https://issues.rudder.io/https://issues.rudder.io/themes/rudder7/favicon/favicon.ico?17096450182017-07-24T16:14:13ZIssue TrackerRudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=797912017-07-24T16:14:13ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Copied from</strong> <i><a class="issue tracker-1 status-6 priority-16 priority-default closed" href="/issues/11158">Bug #11158</a>: JSESSION cookie should be "httpOnly"</i> added</li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=797932017-07-24T16:18:06ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-1 status-6 priority-16 priority-default closed" href="/issues/11160">Bug #11160</a>: We should not send Jetty version in header response</i> added</li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=797952017-07-24T16:18:20ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Copied to</strong> deleted (<i><a class="issue tracker-1 status-6 priority-16 priority-default closed" href="/issues/11160">Bug #11160</a>: We should not send Jetty version in header response</i>)</li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=798092017-07-25T13:17:25ZFrançois ARMANDfrancois.armand@rudder.io
<ul></ul><p>Perhaps for both this one, httpOnly, and removing jetty header, the config could be done in apache with mod_header <a class="external" href="https://serverfault.com/questions/645964/httponly-and-secure-cookies-with-apache-mod-header-for-all-cookies">https://serverfault.com/questions/645964/httponly-and-secure-cookies-with-apache-mod-header-for-all-cookies</a></p>
<p>That would allows to put all that config on the same place, even if we have cookies from other app one day (like technique editor or whatever), and not be dependent of jetty (nor its version).</p> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=798102017-07-25T13:26:22ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In progress</i></li><li><strong>Assignee</strong> set to <i>François ARMAND</i></li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=798112017-07-25T13:33:45ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Status</strong> changed from <i>In progress</i> to <i>Pending technical review</i></li><li><strong>Assignee</strong> changed from <i>François ARMAND</i> to <i>Benoît PECCATTE</i></li><li><strong>Pull Request</strong> set to <i>https://github.com/Normation/rudder/pull/1704</i></li></ul><p>PR <a class="external" href="https://github.com/Normation/rudder/pull/1704">https://github.com/Normation/rudder/pull/1704</a></p> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=798182017-07-25T14:36:08ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Copied from</strong> deleted (<i><a class="issue tracker-1 status-6 priority-16 priority-default closed" href="/issues/11158">Bug #11158</a>: JSESSION cookie should be "httpOnly"</i>)</li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=798202017-07-25T14:36:28ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-6 priority-16 priority-default closed" href="/issues/11158">Bug #11158</a>: JSESSION cookie should be "httpOnly"</i> added</li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=798302017-07-26T09:14:34ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Status</strong> changed from <i>Pending technical review</i> to <i>Pending release</i></li></ul><p>Applied in changeset <a class="changeset" title="Fixes #11159:" href="https://issues.rudder.io/projects/rudder/repository/rudder/revisions/b9db1b5d978b27f88479f238a68dad79e61c7d82">rudder|b9db1b5d978b27f88479f238a68dad79e61c7d82</a>.</p> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=800402017-07-31T13:37:47ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-6 priority-16 priority-default closed" href="/issues/11160">Bug #11160</a>: We should not send Jetty version in header response</i> added</li></ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=807952017-08-14T16:49:50ZVincent MEMBRÉvme@rudder.io
<ul><li><strong>Status</strong> changed from <i>Pending release</i> to <i>Released</i></li></ul><p>This bug has been fixed in Rudder 3.1.22, 4.1.6 and 4.2.0~beta3 which were released today.</p>
<ul>
<li>3.1.22: <a href="http://www.rudder-project.org/pipermail/rudder-announce/2017-August/000245.html" class="external">Announce</a> <a href="http://www.rudder-project.org/changelog-3.1#3.1.22" class="external">Changelog</a></li>
<li>4.1.6: <a href="http://www.rudder-project.org/pipermail/rudder-announce/2017-August/000244.html" class="external">Announce</a> <a href="http://www.rudder-project.org/changelog-4.1#4.1.6" class="external">Changelog</a></li>
<li>4.2.0~beta3: <a href="http://www.rudder-project.org/pipermail/rudder-announce/2017-August/000243.html" class="external">Announce</a> <a href="http://www.rudder-project.org/changelog-4.2#4.2.0~beta3" class="external">Changelog</a></li>
<li>Download: <a class="external" href="https://www.rudder-project.org/site/get-rudder/downloads/">https://www.rudder-project.org/site/get-rudder/downloads/</a></li>
</ul> Rudder - Bug #11159: JSESSION cookie should be "secure"https://issues.rudder.io/issues/11159?journal_id=808342017-08-16T08:05:29ZFrançois ARMANDfrancois.armand@rudder.io
<ul><li><strong>Private</strong> changed from <i>Yes</i> to <i>No</i></li></ul><p>Removing the private status now that the release containing the fixes are available.</p>