[MYFACES-4417] Support for Same Site and HSTS - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3.9
Fix Version/s: 4.0.0-RC1
Component/s: General
Labels:
None
Environment:
Redhat Linux

Description

Security Auditors have identified that Session Cookies oam.Flash.RENDERMAP.TOKEN and other Myfaces cookies are not handling Same Site and HTTP Strict Transport Security. I am unfortunately not knowledgeable enough to respond to this athough I have browsed and cannot see any references to these security measures in the context of myfaces.

Is this handled by some version of myfaces?

If not, is it something that is in the pipeline?

If not in the pipeline, can I find some explanation somewhere that states that it is unnecessary?

Regards

Attachments

Issue Links

links to

GitHub Pull Request #269

GitHub Pull Request #272

Activity

People

Assignee:: Melloware

Reporter:: Andrew Charles Cilia

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 07/Oct/21 06:55

Updated:: 20/Jun/22 12:31

Resolved:: 09/Jun/22 14:27