This is a security release for nosurf. It mainly addresses CVE-2025-46721.

This release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read the documentation on nosurf's trusted origin checks before upgrading.