Merge document vulnerability CVE-2018-1340, fixed in 1.0.0.

commit: c2227480c9a21e62a7288d01c1e6ccb0a1e45a7f [log] [tgz]
author: Virtually Nick <necouchman@users.noreply.github.com> Wed Jan 23 17:38:59 2019 -0500
committer: GitHub <noreply@github.com> Wed Jan 23 17:38:59 2019 -0500
tree: 86a8f15c595736811117436f977032ee9df220b9
parent: e0bcc63ef8dcf6256531f31b5133368d384a7fcf [diff]
parent: 114e5e1f8536d1fd30dc21850ccb79edcf753c87 [diff]
diff --git a/_security/CVE-2018-1340.md b/_security/CVE-2018-1340.md
new file mode 100644
index 0000000..83abb74
--- /dev/null
+++ b/_security/CVE-2018-1340.md

@@ -0,0 +1,13 @@
+---
+title: Secure flag missing from session cookie
+cve:   CVE-2018-1340
+fixed: 1.0.0
+---
+
+Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the
+user's session token. This cookie lacked the "secure" flag, which could allow
+an attacker eavesdropping on the network to intercept the user's session token
+if unencrypted HTTP requests are made to the same domain.
+
+Acknowledgements: We would like to thank Ross Golder for reporting this issue.
+
commit	c2227480c9a21e62a7288d01c1e6ccb0a1e45a7f	[log] [tgz]
author	Virtually Nick <necouchman@users.noreply.github.com>	Wed Jan 23 17:38:59 2019 -0500
committer	GitHub <noreply@github.com>	Wed Jan 23 17:38:59 2019 -0500
tree	86a8f15c595736811117436f977032ee9df220b9
parent	e0bcc63ef8dcf6256531f31b5133368d384a7fcf [diff]
parent	114e5e1f8536d1fd30dc21850ccb79edcf753c87 [diff]