Project

General

Profile

Bug #11352

Foreman 1.7.5 CVE-2015-3155 - The _session_id cookie is issued without the Secure flag

Added by Brian Lee over 4 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

The 1.7.5 branch has the same security issue as this: http://projects.theforeman.org/issues/10275


Related issues

Related to Foreman - Bug #10275: CVE-2015-3155 - The _session_id cookie is issued without the Secure flagClosed2015-04-27

History

#1 Updated by Dominic Cleal over 4 years ago

  • Related to Bug #10275: CVE-2015-3155 - The _session_id cookie is issued without the Secure flag added

#2 Updated by Dominic Cleal over 4 years ago

Currently I have no plan to release a new 1.7 minor release due to the availability of 1.8.1 or 1.9, which contain fixes, and the lower severity of the issue.

The top of http://theforeman.org/security.html has a summary of when you can expect fixes to be released.

#3 Updated by Michael Moll almost 3 years ago

  • Status changed from New to Rejected

Also available in: Atom PDF