You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+7Lines changed: 7 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
5
5
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
8
+
## [0.2.32] - 2026-02-07
9
+
10
+
### Fixed
11
+
-**HSTS false positive**: `security_headers on;` (ngx_security_headers module) is now recognized as providing HSTS — no longer flags "Missing HSTS header".
12
+
-**HSTS false positive**: `more_set_headers` setting `Strict-Transport-Security` is now recognized as providing HSTS.
13
+
-**`ssl_prefer_server_ciphers` false positive**: Inverted the check — `on` is now flagged (LOW) instead of `off` (MEDIUM). All authoritative sources (Mozilla, nginx maintainers) recommend `off` for modern cipher lists.
0 commit comments