1#### <sub><sup><a name="v422-note-1" href="#v422-note-1">:link:</a></sup></sub> fix, security 2 3* Fixed an open redirect vulnerability with the login flow that enabled phishy URLs to be crafted to send your auth token to an arbitrary URL. 4 5 This issue affected all versions after and including [**v4.0.0**](https://github.com/concourse/concourse/releases/tag/v4.0.0). The attack vector requires user interaction, but we still highly recommend upgrading to this version now that the exploit is public. 6 7 8