Skip to content
This repository has been archived by the owner on Dec 31, 2022. It is now read-only.

v1.11.0
Compare
Choose a tag to compare
@ajgon ajgon released this 17 Jul 11:54
· 132 commits to master since this release
v1.11.0
6806efa
This commit was signed with the committer’s verified signature.
ajgon Igor Rzegocki
GPG key ID: DBF5E35526B27548
Verified
Learn about vigilant mode.

Bug Fixes

  • add Apache 2.4's "Require all granted" to apache2+passenger config file (#171) (f4e5871)
  • webserver: add X-Content-Type-Options: nosniff to assets served by rails for extra security (07d3336)

Features

  • webserver: hardened security headers, disabled tls1.0 and tls1.1 for non-legacy SSL config (8351d58)

BREAKING CHANGES

  • webserver: If you are using SSL in your project, TLSv1.0 and
    TLSv1.1 has been disabled for all responses - only TLSv1.2 is served. If
    you still need older ciphers, consider using
    app['webserver']['ssl_for_legacy_browsers'] configuration option.
Assets 3
Loading