Rack v2.2.3 Release Notes

Release Date: 2020-06-15 // over 1 year ago
  • 🔒 Security

    • [CVE-2020-8184] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing cookie names that require URL encoding with decoded name no longer works. (@fletchto99)

Previous changes from v2.2.2

  • 🛠 Fixed

    • 🛠 Fix incorrect Rack::Request#host value. (#1591, @ioquatix)
    • ⏪ Revert Rack::Handler::Thin implementation. (#1583, @jeremyevans)
    • ⚠ Double assignment is still needed to prevent an "unused variable" warning. (#1589, @kamipo)
    • 🛠 Fix to handle same_site option for session pool. (#1587, @kamipo)