What's Changed

• [ci skip] docs: fix Nuxt badge icon by @IO-Fire in #664
• fix(docs): update link to useScript by @AloisSeckar in #669
• fix: mask escaped strings properly by @mwienk in #670
• fix: disable xssValidator for nuxt hints route by @huang-julien in #671
• Chore/2.5.1 by @Baroshem in #673

New Contributors

• @AloisSeckar made their first contribution in #669
• @mwienk made their first contribution in #670

Full Changelog: v2.5.0...v2.5.1

What's Changed

• Update README.md by @Baroshem in #653
• fix(csrf): add csrf config to routeRules by @kouts in #652
• fix(cspSsrNonce): more robust tag replacement by @GalacticHypernova in #658
• fix(headers): add ssg hashes for script-src-elem and style-src-elem by @dargmuesli in #659
• chore(types): resolve unstorage issue by @dargmuesli in #660
• fix(types): add type templates by @dargmuesli in #661
• feat(types): upgrade to kit v4 by @dargmuesli in #662
• Chore/2.5.0 by @Baroshem in #663

Full Changelog: v2.4.0...v2.5.0

What's Changed

• feat(rate limiter): #643 add new option for custom IP header name by @jelmerdemaat in #644
• Update STS header generation by @FBFunnyBunnyFB in #649
• Chore/2.4.0 by @Baroshem in #650

New Contributors

• @jelmerdemaat made their first contribution in #644
• @FBFunnyBunnyFB made their first contribution in #649

Full Changelog: v2.3.0...v2.4.0

What's Changed

• #624 - Update incorrect permissions policy docs by @OndrejSerek in #625
• feat(node)!: upgrade to v20 by @dargmuesli in #635
• test: update for most recent Nuxt v3 by @dargmuesli in #640
• fix(types): declare module nitropack/types by @dargmuesli in #634
• chore(deps)!: upgrade module builder to v1 by @dargmuesli in #636
• Chore/2.3.0 by @Baroshem in #641

New Contributors

• @OndrejSerek made their first contribution in #625

Full Changelog: v2.2.0...v2.3.0

This version introduces a new feature to the rate limiter middleware by adding a whitelist option, along with several related changes to the codebase and documentation.

New Feature: Whitelist Option for Rate Limiter

• Rate Limiter Configuration:

  • Added a whiteList property to the RateLimiter type, allowing specific IP addresses to bypass rate limiting. (docs/content/3.middleware/1.rate-limiter.md, src/types/middlewares.ts, src/defaultConfig.ts) [1] [2] [3]
  • Updated documentation to include details about the new whiteList property. (docs/content/3.middleware/1.rate-limiter.md)

• Security Configuration:

  • Fixed an issue where securityConfig was not correctly initialized in the basic authentication middleware. (src/runtime/server/middleware/basicAuth.ts)

• Nonce Handling:

  • Improved the handling of nonces in CSP headers by ensuring existing nonces are replaced instead of duplicated. (src/runtime/nitro/plugins/40-cspSsrNonce.ts) [1] [2]

What's Changed

• Bug reports in repo: Use new template forms by @vejja in #578
• bug reports: update placeholders by @vejja in #579
• Update bug-report.yml by @vejja in #581
• docs(fix): readme license link by @IO-Fire in #591
• [ci skip] docs: update license year by @IO-Fire in #592
• Enhance header filtering in getHeadersApplicableToAllResources function to exclude falsy values by @ivanvakulov in #588
• Update GitHub question issue template with the correct link by @nicokempe in #600
• Fix/docs typo by @fahdarafat in #596
• fix(nonce): override user-defined nonce values with Nuxt Image by @GalacticHypernova in #593
• Add basic rate limiter whitelist (specific IPs only) by @zguig52 in #573
• Refactor basicAuth middleware to use runtime configuration correctly by @ivanvakulov in #599
• Chore/2.2.0 by @Baroshem in #607

New Contributors

• @IO-Fire made their first contribution in #591
• @ivanvakulov made their first contribution in #588
• @nicokempe made their first contribution in #600
• @fahdarafat made their first contribution in #596
• @zguig52 made their first contribution in #573

Full Changelog: v2.1.5...v2.2.0

🚨Hotfix Release : disable minification by default

This release fixes an issue reported in #576 whereby Nuxt UI v3 styles could break.
The issue was related to minification settings.

This release also deploys the new version of the documentation pages for Nuxt Security
Enjoy reading 📖

What's Changed

• Chore/2.1.4 by @vejja in #568
• docs-#558: refactor docs new version by @Baroshem in #560
• fix(docs): broken links by @aryan02420 in #574
• fix(loggers): do not set minify option by default by @vejja in #577

New Contributors

• @aryan02420 made their first contribution in #574

Full Changelog: v2.1.4...v2.1.5

compare changes

🩹 Hotfix Release: SRI for PrimeVue

This release introduces specific support for Subresource Integrity with PrimeVue

❤️ Contributors

• Lawren [email protected]

What's Changed

• chore(release): 2.1.3 by @vejja in #566
• fix: #564 resolves issue with element.replace on non-string elements by @lawren in #567

Full Changelog: v2.1.3...v2.1.4

🩹 Hotfix Release: Nonce for PrimeVue

This release introduces specific support for Nonce with PrimeVue

❤️ Contributors

• Lawren [email protected]

What's Changed

• chore(release): 2.1.2 by @vejja in #563
• fix: #564 resolves issue with element.replace on non-string elements by @lawren in #565

New Contributors

• @lawren made their first contribution in #565

Full Changelog: v2.1.2...v2.1.3

🚨Hotfix release: re-enable console.logs in dev mode

This release prevents the removal of console.log statements by Nuxt-Security in development mode.

Nuxt Security helps you ship safer applications by removing console.log statements when the removeLoggers option is set to true, which is the default value.
However, removing console.log statements by default also in development mode is causing our users to search why their logs are disappearing.

With this release, removeLoggers only removes console.log statements in production builds.

What's Changed

• fix(core): do not remove loggers in dev mode by @vejja in #561

Full Changelog: v2.1.1...v2.1.2

🛠️ Hotfix Release : Node 18 Compatibility

This hotfix release re-introduces support for Node 18.
Node 18 is the minimum requirement for all Nuxt 3 applications.

Full Changelog: v2.1.0...v2.1.1