⚠️ Security Release ⚠️
This release fixes GHSA-pj27-2xvp-4qxg with CVE CVE-2024-35220. It's severity is classified as HIGH.
When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set.
This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed.
Full Changelog: v10.8.0...v10.9.0