5.1.1

• nette/application 3.2.2 compatibility
• SecuredComponents marked deprecated (replaced by upstream support since nette/application 3.2.2)

5.1.0

• Drop support for PHP <8.1
• Use public readonly properties to simplify the attribute classes
• Drop useless annotations
• PHP 8.3 compatibility

5.0.2

• Support nette/utils 4

5.0.1

• PHP 8.2 compatibility

5.0.0

• Added support for Role and Resource objects (mostly useful in combination with native PHP enums)
• Drop deprecated usage of Doctrine annotations (BC break)
• Drop deprecated shape of Role attribute constructor with roles list passed as array (BC break)

4.3.0

• Explicitly restrict maximum supported PHP version in composer.json
• Drop PHP 7.4 support
• Deprecate usage of Doctrine annotations, use native PHP attributes instead
• Change Role attribute constructor signature to variadic parameter, passing multiple rows as single array argument is deprecated

4.2.0

• PHP 8.1 compatibility.

4.1.0

• PHP 8.0 compatiblity.
• PHP attributes support:
  • Security metadata can be now specified via standard PHP attribute syntax (supported on PHP >= 8.0).
  • PHP attributes are preferred over legacy PHP DocBlock annotations. Next major version will support PHP attributes only.
• Bundled annotations are now explicitly limited to class and method usage.
• Bundled annotations now define getters for all properties, direct access to public properties is considered deprecated and will be removed in next major version.
• New configuration option enableDoctrineAnnotations (true by default). Set it to false to disable legacy PHP DocBlock annotations support and test the application with PHP attributes only.

4.0.0

Backward incompatible changes

• Annotation parsing rewritten from obsolete nette/reflection to doctrine/annotations. This changes how the security annotations are written, as well as how validators receive the parsed data.
• Public API changes of AccessValidator: parsed annotation data are received as object, added method that specifies the supported annotation name.
• Removed interface and trait name prefixes: IAccessValidator -> AccessValidator, TSecuredComponents -> SecuredComponents, TSecurityAnnotations -> SecurityAnnotations.
• RequirementsChecker must be explicitly injected into presenters and components.
• Removed SameSiteValidator - signals are protected by default in Nette 3.
• Removed the possibility to dynamically configure validators used by RequirementsChecker.
• Dropped support for custom exception messages in default validators.

3.1.0

• Requires PHP >=7.4.
• Uses native property typehints.