Released version 2.4.10

• Request, HttpExtension: added sameSite protection
• Session: added support for SameSite cookie
• Response::setCookie() supports SameSite
• SessionExtension: cookieSecure can be 'auto'
• Response: removed removeDuplicateCookies() #139
• HttpExtension: added option cookieSecure; allowed values are: true, false, auto
• HttpExtension: allows bools in CSP policy
• HttpExtension: fixed quotating in sections require-sri-for & sandbox #143
• HttpExtension: added Feature-Policy header #142
• HttpExtension: renamed csp-report to cspReportOnly (BC break)
• fixed compatibility with PHP 7.3

For the details you can have a look at the diff.