This release updates a few things:
- We implement an actual rejection handler, so that the response codes we get out are correct
- We fix up Basic auth so that it actually conforms to the spec (i.e. it base64 decodes a username:password string)
In regards to 2), THIS IS POTENTIALLY A BREAKING CHANGE. All efforts have been made to avoid it, but, if your plaintext password happens to be valid in base64, and decodes to a valid utf8 string containing a : then your setup will break - please migrate to actual Basic auth