Closed EvanHahn closed 3 years ago
Hi @EvanHahn, thank you so much for reaching out! Should I expect some security issue alongside which might force a quick release, or is it just a routine release? Is this a breaking change as the major version seems to indicate? Even if it's a breaking change, depending on the defaults of Server.js it might still be non-breaking, so would love to read a bit about the changes. Is v4 the "Unreleased" notice here?
At a high level: Helmet 4 changes some defaults and removes some deprecated middlewares and options. There's a minor security boost for old browsers with the X-XSS-Protection
header.
You can see more detail in https://github.com/helmetjs/helmet/pull/197.
I'm happy to figure out whether this is a breaking change for you if helpful!
Sorry I don't have the time/energy to do this right now, might revisit in the future
I'm the maintainer of Helmet. I plan to release the next major version this Sunday, 2020-08-22.
Is there anything I can do to help get this project upgraded to
helmet@4
?If you'd like to try out the release candidate now, you can install it with
npm install helmet@next
. If you'd rather discuss things outside of this issue, feel free to reach out to me another way.Hope I can be helpful!