Last week, I shipped Amon2 and HTTP::Session2 includes security fix. [Must] Update "secret" if you are using HTTP::Session2::ClientStore Amon2::Flavor::* generates the 'secret'. If your are using generated value, You MUST update it. [Recommended] Update each libraries. I recommend to update Amon2, HTTP::Session, HTTP::Session2 to the latest version. [Recommended] Switch HTTP::Session2::ClientStore