Breaking changes
- Some security fixes for Giraffe - Credits @Thorium
- New handlers added to improve security aspects, like
safeRedirectTo,safeRedirectToExt,validateCsrfTokenExtand more. Those deal with:- URL validation in
redirectToto prevent cross-site scripting (XSS) - Cross-Site Request Forgery (CSRF) token validation helpers
- URL validation in
- XML serializer's
Deserialize<'T>(xml: string)method now uses a configuration to prevent XXE attacks.
- New handlers added to improve security aspects, like
- Remove [<AllowNullLiteral>] attribute from Json.ISerializer and Xml.ISerializer - Credits @64J0
- With the release of .NET 9 we have nullable reference types.
- When this feature is enabled (
<Nullable>enable</Nullable>), our users started running into problems that boils down toJson.ISerializerhaving theAllowNullLiteralattribute. - Due to it, we decided to remove this attribute from both the
Json.ISerializerand theXml.ISerializer.- New automated tests were added to assert that the serializers are still working properly.
- We also updated some sample projects to use this feature.
Other updates
- Remove Obsolete from redirectTo - Credits @kerams
- Could we avoid allocation of UTF8 byte array? - Credits @Thorium
- Update fsharp-analyzers and the analyzer packages - Credits @Numpsy
- Improve JSON docs - Credits @64J0
- Add issue templates - Credits @64J0
- Enhance routef support for named parameters and improve documentation - Credits @RJSonnenberg
- Fix assembly version
- Add GitHub dependabot configuration - Credits @64J0
- Add global rate limiting sample - Credits @64J0
- Add OpenApi section to the documentation - Credits @64J0
- Add AssemblyVersion attribute - Credits @64J0
- Add more links - Credits @64J0
- Code scanning fix patches - Credits @64J0
- Add .NET 9 as target framework, fine-tune dependabot, update CI and clean tests removing .NET 6/7 from target frameworks - Credits @64J0
- [Alpha] Add Endpoint routing functions ...WithExtensions - Credits @64J0
Contributors
Thorium, Numpsy, and 3 other contributors