This release adds support for Rack v2.0.8+, which was released a few weeks ago to address a session hijack vulnerability caused by a timing attack on the session store. Major shoutouts to @le0pard for implementing it and all of the reviewers who contributed suggestions and comments. If you use Redis to store your Rack session, you'll want to update redis-rack
and possibly redis-actionpack
if you're using Rails as well.