# 1.4.3

**Software Release Date**: 17 September, 2024

**Summary**:

In this release, the Gateway now includes the HSTS header in the GET / endpoint, which was missing in version 1.4.1. For the Portal, the default nginx configuration has been updated to hide version information by setting server\_tokens off. The Content-Security-Policy has been revised to allow specific sources, ensuring better security. Additionally, a fix was applied to the add\_header Content-Security-Policy command to correct its arguments, and new security headers have been added to the nginx configuration.

## Gateway

* HSTS header also added to `GET /` (was not included in 1.4.1).

## Portal

* **Changed:**
  * `Content-Security-Policy` value changed to `default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.meeco.me *.meeco.cloud *.svx.exchange *.securevalueexchange.com *.windows.net *.amazonaws.com *.google.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net`.
* **Added:**
  * `nginx` default config added with `server_tokens off` so that nginx version information is not returned via `Server` header value.
  * Security headers to 'ngix' config.
* **Fixed:**
  * `add_header Content-Security-Policy` called with correct number of arguments.