3.7.0
Release Notes for 3.7.0
This is a SECURITY release. All users are encouraged to upgrade immediately.
Changed
-
This release bumps the minimum-supported version of laminas/laminas-diactoros to 2.11.2 in order to pick up security updates. Users who are still pinning to Diactoros 1.x versions will need to update to the later release.
-
Modifies the
Mezzio\Swoole\ServerRequestSwooleFactory
such that it checks the container for aLaminas\Diactoros\ServerRequestFilter\FilterServerRequestInterface
service, creating one viaLaminas\Diactoros\ServerRequestFilter\FilterUsingXForwardedHeaders::trustReservedSubnets()
if none is present. This change ensures thatX-Forwarded-*
request headers are only honored when the request comes from a reserved, private subnet (localhost; classes A, B, and C subnets; and IPv6 private and local-link subnets). If you need to trust from any source, or never want to trust these headers, you may provide an alternate server request filter by registering an alternate implementation of theLaminas\Diactoros\ServerRequestFilter\FilterServerRequestInterface
service.
3.7.0
- Total issues resolved: 0
- Total pull requests resolved: 0
- Total contributors: 0