Description
Security Auditors have identified that Session Cookies oam.Flash.RENDERMAP.TOKEN and other Myfaces cookies are not handling Same Site and HTTP Strict Transport Security. I am unfortunately not knowledgeable enough to respond to this athough I have browsed and cannot see any references to these security measures in the context of myfaces.
Is this handled by some version of myfaces?
If not, is it something that is in the pipeline?
If not in the pipeline, can I find some explanation somewhere that states that it is unnecessary?
Regards