From 0624fd2625a6dded459a7cfd8f1bfdcc985b63cd Mon Sep 17 00:00:00 2001
From: Rahul Zhade <rzhade3@users.noreply.github.com>
Date: Mon, 14 Oct 2024 14:19:04 -0400
Subject: [PATCH] Upgrade version and docs

---
 docs/upgrading-to-7-0.md      | 12 ++++++++++++
 lib/secure_headers/version.rb |  2 +-
 secure_headers.gemspec        |  2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 docs/upgrading-to-7-0.md

diff --git a/docs/upgrading-to-7-0.md b/docs/upgrading-to-7-0.md
new file mode 100644
index 00000000..38e93513
--- /dev/null
+++ b/docs/upgrading-to-7-0.md
@@ -0,0 +1,12 @@
+## X-Xss-Protection is set to 0 by default
+
+Version 6 and below of `secure_headers` set the `X-Xss-Protection` to `1; mode=block` by default. This was done to protect against reflected XSS attacks. However, this header is no longer recommended (see https://github.com/github/secure_headers/issues/439 for more information).
+
+If any functionality in your app depended on this header being set to the previous value, you will need to set it explicitly in your configuration.
+
+```ruby
+# config/initializers/secure_headers.rb
+SecureHeaders::Configuration.default do |config|
+  config.x_xss_protection = "1; mode=block"
+end
+```
\ No newline at end of file
diff --git a/lib/secure_headers/version.rb b/lib/secure_headers/version.rb
index b65e0a07..a0286e39 100644
--- a/lib/secure_headers/version.rb
+++ b/lib/secure_headers/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SecureHeaders
-  VERSION = "6.5.0"
+  VERSION = "7.0.0"
 end
diff --git a/secure_headers.gemspec b/secure_headers.gemspec
index 4880c3ff..af0e2187 100644
--- a/secure_headers.gemspec
+++ b/secure_headers.gemspec
@@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
   gem.description   = 'Add easily configured security headers to responses
     including content-security-policy, x-frame-options,
     strict-transport-security, etc.'
-  gem.homepage      = "https://github.com/twitter/secureheaders"
+  gem.homepage      = "https://github.com/github/secure_headers"
   gem.license       = "MIT"
   gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }