Fix CVE in README

marvinthepa · marvinthepa · commit 7964f2b1c6b2 · 2021-03-10T16:43:41.000+01:00
CVE-2015-9284 is an old CSRF Bug in Omniauth, has nothing to do with CVE-2019-25025 which is a timing attack against session ids.
diff --git a/README.md b/README.md
@@ -109,7 +109,7 @@ MyLogger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
 This silencer is being used to silence the logger and not leaking private
 information into the log, and it is required for security reason.
 
-CVE-2015-9284 mitigation
+CVE-2019-25025 mitigation
 --------------
 
 Sessions that were created by Active Record Session Store version 1.x are
