CakePHP Authentication 1.1.5
Fixes
- The session id rotation changes added in 1.1.3 have been reverted. They broke compatibility with
SecurityComponent
in a way that could not be fixed without other changes. - This release is susceptible to session fixation attacks due to the removed session id regeneration. Upgrade to 1.2.0 to resolve this.