Important
Even though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.
Fixed
NewSecretsVerifiernow rejects empty signing secrets to avoid accepting forged request
signatures when applications are misconfigured.
Full Changelog: v0.23.0...v0.23.1