CVE-2015-5505

CVE-2015-5505 relates to Drupal’s contributed HTTP Strict Transport Security (HSTS) module. The module versions 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.2 do not correctly implement the include_subdomains directive, causing the HSTS policy not to be applied to subdomains. This is descr...