summaryrefslogtreecommitdiff
path: root/scripts/prepare_commit_msg.py
diff options
context:
space:
mode:
authorPaul McMillan <paul@mcmillan.ws>2026-05-08 16:13:58 -0400
committerNatalia <124304+nessita@users.noreply.github.com>2026-06-03 08:37:26 -0300
commit70d36515b9cc71700105a14b275583070d48b689 (patch)
treef9a598a2deaf24321f9b13b3141c80265f425a28 /scripts/prepare_commit_msg.py
parent09fdc06346b167ff6231a4cb80b85ae67b53c715 (diff)
Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisions.
Made signed cookies derive their signer namespace from an injective encoding of `(name, salt)` while preserving compatibility with legacy `name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK. Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman, Jake Howard, and Paul McMillan for reviews. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'scripts/prepare_commit_msg.py')
0 files changed, 0 insertions, 0 deletions