[
https://issues.apache.org/jira/browse/GROOVY-11459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17880107#comment-17880107
]
wellchang edited comment on GROOVY-11459 at 9/8/24 8:51 AM:
------------------------------------------------------------
i have modify the use of EncodingGroovyMethods.md5 to configure the MD5/SHA-256
algorithm through the environment variable GROOV_CACHED_KEY_LLGORITHMS
was (Author: JIRAUSER306847):
i have modify the use of EncodingGroove yMethods. md5 to configure the
MD5/SHA-256 algorithm through the environment variable
GROOV_CACHED_KEY_LLGORITHMS
> weak hashing algorithm (使用弱哈希算法)
> --------------------------------
>
> Key: GROOVY-11459
> URL: https://issues.apache.org/jira/browse/GROOVY-11459
> Project: Groovy
> Issue Type: Bug
> Affects Versions: 4.0.22
> Reporter: wellchang
> Assignee: Paul King
> Priority: Major
>
> 通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
> 建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
> Google Translate gives:
> Through iast scanning, it was found that md5 is used in groovy to generate
> the cache key name, and the path is
> groovy.lang.GroovyClassLoader.getSourceCacheKey
> It is recommended to use common secure hash algorithms, such as SHA-256,
> SHA-384, SHA-512, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
