python · langflowHeads-up
langflow: Logout does not clear session cookies (CVE)
The logout endpoint now deletes auth cookies with matching parameters, and the frontend clears them.
What changed
The logout endpoint now deletes auth cookies with matching parameters, and the frontend clears them. Previously, session cookies were not properly cleared, leaving the previous user logged in.
Who it affects
Users of langflow versions before 1.7.0, especially those on shared computers.
What to do today
Upgrade to langflow version 1.7.0 or later.
The trail
Collected→
Audited→
Written→
Published