Released version 3.3.1

• support for PHP 8.4
• FileUpload::getSanitizedName() changes the extension only for image files #239
• RequestFactory: extract port from x-forwarded-host (#230)
• FileUpload: Initialize properties (#235)(#195)
• Session: keep exceptions chain on session_start (#240)
• Session: SessionSection class template annotation #225
• IResponse: added DateTimeInterface to setCookie $expire param (#237)
• readonly properties

Released version 3.3.0

• requires PHP 8.1
• uses PHP 8.1 features

Released version 3.2.4

• FileUpload: added getSuggestedExtension()
• RequestFactory: unify and fix host parsing (#229)

Released version 3.2.3

• support for PHP 8.3
• FileUpload: detects supported images
• RequestFactory: fixed port detection when HTTP_HOST & SERVER_PORT are used #223
• removed fix for IE

Released version 3.2.2

• SessionExtension: don't set readAndClose if null (#213)
• Improved https recognition behind load balancer (#221)
• RequestFactory: fix X-Forwarded-Host mixup with remote host (#222)
• RequestFactory: performance optimization #220
• RequestFactory: fixed filter detection
• Url: host can end with dot #198
• added Session::getSectionNames(), replacement for getIterator()

Released version 3.1.8

• SessionExtension: don't set readAndClose if null (#213)
• Improved https recognition behind load balancer (#221)
• RequestFactory: fix X-Forwarded-Host mixup with remote host (#222)
• RequestFactory: performance optimization
• RequestFactory: fixed filter detection
• Url: host can end with dot #198

Released version 3.2.0

BC break:

• RequestFactory: removed HTTP authentication credential from Url to prevent leak it (#211 #215)

$httpRequest->getUrl()->getUser() + getPassword()
// changed to 
[$user, $pass] = $httpRequest->getBasicCredentials();

New features:

• Request: added getBasicCredentials()
• Url, UrlImmutable: added getDefaultPort()
• RequestFactory::getHeaders() recreates Authorization header
• support for full_path upload (#207 #212)
• HttpExtension: dynamic options cookiePath, cookieDomain, cookieSecure (#216)
• constants are PascalCase

Deprecations:

• IRequest::getRemoteHost() is silently deprecated (#218)
• SessionSection: magic accessors & ArrayAccess are silently deprecated
• Session::getIterator() is deprecated

Released version 3.1.7

• support for PHP 8.2
• Request::getReferer() is deprecated #210
• cs

Released version 3.1.6

• added Request::getOrigin()
• RequestFactory: support for PHP built-in web server nette-examples/user-authentication#3
• coding style

Released version 3.1.5

• SessionExtension: added values 'always' & 'never' for option 'autoStart'
• Session: option 'autoStart' controls auto start on reading or writing (BC break)
• Session: added autoStart() to prevent session files from being created when the session id is spoofed
• SessionSection: remove() is not writing operation
• SessionSection: added methods set(), get(), remove()
• Session: refactoring
• Session: cleaning is done in __destruct
• Session: don't send session cookie twice
• Session: don't regenerate ID in readAndClose mode
• Session: added events $onStart & $onBeforeWrite
• Session: fixed condition in clean()