1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
|
=======
CHANGES
=======
Unreleased
==========
- Nothing, currently
3.8
===
Please note: this release folds in a number of fixups, upgrades and documentation tweaks,
but is functionally the same as 3.7. New features will come with 3.9+
- Update Python syntax for modern versions with pyupgrade
- Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12
- Switch to ruff instead of pep8 and flake8
- Move from CircleCI to Github Actions for CI
- Add support for using pre-commit with the project
- Remove deprecation warning for child-src
- Fix capturing brackets in script template tags
- Update docs to clarify when nonce will not be added to headers
- Move from setup.py and setup.cfg to pyproject.toml (#209)
Note: identical other than release packaging to 3.8rc1
3.8rc1
======
- Move from setup.py and setup.cfg to pyproject.toml (#209)
3.8rc
=====
Please note: this release folds in a number of fixups, upgrades and documentation tweaks,
but is functionally the same as 3.7. New features will come with 3.9+
- Update Python syntax for modern versions with pyupgrade
- Drop support for EOL Python <3.8 and Django <2.2 version; add support up to Django 5 on Python 3.12
- Switch to ruff instead of pep8 and flake8
- Move from CircleCI to Github Actions for CI
- Add support for using pre-commit with the project
- Remove deprecation warning for child-src
- Fix capturing brackets in script template tags
- Update docs to clarify when nonce will not be added to headers
3.7
===
- Add support for Trusted Types
- Use 128 bits base64 encoded for nonce
3.6
===
- Add support/testing for Django 2.2 and 3.0
- Add support/testing for Python 3.7 and 3.8
- Disable CSP for Django NotFound debug view
- Add new headers used in CSP level 3
- Add support for the report-to directive
3.5
===
- New RateLimitedCSPMiddleware middleware (#97)
- Add support for csp nonce and "script" template tag. (#78)
- Various smaller fixes along the way
3.4
===
- Remove support for Django 1.6 and 1.7 as they're out of life
- Adds pypy3, Django 2.0.x and current Django master to our CI tests
- Allow removing directives using @csp_replace
- Add CSP nonce support
3.3
===
- Add support for Django 1.11
- Add support for Python 3.6
3.2
===
- Add manifest-src fetch directive - <https://w3c.github.io/webappsec-csp/#directive-manifest-src>
- Add worker-src fetch directive - <https://w3c.github.io/webappsec-csp/#directive-worker-src>
- Add plugin-types document directive - <https://w3c.github.io/webappsec-csp/#directive-plugin-types>
- Add require-sri-for <https://www.w3.org/TR/CSP/#directives-elsewhere> - <https://w3c.github.io/webappsec-subresource-integrity/#request-verification-algorithms>
- Add upgrade-insecure-requests - <https://w3c.github.io/webappsec-upgrade-insecure-requests/#delivery>
- Add block-all-mixed-content - <https://w3c.github.io/webappsec-mixed-content/>
- Add deprecation warning for child-src (#80)
3.1
===
- Add support for Django 1.10 middlewares
- Allow lazy objects to be assigned to CSP_REPORT_URI
v3.0
====
- Add support for Python 3 and PyPy
- Move to pytest for testing
- Add wheel build support
- Drops support for Django < 1.6, adds support for Django 1.6, 1.7, 1.8 and 1.9
- Remove leftover references to the old report processing feature (#64)
- Fix accidental mutation of config (#52)
Please note that this is a big release that touches quite a few parts so please
make sure you're testing thoroughly and report any issues to
<https://github.com/mozilla/django-csp/issues>
v2.0.3
======
- Disable CSP on built-in error pages.
v2.0.1 & v2.0.2
===============
No changes. I just can't package Python files.
v2.0
====
- Dropped report processing feature and code.
- Complies with CSP v1.0 and v1.1 (excluding experimental features).
- Dropped support for X-Content-Security-Policy and X-WebKit-CSP
headers.
|