withastro/astro
withastro/astro
Activity
Last release
Open issues
Open PRs
License
release notes
release notes
Published 11/10/2025
Safe upgrade#14712 91780cf Thanks @florian-lefebvre! - Fixes a case where build's process.env would be inlined in the server output
#14713 666d5a7 Thanks @florian-lefebvre! - Improves fallbacks generation when using the experimental Fonts API
#14743 dafbb1b Thanks @matthewp! - Improves X-Forwarded header validation to prevent cache poisoning and header injection attacks. Now properly validates X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port headers against configured allowedDomains patterns, rejecting malformed or suspicious values. This is especially important when running behind a reverse proxy or load balancer.
release notes
Published 11/10/2025
Safe upgrade#14712 91780cf Thanks @florian-lefebvre! - Fixes a case where build's process.env would be inlined in the server output
#14713 666d5a7 Thanks @florian-lefebvre! - Improves fallbacks generation when using the experimental Fonts API
#14743 dafbb1b Thanks @matthewp! - Improves X-Forwarded header validation to prevent cache poisoning and header injection attacks. Now properly validates X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port headers against configured allowedDomains patterns, rejecting malformed or suspicious values. This is especially important when running behind a reverse proxy or load balancer.
The web framework for content-driven websites. ⭐️ Star to support our work!