploys the new version of the documentation pages for Nuxt Security
Enjoy reading 📖

What's Changed

• Chore/2.1.4 by @vejja in #568
• docs-#558: refactor docs new version by @Baroshem in #560
• fix(docs): broken links by @aryan02420 in #574
• fix(loggers): do not set minify option by default by @vejja in #577

New Contributors

• @aryan02420 made their first contribution in #574

Full Changelog: v2.1.4...v2.1.5

2.1.4

compare changes

🩹 Hotfix Release: SRI for PrimeVue

This release introduces specific support for Subresource Integrity with PrimeVue

❤️ Contributors

• Lawren lawrenipsum@gmail.com

What's Changed

• chore(release): 2.1.3 by @vejja in #566
• fix: #564 resolves issue with element.replace on non-string elements by @lawren in #567

Full Changelog: v2.1.3...v2.1.4

2.1.3

🩹 Hotfix Release: Nonce for PrimeVue

This release introduces specific support for Nonce with PrimeVue

❤️ Contributors

• Lawren lawrenipsum@gmail.com

What's Changed

• chore(release): 2.1.2 by @vejja in #563
• fix: #564 resolves issue with element.replace on non-string elements by @lawren in #565

New Contributors

• @lawren made their first contribution in #565

Full Changelog: v2.1.2...v2.1.3

2.1.2

🚨Hotfix release: re-enable console.logs in dev mode

This release prevents the removal of console.log statements by Nuxt-Security in development mode.

Nuxt Security helps you ship safer applications by removing console.log statements when the removeLoggers option is set to true, which is the default value.
However, removing console.log statements by default also in development mode is causing our users to search why their logs are disappearing.

With this release, removeLoggers only removes console.log statements in production builds.

What's Changed

• fix(core): do not remove loggers in dev mode by @vejja in #561

Full Changelog: v2.1.1...v2.1.2

2.1.1

🛠️ Hotfix Release : Node 18 Compatibility

This hotfix release re-introduces support for Node 18.
Node 18 is the minimum requirement for all Nuxt 3 applications.

Full Changelog: v2.1.0...v2.1.1

2.1.0

2.1.0 🎉

This is a new minor version where we focused mainly on fixing bugs but we also introduced Continous Releases by Stackblitz!

Enjoy!

👉 Changelog
compare changes

❤️ Contributors

• @vejja
• @dungsil made their first contribution in #530
• @DamianGlowala
• @Baroshem

What's Changed

• docs: fix broken links by @dungsil in #530
• fix: devtools being blocked in strict mode by @dungsil in #531
• feat(csp): trusted types by @vejja in #529
• fix(sri): incorrect cdnUrl resolution by @vejja in #536
• docs: mention correct default value for COOP by @DamianGlowala in #543
• feat(core): Vite native method to remove loggers by @vejja in #534
• fix(core): do not create empty header entries in routeRules by @vejja in #539
• feat(core): crypto compatibility for Workers by @vejja in #547
• feat(core): Continuous Releases by @vejja in #549
• Revert "feat(core): Continuous Releases" by @vejja in #550
• feat(core): Continuous Releases by @vejja in #551
• chore(deps): bump vite from 5.2.8 to 5.4.11 by @dependabot in #552
• Chore/2.1.0 by @Baroshem in #532

New Contributors

• @dungsil made their first contribution in #530

Full Changelog: v2.0.0...v2.1.0