You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The release notes are not clear which versions are vulnerable for the cookie parser security fix.
quote: (older versions of Tornado would reject the entire header for a single invalid cookie)
Does that infer that only previous 4.4 releases were vulnerable? What about 4.2 and 4.3 releases, are any of those vulnerable? older...?
As a package maintainer, but not a tornado coder, I need to know the extent of the vulnerability. If I need to fastrack stabilization of the 4.4.2 release and remove which older versions, etc...
The release notes are not clear which versions are vulnerable for the cookie parser security fix.
quote: (older versions of Tornado would reject the entire header for a single invalid cookie)
Does that infer that only previous 4.4 releases were vulnerable? What about 4.2 and 4.3 releases, are any of those vulnerable? older...?
As a package maintainer, but not a tornado coder, I need to know the extent of the vulnerability. If I need to fastrack stabilization of the 4.4.2 release and remove which older versions, etc...
https://bugs.gentoo.org/show_bug.cgi?id=597740
Thank you.
Brian
The text was updated successfully, but these errors were encountered: