Possible Sensitive Session Information Leak in Active Storage

Original report: https://hackerone.com/reports/2140554 Advisory: https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g ## Impact Active Storage, when serving files (blobs), incorrectly sends the Set-Cookie header containing the user's session cookie along with a Cache-Control: public header. Some certain caching proxies may cache this response, including the Set-Cookie header. This allows unrelated users accessing the cached content to obtain the original user's session cookie.