All Versions
Latest Version
Avg Release Cycle
197 days
Latest Release
2121 days ago

Changelog History

  • v2.0.0

    June 30, 2018
  • v2.0.0-clinteastwood

    December 22, 2016
  • v2.0.0-barneyrubble

    July 12, 2016
  • v2.0.0-alpha

    March 22, 2016
  • v1.4.4 Changes

    July 20, 2017

    🚀 Security Issue in JSON deserialization used by CSRF cookie handling. Removed use of JSON (de)serialization in Csrf.cs, to prevent a possible remote code execution vulnerability. Thanks to Alvaro Muñoz and Alexandr Mirosh from Hewlett-Packard Enterprise Security for pointing out this flaw. Affected versions are all Nancy 1.x releases and all pre-release candidates of 2.x up to and including 2.0-clinteastwood. The new CRSF cookie will not be backwards compatible with cookies that was generated with earlier versions.

    ⬆️ All 1.x users are advised to upgrade to 1.4.4

    🏗 All 2.x users are advised to use a build from our MyGet feed until 2.0-dangermouse has been published to NuGet

    🍱 ℹ️ Be advised that you have had to explicitly enable CSRF support, by calling CSRF.Enable(...), to be affected by this vulnerability.

  • v1.4.3

    December 21, 2015
  • v1.4.2

    November 23, 2015
  • v1.4.1

    November 05, 2015
  • v1.4.0

    October 29, 2015
  • v1.3.0

    September 25, 2015