4.10.15 (2022-09-20)
Bug Fixes
- session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects (GHSA-6w4q-23cf-j9jp) (#8183) (7ca9ed0)