FedOAuth security issue (CVE-2015-0256)

Earlier today, a security issue was found in FedOAuth in the setting of the auth_ses cookies.

The bug was located in fedoauth/auth/base.py, line 191: even if FedOAuth was configured to be using secure cookies, the auth_ses cookie would not be sent with that flag.
This cookie is used internally to remember an authenticated user for a specified period of time, and stealing of this cookie would mean stealing of the authenticated identity.

This bug has been issued identifier CVE-2015-0256.
It has been fixed in commit 135c1c1, release 3.1.3 (and a signature).

Ipsilon 1.0.0 released

Ipsilon 0.3.0 released