Stott Security 1.2

[GeekInTheNorth]

The following change s will been implemented and will be coming in version 1.2.0.0

• Update the Violation Report source conversion to add additional options for source and directive. #121
  • script-src-elem violations will allow you to add the new permissions for either script-src-elem or script-src
  • script-src-attr violations will allow you to add the new permissions for either script-src-attr or script-src
  • style-src-elem violations will allow you to add the new permissions for either style-src-elem or style-src
  • style-src-attr violations will allow you to add the new permissions for either style-src-attr or style-src
  • child-src violations will allow you to add the new permissions for either frame-src (Preferred) or child-src
  • frame-src violations will allow you to add the new permissions for either frame-src (Preferred) or child-src
  • Sources will be offered as the full domain or with the first or second domain components replaced with the * placeholder
• Directives containing the 'none' keyword should ONLY contain the 'none' keyword #114
  • Source modal will now show a warning detailing the behaviour of the 'none' keyword as a source.
  • When generating the CSP, directives which would contain the 'none' keyword will only contain the 'none' keyword.
• Move setting of upgrade-insecure-requests to be a general setting #56
  • The CSP Settings screen now has an option to include the upgrade-insecure-requests header.
  • A warning will be shown stating that this directive should only be enabled if there are legacy http only requests within the site.
• Update scheduled job name #117
  • The scheduled job for clearing down CSP violations has been renamed to "[Stott Security] Violation Report Clean Up"
• An exception is thrown gracefully when the CSP is added to the headers more than once. #119
  • Correct the middleware so that the security headers are updated if already existing rather than throwing an error.
• Update default CSP Sources in line with CMS 12.18.0 #123
  • Update default CSP sources that are generated if none exist.

---

This discussion was created from the release Stott Security 1.2.0.0.

[GeekInTheNorth]

Hotfix 1.2.1:

• Reporting script is not allowed to be accessed anonymously #127
  • Correct permissions for the pulling the reporting script as this was requiring an authorised user.

[GeekInTheNorth]

Hotfix 1.2.2

• Correct scrolling error caused by CMS 12.22.0 #129
  • Optimizely CMS 12.22.0 introduced a new menu system. This unfortunately has broken scrolling on many third party plugins including this one.
  • Please note dependencies have been updated to CMS 12.22.1 as part of targeting the new UI updates.