Foreman 1.7.5 CVE-2015-3155 - The _session_id cookie is issued without the Secure flag
The 1.7.5 branch has the same security issue as this: http://projects.theforeman.org/issues/10275
#2 Updated by Dominic Cleal over 4 years ago
Currently I have no plan to release a new 1.7 minor release due to the availability of 1.8.1 or 1.9, which contain fixes, and the lower severity of the issue.
The top of http://theforeman.org/security.html has a summary of when you can expect fixes to be released.