On 10 September 2014 15:43, Maxin B. John <maxin.john at enea.com> wrote: > Fixes two HTTP cookie related security bugs: > 1. CVE-2014-3613 > 2. CVE-2014-3620 Can these be backported instead to 7.37.1? Upgrading to a new major release with many new features is exceptional now we've frozen. Ross