diff --git a/CHANGELOG.md b/CHANGELOG.md index 809b4ea9..1c8d7af0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## 3.1.1 Bug fix for regression + +See https://github.com/twitter/secureheaders/pull/235 + +`idempotent_additions?` would return false when comparing `OPT_OUT` with `OPT_OUT`, causing `header_hash_for` to return a header cache with `{ nil => nil }` which cause the middleware to blow up when `{ nil => nil }` was merged into the rack header hash. + +This is a regression in 3.1.0 only. + +Now it returns true. I've added a test case to ensure that `header_hash_for` will never return such an element. + ## 3.1.0 Adding secure cookie support New feature: marking all cookies as secure. Added by @jmera in https://github.com/twitter/secureheaders/pull/231. In the future, we'll probably add the ability to whitelist individual cookies that should not be marked secure. PRs welcome. diff --git a/secure_headers.gemspec b/secure_headers.gemspec index 6a50c6a5..0f054d65 100644 --- a/secure_headers.gemspec +++ b/secure_headers.gemspec @@ -1,7 +1,7 @@ # -*- encoding: utf-8 -*- Gem::Specification.new do |gem| gem.name = "secure_headers" - gem.version = "3.1.0" + gem.version = "3.1.1" gem.authors = ["Neil Matatall"] gem.email = ["neil.matatall@gmail.com"] gem.description = 'Security related headers all in one gem.'