From 711fe74a6c82cdd0c87ff1a68df82d6ddb403b79 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Thu, 11 Apr 2024 11:03:06 +0200 Subject: [PATCH] docs: clarify changelog --- .../5.0.1_2024-04-10/enhancement-strict-same-site-cookie.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/changelog/5.0.1_2024-04-10/enhancement-strict-same-site-cookie.md b/changelog/5.0.1_2024-04-10/enhancement-strict-same-site-cookie.md index 94b291611..c3a4e1a1f 100644 --- a/changelog/5.0.1_2024-04-10/enhancement-strict-same-site-cookie.md +++ b/changelog/5.0.1_2024-04-10/enhancement-strict-same-site-cookie.md @@ -1,4 +1,4 @@ -Enhancement: Make IDP cookies same site strict +Bugfix: Make IDP cookies same site strict To enhance the security of our application and prevent Cross-Site Request Forgery (CSRF) attacks, we have updated the SameSite attribute of the build in Identity Provider (IDP) cookies to Strict. @@ -9,4 +9,6 @@ thereby limiting the exposure of the user's session to potential threats. This update does not impact the existing functionality of the application but provides an additional layer of security where needed. +This only affects cookies set by the built-in IDP. Production systems should not be affected. + https://github.com/owncloud/ocis/pull/8716