Sherlock

Changed

• A custom log target is now only registered if a dispatcher exists.
• The content security policy is now applied as early as possible in the initialisation process.

Fixed

• Fixed an error that could occur if a plugin update had no associated release date (#45).

Added

• Added the TestsService::EVENT_BEFORE_RUN_TESTS event that can be used to override the Guzzle client (#43).

Added

• Added the BaseIntegration::BEFORE_RUN_INTEGRATION event that can be used to modify the configuration or cancel the running of an integration.

Changed

• The front-end HTTPS redirect test no longer results in an error if the web server blocks insecure requests.

Changed

• Updated the supported PHP version test to include 8.2.

Changed

• The Control Panel test no longer results in an error if the web server blocks insecure requests.
• Updated the supported PHP version test to list the most recent 8.x versions.
• Changed the Rollbar integration to reference the config service environment instead of the environment constant.

Fixed

• Fixed a broken changelog link in the Craft updates test.

Changed

• Changed the HTTP error code from 503 to 403 when access to the site is denied (#36).

Removed

• Removed the test for Expect-CT headers, since it became obsolete in June 2021 (source).

Added

• Added a test for the Send Powered By Header config setting.

Changed

• Improved the Strict-Transport-Security Header test.

Changed

• Element queries are now deferred, avoiding potential issues with element queries being executed before Craft has fully initialised.

Added

• Added compatibility with Craft 4.
• Added Referrer-Policy to default headers.