Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-07 11:58:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Ensure _forum_session cookies cannot be reused between sites (stable) (#14949)

Browse Source 
This only affects multisite Discourse instances (where multiple forums are served from a single application server). The vast majority of self-hosted Discourse forums do not fall into this category.

On affected instances, this vulnerability could allow encrypted session cookies to be re-used between sites served by the same application instance.
This commit is contained in:
David Taylor 2021-11-15 15:50:17 +00:00 committed by GitHub
parent 2da0001965
commit 73f64b8299
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile.lock
View File

@ -320,7 +320,7 @@ GEM
activerecord (~> 6.0)
concurrent-ruby
railties (~> 6.0)
rails_multisite (3.0.0)
rails_multisite (4.0.0)
activerecord (> 5.0, < 7)
railties (> 5.0, < 7)
railties (6.1.3.2)