In case you are using my nginx-sso authentication provider please upgrade to version v0.24.1 ASAP.

Previous versions were not initializing the secure cookie correctly so an attacker might be able to forge a login cookie and therefore pass around your login.

The fix is included in release v0.24.1 for which a binary release as well as updated docker containers are available.

Thank you very much for finding and fixing the bug @nyanloutre

Please note: All users are logged out automatically once after the update to v0.24.1 - this is expected and confirms your cookie is now set correctly.

Show thread
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!