[
https://issues.apache.org/jira/browse/GROOVY-11459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17881922#comment-17881922
]
Paul King commented on GROOVY-11459:
------------------------------------
Current status: hashing algorithm is now configurable thanks. Default is still
md5. Plan is to test more on master and if further testing shows sha256 to be
as fast as md5, swap the default on master (for Groovy 5).
> weak hashing algorithm (使用弱哈希算法)
> --------------------------------
>
> Key: GROOVY-11459
> URL: https://issues.apache.org/jira/browse/GROOVY-11459
> Project: Groovy
> Issue Type: Bug
> Affects Versions: 4.0.22
> Reporter: wellchang
> Assignee: Paul King
> Priority: Major
>
> 通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
> 建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
> Google Translate gives:
> Through iast scanning, it was found that md5 is used in groovy to generate
> the cache key name, and the path is
> groovy.lang.GroovyClassLoader.getSourceCacheKey
> It is recommended to use common secure hash algorithms, such as SHA-256,
> SHA-384, SHA-512, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
