- Developers can now use the RouteWebRequestEvent to cancel the loading of web requests
- FuzeWorks\Input now starts the PHP session, which is required for some dependencies
- CSRF Verification is now functional again
- CSRF throws CSRFException
- XSS clean can now be disabled in the config globally. Once disabled, this can't be overridden
- X-Powered-By header is now always suppressed
- WebComponent now assigns global variables to the LayoutEngine.
- CSRF Exceptions can be handled by a view, if this one implements the securityExceptionHandler() method
- Error403 page added