This release requires Erlang/OTP 25+.
put_secure_browser_headers has been updated to the latest security practices. In particular, it sets the content-security-policy header to "base-uri 'self'; frame-ancestors 'self';" if none is set, restricting embedding of your application and the use of <base> element to same origin respectively. If you expect your application to be embedded by third-parties, you want to consult the documentation.
The deprecated headers x-download-options and x-frame-options are no longer set.
The CHANGELOG for v1.7 releases can be found in the v1.7 branch.