[jira] [Commented] (GROOVY-11459) weak hashing algorithm (使用弱哈希算法)

ASF GitHub Bot (Jira) Thu, 24 Oct 2024 08:31:01 -0700


    [ 
https://issues.apache.org/jira/browse/GROOVY-11459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892529#comment-17892529
 ]


ASF GitHub Bot commented on GROOVY-11459:
-----------------------------------------

GianniGiglio commented on PR #2112:
URL: https://github.com/apache/groovy/pull/2112#issuecomment-2435613155

   Hi are there any plans to backport this to groovy 4 release?




> weak hashing algorithm (使用弱哈希算法)
> --------------------------------
>
>                 Key: GROOVY-11459
>                 URL: https://issues.apache.org/jira/browse/GROOVY-11459
>             Project: Groovy
>          Issue Type: Bug
>    Affects Versions: 4.0.22
>            Reporter: wellchang
>            Assignee: Paul King
>            Priority: Major
>             Fix For: 4.x
>
>
> 通过iast扫描发现groovy中使用了md5来生成缓存键名，路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
> 建议使用常见的安全的哈希算法，如SHA-256,SHA-384,SHA-512等
> Google Translate gives:
> Through iast scanning, it was found that md5 is used in groovy to generate 
> the cache key name, and the path is 
> groovy.lang.GroovyClassLoader.getSourceCacheKey
> It is recommended to use common secure hash algorithms, such as SHA-256, 
> SHA-384, SHA-512, etc.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (GROOVY-11459) weak hashing algorithm (使用弱哈希算法)

Reply via email to