You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+24Lines changed: 24 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,6 +23,30 @@ After a release, please make sure to run `bundle exec rake update_changelog`. Th
23
23
24
24
Changes since the last non-beta release.
25
25
26
+
#### New Features
27
+
28
+
-**Server Bundle Security**: Added new configuration options for enhanced server bundle security and organization:
29
+
-`server_bundle_output_path`: Configurable directory (relative to the Rails root) for server bundle output (default: "ssr-generated"). If set to `nil`, the server bundle will be loaded from the same public directory as client bundles.
30
+
-`enforce_private_server_bundles`: When enabled, ensures server bundles are only loaded from private directories outside the public folder (default: false for backward compatibility)
31
+
32
+
-**Improved Bundle Path Resolution**: Bundle path resolution for server bundles now works as follows:
33
+
- If `server_bundle_output_path` is set, the server bundle is loaded from that directory.
34
+
- If `server_bundle_output_path` is not set, the server bundle falls back to the client bundle directory (typically the public output path).
35
+
- If `enforce_private_server_bundles` is enabled:
36
+
- The server bundle will only be loaded from the private directory specified by `server_bundle_output_path`.
37
+
- If the bundle is not found there, it will *not* fall back to the public directory.
38
+
- If `enforce_private_server_bundles` is not enabled and the bundle is not found in the private directory, it will fall back to the public directory.
39
+
- This logic ensures that, when strict enforcement is enabled, server bundles are never loaded from public directories, improving security and clarity of bundle resolution.
40
+
41
+
#### Security Enhancements
42
+
43
+
-**Private Server Bundle Enforcement**: When `enforce_private_server_bundles` is enabled, server bundles bypass public directory fallbacks and are only loaded from designated private locations
44
+
-**Path Validation**: Added validation to ensure `server_bundle_output_path` points to private directories when enforcement is enabled
45
+
46
+
#### Bug Fixes
47
+
48
+
-**Non-Packer Environment Compatibility**: Fixed potential NoMethodError when using bundle path resolution in environments without Shakapacker
0 commit comments