ysjj-system/node_modules/egg-security/HISTORY.md

2.11.0 / 2022-07-20

features

• [b97b2b2] - feat: csrf cookie support cookieOptions (#80) (大木匠贰 <damujiangr@aliyun.com>)

2.10.1 / 2022-04-10

others

• [4bb4741] - 🐛 FIX: Add warning message on false value config (#79) (fengmk2 <fengmk2@gmail.com>)
• [184d109] - 📖 DOC: Add CONNECT method on CSRF default config (fengmk2 <fengmk2@gmail.com>)

2.10.0 / 2022-04-05

features

• [2d1b28f] - feat: make csrf supported method configurable (#74) (Anemone95 <x565178035@126.com>)

others

• [59558fa] - 🐛 FIX: Should detect all rules before ignore on CSRF (#78) (fengmk2 <fengmk2@gmail.com>)
• [61a5543] - deps: use nanoid@3 (#77) (fengmk2 <fengmk2@gmail.com>)

2.9.1 / 2022-03-29

fixes

• [0b3fb1e] - fix: should match script end tags like
(#76) (fengmk2 <fengmk2@gmail.com>)

others

• [1cde817] - 🤖 TEST: Run ci on GitHub Action (#75) (fengmk2 <fengmk2@gmail.com>)
• [23fef7d] - Delete SECURITY.md (fengmk2 <fengmk2@gmail.com>)
• [f6aeb97] - docs: Add Security Policy (fengmk2 <fengmk2@gmail.com>)

2.9.0 / 2021-04-21

others

• [9d80e90] - add ssrf.ipExceptionList (#70) (shadyzoz <shadyzoz@icloud.com>)
• [79c38e0] - docs: fix typos (#68) (viko16 <viko16@users.noreply.github.com>)

2.8.0 / 2020-04-16

features

• [a9aff4f] - feat: csrf support any, fix isSafeDomain bug (#67) (Yiyu He <>)
• [beeded1] - feat: config.cookieName support array (#66) (Yiyu He <>)

others

• [5bd4719] - test: content-length should not be empty string (pusongyang <ukyo.pu@gmail.com>)
• [def5bfa] - docs: typos & optimization (#63) (吖猩 <whx89768@alibaba-inc.com>)

2.7.1 / 2019-11-14

fixes

• [ef0e439] - fix(security): use new URL instead of url.parse (#62) (Yiyu He <>)

2.7.0 / 2019-10-25

features

• [f03aeed] - feat: add escapeShellArg and escapeShellCmd (#60) (p0sec <7829373@qq.com>)

others

• [22b155f] - style: fix document (#59) (刘放 <brizer@users.noreply.github.com>)

2.6.1 / 2019-08-09

fixes

• [b72a1eb] - fix: csrf false check (#58) (吖猩 <whxaxes@gmail.com>)

2.6.0 / 2019-08-09

features

• [a1b8e00] - feat: csrf support referer type (#56) (吖猩 <whxaxes@gmail.com>)

others

• [1890644] - chore: show contributors on README (#55) (fengmk2 <fengmk2@gmail.com>)

2.5.0 / 2019-03-08

others

• [4fcadc4] - deps: update packs and ignore lock file (#54) (Maledong <>)
• [5772242] - test: use expectLog to assert log (#53) (fengmk2 <fengmk2@gmail.com>)

2.4.3 / 2019-02-19

fixes

• [b80202f] - fix: make sure domain is string before use it (#52) (fengmk2 <fengmk2@gmail.com>)

2.4.2 / 2019-01-04

fixes

• [ad21465] - fix: fix referrer-policy enum check (#50) (Century Guo <648772021@qq.com>)

2.4.1 / 2018-11-15

• fix: shtml check domainWhiteList hostname get null (#49)

2.4.0 / 2018-08-24

others

• [57bc4d9] - bug (methodnoallow): Fix for 'OPTIONS not allowed' (#40) (Maledong <>)
• [8ead61e] - chore: improve npm scripts (#48) (Maledong <>)
• [817d114] - doc (README.zh-CN.md, README.md): Fix typos and add missing trans (#45) (Maledong <>)

