This is a security release that can't wait any longer.

Affected: all versions

Github Flyspray dev versions between 1.0 alphax and 1.0-beta:

• an accidently introduced bug lead to the possiblity of getting flyspray admin, detected by flyspray devs.

All versions before 1.0 alphax:

• now HttpOnly cookies and secure cookies (for servers with a valid ssl cert)
• Anti-CSRF system implemented

Both make it harder to takeover a user session or trick an authenticated flyspray user to execute damaging actions in Flyspray. (like deleting himself for instance ;-))

• 1300 commits in 2015 mainly targeting completing existing features and bug fixes.

Wanted

Peoples testing this version and giving detailed feedback on bugs.flyspray.org.

peterdd