Release 2.7.2

2.6.2 - January 15, 2024

v2.6.1

- Document how to report security issues
- Only update the `env["QUERY_STRING"]` if the `as` parameter is present in
  backdoor middleware

## [2.6.0] - June 12, 2022

- Drops support for Rails 5.0, 5.1 and 5.2, see https://endoflife.date/rails #964
- Drops support for Ruby 2.4, 2.5 and 2.6, see https://endoflife.date/ruby #964
- Adds support for Turbo with appropriate status codes #965
- Adds unique constraints on `remember_token` and `confirmation_token` #966
- Allows `user_parameter` to be configuration, e.g. `params[:custom_id]` instead of
  `params[:user_id]` #782 (Bryan Marble)
- Updates SignInGuard documentation #950 (Matthew LS)
- Forward options in redirect_back_or helper (#968) (Matthew LS)
- Add configuration option to disable sign in after password reset (#969) (Till
  Prochaska)

[2.6.0]: v2.5.0...v2.6.0

v2.5.0

Fixed

- Fix open redirect vulnerability

Changed

- Rename default branch to `main`

v2.4.0

Added

- Optionally use signed cookies to prevent remember token timing attacks