BC Break mess with Auth/Auth_HTTP

Rui,
I spent the last 2 hours fixing the  Auth_HTTP installation at my
employer server where we use it extensively for some professional
applications.
The combination
Auth                  1.2.3   stable
Auth_HTTP      2.1.1   beta

Works fine as I did fixed the SessionSharing mess. Now, if you install
Auth_HTTP 2.1.2 we have a BC break and the user is asked to upgrade to
Auth 1.3.0r2.

Now, this is serious.

Auth_HTTP should have gone stable with 2.1.1. where I fixed the major
SessionSharing issue.  Why? because now a user which has the default
stable as preferred status (
the great majority) will end up with the combination Auth 1.2.3 and
Auth_HTTP 2.0.

This combination expose the users of  Auth_HTTP 2.0 to  the major
Session Sharing bug and possible a security problem.

What's that ? if you have 2 protected areas on your site (separate
areas with different
realms, let' say an area called users and an area called
administrators) a user who gained access to the first realm will be
automatically logged on the second separate realm
regardless of his credentials. In fact he will not even be prompted for
a secondary log in.

To summarize, I don't understand how you released Auth_HTTP 2.1.2
requiring Auth 1.3.0r2. without
a) dropping me a line, after all I am lead on this package ;
b) breaking BC ( and obviously without testing. Every simple test will
reveal that 2.1.2 and 1.3.0r2 don't work with a previous Auth_HTTP
implementation).

2.1.1 should go stable and, even if 4 days elapsed, I would go to
pull/remove 2.1.2.

Suggestions from other QA members are very welcome,
Regards
David Costa