[SECURITY]
- Plack::App::File would previously strip trailing slashes off
provided paths. This in combination with the common pattern
of serving files with Plack::Middleware::Static could allow
an attacker to bypass a whitelist of generated files (avar) #446
[IMPROVEMENTS]
- Let HTTP::Message::PSGI warn in case of invalid PSGI response (wchristian) #437
- Update documentation on how response_cb works with writer (doy)
- Make AccessLog work on non-POSIX environment (dex4er) #442
- Plack::App::WrapCGI no longer warns under 5.19.9 (frew)
- Avoid Rosetta Flash attack in JSONP middleware (nichtich) #464
- Fix Plack::Util::inline_object to make it work with can() as a class method
[NEW FEATURES]
- Add $req->query_string shortcut to access QUERY_STRING in PSGI environment