CHANGELOG.md

6.0.0 (December 5, 2022)

• 🎉 Significant improvement on Cache-Control definition and usage
  • Cache-Control boilerplate with extensive control [#325]
• Reorder and improve cache expiration ExpiresByType map [#326]
• Add a notice for directory index with pre-compressed content [#311]
• Drop image/avif-sequence MIME type [#316]
• Improve inline comments.

5.1.0 (May 9, 2022)

• Extend default, media and font cache TTL to 1 year [5df6946]
• Support ETags at server level [7956cbc]
• Add image/x-icon compression support [69ddeda]
• Improve module checks validations [cb8ef1b]
• Improve inline comments.

5.0.0 (July 31, 2021)

• ⚠️ Breaking: End of support for Internet Explorer (X-UA-Compatible and X-XSS-Protection headers) [d1fb502]
  [22014cb]
• 🎉 Security first! Modernize TLS configuration [55c364d]
• 🎉 Security first! Refresh policies-related headers usage
  • Add Cross Origin Policies headers (COOP/COEP/CORP) [9d2cb74]
  • Add Permissions-Policy header [86494cc]
  • Make Content-Security-Policy disallow 'object-src' by default [f993710]
• Add mime-type image/jxl [da3ce54]
• Fix SSLSessionCache directive usage [64e33e8]
• Improve inline comments.

4.1.0 (January 5, 2021)

• Add mime-type image/avif and image/avifs [4ca46af]
• Fix unexpected Content-Language in pre-compressed Brotli [1f5641d]
• Added systemd module to support CentOS [5d060b0]
• Improve inline comments.

4.0.0 (April 14, 2020)

• 🎉 Server-level config! Support httpd configuration at main server level. Add httpd.conf file, vhost management, secure HTTP tweaking, etc. See the README [b50205a...c302596]
• ⚠️ Breaking: End of support for Apache httpd version 2.4.9 and below [baa9cdd]
• ⚠️ Breaking: File paths changes for the .htaccess build system [478ceab] [9cb2763]
• Rewrite, improve and update a large part of the documentation [5dc823c] [5748d26] [d8553ee] [6862ac1] [ade3659]
• Default to HSTS only over secure connections [5bbc0a1]
• Stricter default for Referrer Policy strict-origin-when-cross-origin [43bcb83]
• Add APNG (.apng) MIME type [ad25d31]
• Ensure the presence of security headings where expected [d656422] [43bcb83] [d84d94c]
• Make disabling TRACE method usable in a .htaccess file [9ae931c]
• Improve inline comments.

3.2.1 (May 8, 2019)

• Fix npm releasing [4b0ee86]

3.2.0 (May 6, 2019)

• Enhance CSP policy [f48934b]
• Common headers addition based on MIME-types instead of file extensions [a880772...64cb33d]
• Always unset X-Powered-By header [1470258]
• Support hashed asset names in cache-busting [33f8006]
• Switch application/vnd.geo+json to application/geo+json [35cbd63]
• New test system using server-configs-test [3ae257c]
• Improve inline comments.

3.1.0 (February 8, 2019)

• Remove P3P iframe cookies directives [ccce7b8]
• Add TraceEnable Off directive [0a2f70e]
• Support hashed asset names in cache-busting [33f8006]
• Allow SSL certificate set up over HTTP [54b6176..993127d]
• Rename cache expiration rules file to cache_expiration.conf to make it more generic [11690c6]
• Improve inline comments.

3.0.0 (April 16, 2018)

• ⚠️ Breaking: End of support for Apache httpd version 2.3 and below [7d296c3]
• 🎉 New build system! Configurable build and customizable generation. See the README [5896349]
• Add Referrer-Policy header template [591083e]
• Switch back .js-files and .mjs-files media-type to text/javascript [690f4ad]
• Add pre-compressed content handling template [52639ab]
• Add WebAssembly module (.wasm) MIME type [a2e7d7b]
• Improve inline comments.

2.15.0 (October 8, 2017)

• Serve .md and .markdown files as text/markdown [bfcafd3].
• Add font MIME types per RFC 8081 [20b446e].
• Mark .mjs files as JavaScript [c00975c].
• Add calendar filetype (.ics) [002a110].
• Block Mercurial .orig files [4c13648].
• Fix enforcing www/no-www with HTTPS [fc747bb].
• Drop Bower support [ee6cd75].
• Fix HTTPS enforcement rule [11e523d].
• Improve inline comments.

