HISTORY.md in rack-1.6.4 vs HISTORY.md in rack-1.6.5

- old
+ new
@@ -1,4 +1,24 @@
+Sun Dec 4 18:48:03 2015  Jeremy Daer <jeremydaer@gmail.com>
+
+	* First-party "SameSite" cookies. Browsers omit SameSite cookies
+	from third-party requests, closing the door on many CSRF attacks.
+
+	Pass `same_site: true` (or `:strict`) to enable:
+	    response.set_cookie 'foo', value: 'bar', same_site: true
+	or `same_site: :lax` to use Lax enforcement:
+	    response.set_cookie 'foo', value: 'bar', same_site: :lax
+
+	Based on version 7 of the Same-site Cookies internet draft:
+	https://tools.ietf.org/html/draft-west-first-party-cookies-07
+
+	Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for
+	updating to drafts 5 and 7.
+
+Wed Jun 24 12:13:37 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Fix Ruby 1.8 backwards compatibility
+
 Fri Jun 19 07:14:50 2015  Matthew Draper <matthew@trebex.net>
 
 	* Work around a Rails incompatibility in our private API
 
 Fri Jun 12 11:37:41 2015  Aaron Patterson <tenderlove@ruby-lang.org>