Rack v2.2.3 Release Notes

Release Date: 2020-06-15 // over 1 year ago
  • ๐Ÿ”’ Security

    • [CVE-2020-8184] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing cookie names that require URL encoding with decoded name no longer works. (@fletchto99)

Previous changes from v2.2.2

  • ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix incorrect Rack::Request#host value. (#1591, @ioquatix)
    • โช Revert Rack::Handler::Thin implementation. (#1583, @jeremyevans)
    • โš  Double assignment is still needed to prevent an "unused variable" warning. (#1589, @kamipo)
    • ๐Ÿ›  Fix to handle same_site option for session pool. (#1587, @kamipo)