CiviCRM previously did not set secure flags to restrict cookies to SSL where appropriate. This was not a security risk by itself, but the change is being made and notified in security release information as part of a wider "defense in depth" process within CiviCRM.
CiviCRM versions prior to 4.7.11 or 4.6.21
CiviCRM versions 4.7.11 or greater, or 4.6.21 or greater
Upgrade to CiviCRM 4.7.11 or greater, or CiviCRM 4.6.21 or greater.
Chris Burgess of Fuzion Aotearoa
- https://github.com/civicrm/civicrm-core/pull/7990
- https://github.com/civicrm/civicrm-core/pull/8865
- https://issues.civicrm.org/jira/browse/CRM-16900