Skip to content
= Release v0.1.2 =

*All release tags are signed, and release packages are also signed*.
*Always check signatures prior using this software*.

== Changed ==

* BREAKING CHANGE: Cookie data is now set in the state as the
  CookieData object, which also holds any exception thrown by
  Blake2Signer. This is breaking because any previous implementation
  has to be adapted to use this new object.
* When the cookie is empty, the middleware's `unsign` method is no
  longer called, and state data is set to null. Previously, it was
  called with an empty string causing an exception, which set the state
  data to null, so the outcome remains the same.
* If the new state data is null, the cookie won't be written. To
  overwrite an existing cookie with empty data, just use an empty value
  instead (empty string, empty dict, etc). This hasn't actually
  changed, so this is just a clarification on how it was already

== Security ==

* Implement `minisign` [1] to sign all release packages, and tags
  (using `git-minisign` [2]), instead of `gpg` [3].