In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
CPE | Name | Operator | Version |
---|---|---|---|
octopus_deploy | ge | 2019.9.0 | |
octopus_deploy | lt | 2019.9.8 | |
octopus_deploy | ge | 2019.6.0 | |
octopus_deploy | lt | 2019.6.14 | |
octopus_deploy | lt | 2019.10.7 |