[
https://issues.apache.org/jira/browse/GROOVY-11515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul King updated GROOVY-11515:
-------------------------------
Description:
通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
Google Translate gives:
Through iast scanning, it was found that md5 is used in groovy to generate the
cache key name, and the path is groovy.lang.GroovyClassLoader.getSourceCacheKey
It is recommended to use common secure hash algorithms, such as SHA-256,
SHA-384, SHA-512, etc.
In GROOVY-11459, it was made possible
was:
通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
Google Translate gives:
Through iast scanning, it was found that md5 is used in groovy to generate the
cache key name, and the path is groovy.lang.GroovyClassLoader.getSourceCacheKey
It is recommended to use common secure hash algorithms, such as SHA-256,
SHA-384, SHA-512, etc.
> configurable hashing algorithm
> ------------------------------
>
> Key: GROOVY-11515
> URL: https://issues.apache.org/jira/browse/GROOVY-11515
> Project: Groovy
> Issue Type: Bug
> Affects Versions: 4.0.22
> Reporter: wellchang
> Assignee: Paul King
> Priority: Major
> Fix For: 4.x
>
>
> 通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
> 建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
> Google Translate gives:
> Through iast scanning, it was found that md5 is used in groovy to generate
> the cache key name, and the path is
> groovy.lang.GroovyClassLoader.getSourceCacheKey
> It is recommended to use common secure hash algorithms, such as SHA-256,
> SHA-384, SHA-512, etc.
> In GROOVY-11459, it was made possible
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
