rack-protection helps protect against typical web attacks.
Affected versions of the package are vulnerable to Timing Attack due to time-variable comparison of signatures. A malicious user can guess a valid signature one char at a time by considering the time it takes a signature validation to fail.
You can read more about timing attacks on our blog
rack-protection to versions 1.5.5, 2.0.0 or higher.