Closed marvinthepa closed 3 years ago
🤦♂️ thank you very much.
I'll update release note and everything for this correction.
I'm really sorry - that was my fault. I copied the wrong CVE from our bundle-audit
exclusion 🤦♂️ Thanks for looking out @marvinthepa and sorry for the extra work @sikachu
CVE-2015-9284 is an old CSRF Bug in Omniauth, has nothing to do with CVE-2019-25025 which is a timing attack against session ids.