2.3.1 / 2018-08-16

fixes

• [8997866] - fix: preprocess config in app.js (#46) (Yiyu He <>)

others

• [9baf72e] - chore (shtml,cliFilter,sjs,README): Modifications of files (#47) (Maledong <>)

2.3.0 / 2018-08-14

fixes

• [835eff5] - Fix: Make domain and whiteList, protocalWhiteList case insensitive (Maledong <>)
• [81f757a] - fix: use faster non-secure ID generator (#43) (Andrey Sitnik <andrey@sitnik.ru>)

others

• [72e7ceb] - utils (isSafeDomain): Use matcher to check for a wild character of a (#42) (Maledong <>)
• [a7035cf] - doc: Translate from Chinese into English for several files for their comments (#41) (Maledong <>)

2.2.3 / 2018-07-11

fixes

• [b5e1741] - fix: disable nosniff on redirect status (#38) (fengmk2 <fengmk2@gmail.com>)

2.2.2 / 2018-04-12

fixes

• [dbc9a44] - fix: format illegal url (#36) (Yiyu He <>)

others

• [9676127] - docs: update warning infomation for ignoreJSON (#35) (Haoliang Gao <sakura9515@gmail.com>)

2.2.1 / 2018-03-28

others

• [e6e5e65] - docs: fix SSRF link (#34) (Haoliang Gao <sakura9515@gmail.com>)

2.2.0 / 2018-03-27

features

• [eba4555] - feat: support safeCurl for SSRF protection (#32) (Yiyu He <>)

fixes

• [abc33d1] - fix: deprecate ignoreJSON (#30) (Yiyu He <>)

others

• [4f045a0] - deps: add missing dependencies ip (dead-horse <>)

2.1.0 / 2018-03-14

features

• [97f372c] - feat: add RefererPolicy support (#27) (Adams <jtyjty99999@126.com>)

others

• [76bd83f] - chore:bump to 2.0.1 (jtyjty99999 <jtyjty99999@126.com>),

2.0.1 / 2018-03-14

• fix: absolute path detect should ignore evil path (#28)

2.0.0 / 2017-11-10

others

• [0ec7d2f] - refactor: use async function and support egg@2 (#25) (Yiyu He <>)

1.12.1 / 2017-08-03

others

• [870a7e2] - fix(csrf): ignore json request even body not exist (#23) (Yiyu He <dead-horse@users.noreply.github.com>)

1.12.0 / 2017-07-19

• feat: make session plugin optional (#22)

1.11.0 / 2017-06-19

• feat: add global path blocking to avoid directory traversal attack (#19)

1.10.2 / 2017-06-14

• fix: should not assert csrf when path match ignore (#20)

1.10.1 / 2017-06-04

• docs: fix License url (#18)

1.10.0 / 2017-05-09

• feat: config.security.csrf.cookieDomain can be function (#17)

1.9.0 / 2017-03-28

• feat: use egg-path-matching to support fn (#15)

1.8.0 / 2017-03-07

• feat:support muiltiple query/body key to valid csrf token (#14)

1.7.0 / 2017-03-07

• feat: add ctx.rotateCsrfToken (#13)

1.6.0 / 2017-02-20

• refactor: add csrf faq url to error msg in local env (#12)

1.5.0 / 2017-02-17

• feat: surl support protocol whitelist (#11)

1.4.0 / 2017-01-22

• refactor: rewrite csrf (#10)

1.3.0 / 2016-12-28

• feat: support hash link in shtml (#7)
• test: fix test (#8)

1.2.1 / 2016-09-01

• fix: make sure every middleware has name (#6)

1.2.0 / 2016-08-31

• feat: disable hsts for default (#5)

1.1.0 / 2016-08-31

• refactor: remove ctoken, csrf check all post/put/.. requests (#4)

1.0.3 / 2016-08-30

• fix: lower case header will get better performance (#3)

1.0.2 / 2016-08-29

• refactor: use setRawHeader

1.0.1 / 2016-08-21

• First version