activerecord-session_store icon indicating copy to clipboard operation
activerecord-session_store copied to clipboard
verified publisher icon rails

documentation about CVE-2019-16782

Open lluis opened this issue 3 years ago • 3 comments

reading README seems that version 0.1.2 is not affected by the bug: Sessions that were created by Active Record Session Store version 1.x are affected by CVE-2019-25025

but reading comment in code seems it is: Sessions created on version <= 1.1.3 were guessable via a timing attack

do you know which one is correct?

lluis avatar Jun 20 '22 15:06 lluis

The next version after 1.1.3 was already 2.0.0, so both descriptions are correct.

h0jeZvgoxFepBQ2C avatar Aug 24 '22 08:08 h0jeZvgoxFepBQ2C

So I guess this can be closed?

h0jeZvgoxFepBQ2C avatar Aug 24 '22 08:08 h0jeZvgoxFepBQ2C

my doubt was for 0.1.2 version

lluis avatar Aug 24 '22 08:08 lluis