Security Risk: 
Not Critical
Vulnerability: 
Other
Affected Versions: 

CiviCRM versions prior to 4.7.11 or 4.6.21

Fixed Versions: 

CiviCRM versions 4.7.11 or greater, or 4.6.21 or greater

Publication Date: 
Wednesday, September 7, 2016
Description: 

CiviCRM previously did not set secure flags to restrict cookies to SSL where appropriate. This was not a security risk by itself, but the change is being made and notified in security release information as part of a wider "defense in depth" process within CiviCRM.

Solutions: 

Upgrade to CiviCRM 4.7.11 or greater, or CiviCRM 4.6.21 or greater.

Credits: 

Chris Burgess of Fuzion Aotearoa