2.14.0 (April 4, 2015)

• Update the web app manifest file related configs [e603554].

2.13.0 (March 4, 2015)

• Remove the mapping of .manifest files to the text/cache-manifest media type [c805353].
• Remove the mapping of .php files to the text/html media type [daab35b].

2.12.0 (March 2, 2015)

• Add ServerSignature Off [#58].
• Change media types for .atom and .rss files [#50].
• Send the HSTS header even for non-2xx responses [#57].
• Add configs that remove the X-Powered-By HTTP response header [#54].
• Add expires rules for WebP [#61].

2.11.0 (October 27, 2014)

• Add configs for common media types used for .woff files [e602ae9].
• Add configs for files marked as text/x-cross-domain-policy [a0c4e17].
• Add configs for files marked as image/vnd.microsoft.icon [0ba37cb].
• Add configs for files marked as font/eot [6dae5d4].

2.10.0 (October 20, 2014)

• Add bower.json and publish on Bower [3425f72].
• Improve inline comments.
• Add configs for files marked as application/x-javascript [23793d8].
• Add configs for bitmap image files (.bmp) [77ccf9e].
• Compress vCard files (.vcard/.vcf). [a076635].
• Serve vCard files (.vcard/.vcf) with the text/vcard media type [104f232].
• Add configs for BlackBerry Maps location documents (.xloc) [20000d1].
• Add configs for BlackBerry App World files (.bbaw) [352fb62].

2.9.0 (October 15, 2014)

• Update example regarding forcing https:// [060b70c].

2.8.0 (September 13, 2014)

• Improve configs for .rdf files [742d148].
• Add example on how to allow cross-origin access to the resource's timing information [3df6768].
• Add configs for files marked as text/javascript [db69327].
• Add configs for JSON Schema files (.json) [#39].

2.7.1 (August 3, 2014)

• Update package.json and publish on npm [#33].

2.7.0 (July 28, 2014)

• Add configs for TopoJSON files (.topojson) [#34].

2.6.0 (July 3, 2014)

• Add configs for WOFF 2.0 font files (.woff2) [#32].
• Add configs for GeoJSON files (.geojson) [16d3965].

2.5.0 (June 14, 2014)

• Compress cache manifest files (.appcache/.manifest) [d819fec].
• Move all compression related configs under the Compression section [73a107e].

2.4.1 (June 7, 2014)

• Improve and update inline comments.

2.4.0 (June 3, 2014)

• Add configs for web application manifest files [#29].
• Allow access to the content from within the /.well-known/ directory [#31].
• Forbid access to .conf files.
• Add the no-transform value to the Cache-Control HTTP response header without overwriting existing values.
• Add cur, ico, svg, svgz and webp to the filename-based cache busting list.
• Add configs for text files (.txt) [b5bda65].
• Compress WebVTT files (.vtt) [0bb12c8].
• Reintroduce the filename extension to content type mappings for ico and svg [#28].

2.3.0 (April 10, 2014)

• Send X-Content-Type-Options header by default [edd912d].

2.2.0 (February 3, 2014)

• Remove example regarding persistent connections [#20].
• Improve the <FilesMatch> regular expressions.
• Add configs for JSON-LD (JSON for Linking Data) files [#17].

2.1.0 (December 31, 2013)

• Serve source map files with the application/json content-type [7d114e8].
• Make RewriteConds for example.com → www.example.com more permissive [#11].
• Add configs for Ogg Opus audio files [#13].

2.0.0 (November 12, 2013)

• Add example on how to mitigate reflected (a.k.a non-persistent) XSS attacks [#8].
• Add example on how to provide clickjacking protection [#8].
• Add example on how to reduce MIME type security risks [#8].
• Add configs for cursor images (.cur) [a795fff].
• Fix backup and source file blocking for Apache v2.3+ [#5].
• Remove filename extension to content type mappings that are already provided by Apache v2.2.0+ [#4].
• Improve inline comments.
• Remove screen flicker fix required by IE 6 [#3].

1.1.0 (July 27, 2013)

• Remove Chrome Frame HTTP header hint.

1.0.0 (July 27, 2013)