Upgrade to version 1.93, which contains a security fix among other changes.

From Erlyaws-list:

"Use crypto:rand_bytes() instead of the cryptographically weak random
module. Swedish security consultant and cryptographer Kalle
Zetterlund discovered a way to - given a sequence of cookies produced
by yaws_session_server - predict the next session id. Thus providing
a gaping security hole into yaws servers that use the yaws_session_server
to maintain cookie based HTTP sessions (klacke/kallez)"

PR: ports/169363
Submitted by: Kenji Rikitake <kenji.rikitake@acm.org>