tokuhirom's Blog

[Security Notice] Amon2, HTTP::Session2 security updates

Last week, I shipped Amon2 and HTTP::Session2 includes security fix.

[Must] Update "secret" if you are using HTTP::Session2::ClientStore

Amon2::Flavor::* generates the 'secret'. If your are using generated value, You MUST update it.

[Recommended] Update each libraries.

I recommend to update Amon2, HTTP::Session, HTTP::Session2 to the latest version.

[Recommended] Switch HTTP::Session2::ClientStore2 from HTTP::Session2::ClientStore

For reducinng security risk.

[Must] Update HTTP::Session2 if you are using ClientStore

It includes security fix.

[Recommended] Update HTTP::Session2 if you are using ServerStore

It includes security fix.