Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[6.x] Update changelog for v6.18.27 with upgrade info around cookies #36490

Merged
merged 3 commits into from
Mar 7, 2021
Merged

[6.x] Update changelog for v6.18.27 with upgrade info around cookies #36490

merged 3 commits into from
Mar 7, 2021

Conversation

T-Spoon
Copy link
Contributor

@T-Spoon T-Spoon commented Mar 7, 2021

Anyone upgrading to >= v6.18.27 will have all their cookies invalidated.

This seems like an important point to highlight that I didn't see mentioned anywhere. I only found it after basically doing a binary search through upgrades to find out which version borked our cookies.

For some apps this means that all their users will be logged out at once - which could have a bunch of implications (not to mention an annoyance for the users)

I may have just completely missed the memo on this - but there was no info on the PR (#33662) and the discussion is currently locked.

Supercedes #36489 (changed to target 6.x instead of 8.x)

@T-Spoon
Update changelog for v6.18.27 with upgrade info around cookies
a7fe23c 
After this this change any existing cookies will be invalid (which may have implications for some apps)
@GrahamCampbell GrahamCampbell changed the title [8.x] Update changelog for v6.18.27 with upgrade info around cookies [6.x] Update changelog for v6.18.27 with upgrade info around cookies Mar 7, 2021
@derekmd
Copy link
Contributor

derekmd commented Mar 7, 2021

I may have just completely missed the memo on this - but there was no info on the PR (#33662) and the discussion is currently locked.

https://blog.laravel.com/laravel-cookie-security-releases covers it.

@T-Spoon
Copy link
Contributor Author

T-Spoon commented Mar 7, 2021
edited
Loading

I may have just completely missed the memo on this - but there was no info on the PR (#33662) and the discussion is currently locked.

https://blog.laravel.com/laravel-cookie-security-releases covers it.

Awesome. I've added a link to that in the changelog.

I still think it's worth merging this PR (or similar) to mention this info in the changelog - as people may not think to look through the blog post archive to find this info (I actually did scan back through many pages of the blog but clearly missed that one!)

@taylorotwell taylorotwell merged commit c5fa693 into laravel:6.x Mar 7, 2021
@T-Spoon T-Spoon deleted the patch-2 branch March 7, 2021 20:46
This was referenced Mar 15, 2021
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@T-Spoon @derekmd @taylorotwell