2.2.0

• Add CSP report filter
• Fix Twig 2 support

Version 2.1.0

• Add support for Referrer Policy
• Content-Security-Policy header can now be disabled
• Fix encrypter deprecation
• Run the test suite on PHP 7.1
• Run the test suite with lowest dependencies

2.0.4

• Enable manifest-src directive for Chrome, Opera and Firefox

2.0.3

• Fix deprecation warning with latest Twig 1.x

2.0.2

• Fix typo in the ALLOW-FROM implementation
• Update browser_adaptive configuration. Allow custom adapters
• Add Doctrine Cache and Psr Cache adapters for caching UA family parser

2.0.1

• Fix CookieSessionHandler::open that should return true unless there's an error

2.0.0

• Add support for Content-Security-Policy Level 2 directives
• Add support for Content-Security-Policy Level 2 signatures (nonce and message digest)
• Add browser adaptive directives - do not send directives not supported by browser - via browser_adaptive parameter
• Allow report-uri to be defined as a scalar
• Deprecate encrypted cookie support due to high coupling to the deprecated mcrypt extension
• Drop backward-compatibility with first deprecated CSP configuration

1.10.0

• Added ability to restrict forced_ssl capability to some hostnames only
• Fixed Symfony 3 compatibility

1.9.1

• BugFix: Fix LoggerInterface type hints to support PSR-3 loggers and not only Symfony 2.0 loggers

1.9.0

• Add Symfony 3 compatibility
• external_redirects definition can now contains full URL
• Allow dynamic CSP configuration
• BugFix: Fix clickjacking URL normalization when containing dash and no underscore