astro@5.15.5
📦 astroView on GitHub →
🐛 3 fixes🔧 6 symbols
Summary
This patch release focuses on security hardening for X-Forwarded headers, fixes environment variable inlining in server builds, and improves the experimental Fonts API.
Migration Steps
- Ensure 'allowedDomains' is correctly configured in your Astro settings if running behind a reverse proxy to accommodate stricter X-Forwarded header validation.
🐛 Bug Fixes
- Fixed an issue where build-time process.env variables were incorrectly inlined into the server output.
- Improved fallback generation for the experimental Fonts API.
- Enhanced security for X-Forwarded header validation (Proto, Host, Port) to prevent cache poisoning and header injection attacks.
🔧 Affected Symbols
process.envexperimental.fontsX-Forwarded-ProtoX-Forwarded-HostX-Forwarded-PortallowedDomains