Bot releases are visible (Hide)
Published by tubbo almost 5 years ago
Recently, Rack was updated to v2.0.8 to address a session hijack vulnerability by way of a timing attack. This change provides support for the newest version of Rack. Shoutouts to @le0pard for being on it and getting it through the goalpost.
This also adds support for storing a user's personal session data in a signed/encrypted cookie on the client, similarly to the CookieStore that comes out of ActionPack. We've had this released for a while as v2.1.0.pre. To enable this feature, use the signed: true option in your session store setup.
Published by tubbo about 5 years ago
This adds support for storing a user's personal session data in a signed/encrypted cookie on the client, similarly to the CookieStore that comes out of ActionPack. To enable this feature, use the signed: true option in your session store setup. We're releasing this as a prerelease version in order to see how this fares in the wild before doing a full release to the general public, so give it a whirl for us!
Published by tubbo about 5 years ago
This just bumps the version constraint so we are now supporting Rails 6.
Published by tubbo almost 8 years ago
This should prevent users from having to specify each individual redis-store gem in Gemfile. You can now replace those calls with:
gem 'redis-rails', '~> 5.0.0'
