Dancer2 0.203000 is on its way to a CPAN mirror near you. This version brings some important security improvements and bugfixes:

It is considered good security practice to change a session ID whenever any change in privilege level occurs (such as logging into an app). Not only is this a good practice, but it is a requirement of some established security standards. To account for this, a new method, change_session_id() was added to make it easy for developers to issue a new session ID on privilege change.

At some point in the not-too-distant future, session drivers will be required to implement a _change_id() method to support this. In the meantime, Dancer2 will perform the operation for session drivers that lack this method.

Thanks to Ctrl O and InfoSaaS for sponsoring SysPete’s work on this important functionality!

An error made it possible for a request to have serialized data that wouldn’t be deserialized into body_parameters if any middleware had previously created a Plack::Request object and parsed the request body. A bugfix by veryrusty forces deserialization of body data even when an existing Plack::Request object has already parsed the request body.

A bug introduced in Dancer2 0.200000 was double-decoding deserialized data. This has been fixed.

Three functions were introduced for developer convenience: code_mapping() , status_mapping() and all_mappings() . These methods allow your code to access copies of Dancer’s HTTP_CODES table, rather than having to copy the table for your own use. See the docs for Dancer2::Core::HTTP for more information.

Several documentation improvements were made by Racke, including documentation of a session’s data() method.

The full changelog is as follows:

0.203000 2016-08-24 22:09:56-05:00 America/Chicago [ BUG FIXES ] * GH #1232: Force deserialization of body data even when an existing Plack::Request object has already parsed request body. Don't double decode deserialized data. (Russell Jenkins - @veryrusty) [ ENHANCEMENTS ] * GH #1195: Add change_session_id() method - both as a good security practice and to comply with other established security standards. (Peter Mottram) * GH #1234: Add convenience functions to access Dancer's HTTP_CODES table. (Yanick Champoux) [ DOCUMENTATION ] * Fix Typo (Stefan Hornburg - Racke) * Document $session->data (Stefan Hornburg - Racke)

If you have any questions, please find us at irc.perl.org#dancer.

Just a reminder, the Dancer conference in Vienna, Austria is quickly approaching (it’s just a month away!). If you are interested in attending or giving a talk, please visit the conference website.

Happy Dancing!