[gonepostal]

IMHO the better solution would not to store marshalled objects in the session cookie. Especially ones that you don't have direct control over. There can't be any reasonable regression-test or upgrade test that could test for this.

[speleding]

The Rails flash is actually stored as a marshaled object in the cookie, so this broke for everyone who happened to have something stored in the flash at the time of upgrade (which is a lot of people). It should have been caught before but it did get fixed in the latest release.