CIVI-SA-2016-13: Improve secure flags on cookies

Published

2016-08-23 15:55

Written by

CiviCRM previously did not set secure flags to restrict cookies to SSL where appropriate. This was not a security risk by itself, but the change is being made and notified in security release information as part of a wider "defense in depth" process within CiviCRM.

Security Risk

Not Critical

Vulnerability

Other

Affected Versions

CiviCRM versions prior to 4.7.11 or 4.6.21

Fixed Versions

CiviCRM versions 4.7.11 or greater, or 4.6.21 or greater

Solutions

Upgrade to CiviCRM 4.7.11 or greater, or CiviCRM 4.6.21 or greater.

Credits

Chris Burgess of Fuzion Aotearoa

References

https://github.com/civicrm/civicrm-core/pull/7990
https://github.com/civicrm/civicrm-core/pull/8865
https://issues.civicrm.org/jira/browse/CRM-16900

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2023, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D8]

CIVI-SA-2016-13: Improve secure flags on cookies

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2016-13: Improve secure flags on cookies

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM