Workarea 3.4.24

Patch release notes for Workarea 3.4.24.

Rack >= 2.0.8 adds the idea private/public session IDs to prevent timing attacks where a session ID can be stolen. This is big for sessions stored in databases because the session can then be stolen.

Workarea only supports a cookie session store, so we can continue to safely use the cookie value of the session ID for metrics lookups.

You can learn more about the Rack vulnerability here: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Pull Requests

Now on GitHub