Hey folks,
Shopware v6.5.8.7 is published as a security release to fix a bug where the 404 page cache might contain session IDs. The cookie will be only persist to caching when the browser had no cookie before. Hence, it is not possible to obtain the session of an authenticated customer.
This issue is only relevant from Shopware >= 6.5.8.0, for older versions a fix is not required.