This is Oscar 0.5.2, a security release for Oscar 0.5.
Insecure use of
SECRET_KEY in basket cookie
For anonymous users, the basket ID is stored in a cookie. Previously, the
value was signed using a simple CRC32 hash using the
However, a good rule of thumb is to never roll your own encryption, and it is
possible that this method weakens the security of the
The fix uses Django’s cryptographic signing functionality to sign the cookie
in a more secure manner.