Hi guys, In the code for Dancer2::Plugin::Auth::Extensible I see the following: # For security, ensure the username and password are straight # scalars; if the app is using a serializer and we were sent a # blob of JSON, they could have come from that JSON, and thus # could be hashrefs (JSON SQL injection) - for database providers, # feeding a carefully crafted hashref to the SQL builder could # result in different SQL to what we'd expect. That all makes sense. However, from what I understand, auto-serializing now happens either for all request or for none. Therefore, are these sort of checks required when running a recent version of Dancer2? Or is it just the case that they should remain there in case an older version of Dancer2 is being used? Thanks, Andy