NancyFx changelog

Lightweight, low-ceremony, framework for building HTTP based services on .Net and Mono. Note: This project is no longer maintained and has been archived.

All Versions

10

Latest Version

Avg Release Cycle

197 days

Latest Release

2125 days ago

Changelog History

v2.0.0
June 30, 2018
v2.0.0-clinteastwood
December 22, 2016
v2.0.0-barneyrubble
July 12, 2016
v2.0.0-alpha
March 22, 2016
v1.4.4 Changes
July 20, 2017
🚀 Security Issue in JSON deserialization used by CSRF cookie handling. Removed use of JSON (de)serialization in Csrf.cs, to prevent a possible remote code execution vulnerability. Thanks to Alvaro Muñoz and Alexandr Mirosh from Hewlett-Packard Enterprise Security for pointing out this flaw. Affected versions are all Nancy 1.x releases and all pre-release candidates of 2.x up to and including 2.0-clinteastwood. The new CRSF cookie will not be backwards compatible with cookies that was generated with earlier versions.
⬆️ All 1.x users are advised to upgrade to 1.4.4
🏗 All 2.x users are advised to use a build from our MyGet feed until 2.0-dangermouse has been published to NuGet

🍱 ℹ️ Be advised that you have had to explicitly enable CSRF support, by calling CSRF.Enable(...), to be affected by this vulnerability.
v1.4.3
December 21, 2015
v1.4.2
November 23, 2015
v1.4.1
November 05, 2015
v1.4.0
October 29, 2015
v1.3.0
September 25, 2015

Awesome .NET is part of the LibHunt network. Terms. Privacy Policy.