Safely deserialize principals from rememberMe cookie #27

Closed
kaosko opened this Issue May 30, 2016 · 0 comments

Projects

None yet

1 participant

@kaosko
Member
kaosko commented May 30, 2016

No description provided.

@kaosko kaosko self-assigned this May 30, 2016
@kaosko kaosko added this to the 0.6.4 milestone May 30, 2016
@kaosko kaosko added a commit that referenced this issue May 30, 2016
@kaosko kaosko #27: Safely deserialize principals from rememberMe cookie
- fix severe vulnerability by only allowing deserialization of known
principal types
- add a unit test for the rememberMed, unauthenticated user
f4f4803
@kaosko kaosko closed this May 31, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment