dfinity · ericswanson-dfinity · Aug 26, 2023 · Aug 25, 2023 · Aug 25, 2023 · Aug 25, 2023
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -57,9 +57,10 @@ jobs:
           rustup default ${{ matrix.rust }}
           cargo install --force --version ${{ matrix.cargo-audit }} cargo-audit --locked
       - name: Audit
+        # ignores RUSTSEC-2020-0071 because it is 'only' in a dev dependency (ic-certified-responses -> ic-types -> chrono -> time)
         run: |
           cd sdk
-          cargo audit --no-fetch --db "${GITHUB_WORKSPACE}"/advisory-db
+          cargo audit --no-fetch --db "${GITHUB_WORKSPACE}"/advisory-db --ignore RUSTSEC-2020-0071
         env:
           RUST_BACKTRACE: 1
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,32 @@
 # dfx changelog
 
+# 0.14.4
+
+## DFX
+
+### fix: added https://icp-api.io to the default Content-Security-Policy header
+
+Existing projects will need to change this value in .ic-assets.json or .ic-assets.json5 to include https://icp-api.io
+
+All projects will need to redeploy.
+
+### fix: access to raw assets is now enabled by default
+
+The default value for `allow_raw_access` is now `true`.  This means that by default, the frontend canister will no longer restrict the access of traffic to the `<canister-id>.raw.icp0.io` domain, and will no longer automatically redirect all requests to the certified domain (`<canister-id>.icp0.io`), unless configured explicitly.
+
+Note that existing projects that specify `"allow_raw_access": false` in .ic-assets.json5 will need to change or remove this value manually in order to allow raw access.
+
+## Dependencies
+
+### Updated candid to 0.9.0
+
+### Updated cdk-rs to 0.10.0
+
+### Frontend canister
+
+- Module hash: d5c324fea6b0f8eaa9feede10b342b098f7cf64682e168e58fa2ca2bf028b96f
+- https://github.com/dfinity/sdk/pull/3327
+
 # 0.14.3
 
 ## Dependencies
@@ -12,8 +39,6 @@ This removes a dependency on OpenSSL in order to avoid spurious errors that refe
 
 # 0.14.2
 
-Note: Canister http functionality is broken.  Do not release dfx until this is corrected.  See https://dfinity.atlassian.net/browse/SDK-1129
-
 ## DFX
 
 ### feat: deprecate `dfx bootstrap` and `dfx replica` commands