# GD Security Headers

## Changelog

### Version: 1.9 / may 12 2026

* **new** tested with WordPress up to 7.0
* **edit** improved import data sanitization
* **edit** improvements to the echo of escaped values
* **edit** sanitize user_agent on input before storing it
* **edit** d4pLib 2.8.20
* **fix** XSS vulnerability via user_agent

### Version: 1.8 / june 7 2024

* **new** system requirements: PHP 7.4 or newer
* **new** tested with WordPress 6.4 to 6.6
* **new** strict transport security: extra value for 'preload' flag
* **edit** updated list of permissions policy elements
* **edit** updated permissions policy, Browsing Topics replacing FLoC
* **edit** added more information for some settings
* **edit** changes to default values for some settings
* **edit** d4pLib 2.8.17

### Version: 1.7.1 / october 29 2023

* **edit** improvements to the CSP logs panel input processing
* **edit** improvements to the CSP logs panel arguments sanitization
* **edit** improvements to the log classes PHP code
* **fix** union based SQL injection vulnerability with the CSP logs panel

### Version: 1.7 / august 24 2023

* **new** system requirements: PHP 7.3 or newer
* **new** tested with WordPress 6.0 to 6.3
* **edit** various improvements to display escaping and sanitation
* **edit** various improvements to the core code
* **edit** d4pLib 2.8.15
* **fix** reflected XSS vulnerability with error message handling