Changelog History
-
v2.0.0
June 30, 2018 -
v2.0.0-clinteastwood
December 22, 2016 -
v2.0.0-barneyrubble
July 12, 2016 -
v2.0.0-alpha
March 22, 2016 -
v1.4.4 Changes
July 20, 2017🚀 Security Issue in JSON deserialization used by CSRF cookie handling. Removed use of JSON (de)serialization in Csrf.cs, to prevent a possible remote code execution vulnerability. Thanks to Alvaro Muñoz and Alexandr Mirosh from Hewlett-Packard Enterprise Security for pointing out this flaw. Affected versions are all Nancy
1.x
releases and all pre-release candidates of2.x
up to and including2.0-clinteastwood
. The new CRSF cookie will not be backwards compatible with cookies that was generated with earlier versions.⬆️ All
1.x
users are advised to upgrade to1.4.4
🏗 All
2.x
users are advised to use a build from our MyGet feed until2.0-dangermouse
has been published to NuGet🍱 ℹ️ Be advised that you have had to explicitly enable CSRF support, by calling
CSRF.Enable(...)
, to be affected by this vulnerability. -
v1.4.3
December 21, 2015 -
v1.4.2
November 23, 2015 -
v1.4.1
November 05, 2015 -
v1.4.0
October 29, 2015 -
v1.3.0
September 25, 2015