CVE-2019-19375
Octopus Deploy before 2019.10.7 could send the CSRF cookie without the secure attribute in configurations with SSL offloading. Root cause is the CSRF cookie not being marked secure under those conditions. The issue was addressed by backporting the fix to LTS branches 2019.6.14 and 2019.9.8, and t...