Skip to content

5.0.0
Compare
Choose a tag to compare
@Ocramius Ocramius released this 06 Aug 08:17
· 1322 commits to 9.3.x since this release
5.0.0
This tag was signed with the committer’s verified signature.
Ocramius Marco Pivetta
GPG key ID: 4167D3337FD9D629
Learn about vigilant mode.
7959dca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Build Status

This release improves the security of the library by preventing most session-related
CSRF attacks on unsafe HTTP methods (such as POST, PUT, etc.) by introducing a
SameSite=Lax cookie policy when using the PSR7Sessions\Storageless\Http\SessionMiddleware
defaults.

The addition of SameSite=Lax counts as a BC break, since cross-domain POST requests will no
longer transmit the session cookie: if you rely on that, be sure to customise the
SessionMiddleware constructor parameters with your own cookie blueprint.

In addition to these changes, following has been introduced:

  • The minimum supported PHP version is now 7.2.0
  • Static analysis was added to the build pipeline
  • Test suite and mutation test suite were upgraded
Assets 2
Loading