If remember me is on and users log in with the box checked, if the developer then disabled “remember me” function, any pre-existing cookies will continue to authenticate users.
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml
github.com/silverstripe/silverstripe-framework
github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822
github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e
github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f
github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6
www.silverstripe.org/download/security-releases/ss-2016-014