Revision history for PAGI-Middleware-Session-Store-Cookie

0.001005  2026-07-15
    - Declare the runtime dependency on PAGI::Tools (>= 0.002002), which
      provides the PAGI::Middleware::Session::Store base class that
      Store::Cookie inherits from via 'use parent'. The cpanfile previously
      declared only PAGI, so a fresh install could fail at runtime when
      nothing else pulled the base class in.
    - Add regression tests: mutating an existing session round-trips through
      the real middleware, and a pure read of an existing session emits no
      Set-Cookie.

0.001004  2026-03-31
    - SECURITY: Fix insecure rand() fallback in IV generation (CVE-2026-5087)
    - Use Crypt::PRNG (from CryptX) for cryptographically secure random bytes
    - Remove misleading Crypt::URandom reference from POD
    - Align POD style with PAGI framework conventions
    - Remove stale extraction note from DESCRIPTION
    - Thanks to Robert Rothenberg and CPANSec for the report and patch

0.001003  2026-03-17
    - Add a recognized Artistic 2.0 license section to the main module POD
    - Add an explicit module version matching the distribution version
    - Add an AUTHORS section to the main module POD

0.001002  2026-03-16
    - Fix non-ASCII character in POD (em dash before =encoding)
    - Document new() constructor method and required secret parameter

0.001001  2026-03-16
    - Initial release
    - AES-256-GCM encrypted client-side session storage
    - Implements PAGI::Middleware::Session::Store interface
    - set() returns encrypted blob as transport value
    - get() decrypts and verifies, returns undef for tampered/invalid data
    - No server-side storage needed
    - Runtime warning when /dev/urandom unavailable (insecure IV fallback)
    - Counter example app included
