secret key rotation: fix key list ordering

jayaddison · jayaddison · commit 64febe022e2c · 2025-07-29T12:44:32.000Z
The `itsdangerous` serializer interface[1] expects keys to be provided with the oldest key at index zero and the active signing key at the end of the list. [1] - https://itsdangerous.palletsprojects.com/en/stable/serializer/#itsdangerous.serializer.Serializer (cherry picked from commit pallets/flask@fb54159) Conflicts: CHANGES.rst src/flask/sessions.py tests/test_basic.py
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,11 @@
+## Version 0.20.1
+
+Unreleased
+
+- Flask backport: Fix signing key selection order when key rotation is enabled
+  via ``SECRET_KEY_FALLBACKS``.
+  <https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g>
+
 ## Version 0.20.0
 
 Released 2024-12-23
diff --git a/src/quart/sessions.py b/src/quart/sessions.py
@@ -149,11 +149,12 @@ def get_signing_serializer(self, app: Quart) -> URLSafeTimedSerializer | None:
         if not app.secret_key:
             return None
 
-        keys: list[str | bytes] = [app.secret_key]
+        keys: list[str | bytes] = []
 
         if fallbacks := app.config["SECRET_KEY_FALLBACKS"]:
             keys.extend(fallbacks)
 
+        keys.append(app.secret_key)  # itsdangerous expects current key at top
         options = {
             "key_derivation": self.key_derivation,
             "digest_method": self.digest_method,
