New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Safely deserialize principals from rememberMe cookie #27

Closed
kaosko opened this Issue May 30, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@kaosko
Member

kaosko commented May 30, 2016

No description provided.

@kaosko kaosko self-assigned this May 30, 2016

@kaosko kaosko added this to the 0.6.4 milestone May 30, 2016

kaosko added a commit that referenced this issue May 30, 2016

#27: Safely deserialize principals from rememberMe cookie
- fix severe vulnerability by only allowing deserialization of known
principal types
- add a unit test for the rememberMed, unauthenticated user

@kaosko kaosko closed this May 31, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment