Skip to content

v10.9.0
Compare
Choose a tag to compare
@mcollina mcollina released this 21 May 16:28
· 20 commits to master since this release
v10.9.0
742e1dc
This commit was signed with the committer’s verified signature.
mcollina Matteo Collina
GPG key ID: 818674489FBC127E
Learn about vigilant mode.

⚠️ Security Release ⚠️

This release fixes GHSA-pj27-2xvp-4qxg with CVE CVE-2024-35220. It's severity is classified as HIGH.

When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set.
This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed.

Full Changelog: v10.8.0...v10.9.0

Assets 2
Loading