diff options
| author | Paul McMillan <paul@mcmillan.ws> | 2026-05-08 16:13:58 -0400 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2026-06-03 08:37:26 -0300 |
| commit | 70d36515b9cc71700105a14b275583070d48b689 (patch) | |
| tree | f9a598a2deaf24321f9b13b3141c80265f425a28 /scripts/prepare_commit_msg.py | |
| parent | 09fdc06346b167ff6231a4cb80b85ae67b53c715 (diff) | |
Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisions.
Made signed cookies derive their signer namespace from an injective
encoding of `(name, salt)` while preserving compatibility with legacy
`name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK.
Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman,
Jake Howard, and Paul McMillan for reviews.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'scripts/prepare_commit_msg.py')
0 files changed, 0 insertions, 0 deletions
