Description
通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey
建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等
Google Translate gives:
Through iast scanning, it was found that md5 is used in groovy to generate the cache key name, and the path is groovy.lang.GroovyClassLoader.getSourceCacheKey
It is recommended to use common secure hash algorithms, such as SHA-256, SHA-384, SHA-512, etc.
In GROOVY-11459, it was made possible to configure the hashing algorithm. This issue is to explore whether there is a significant performance degradation making SHA256 the default. Initial tests, albeit on a small sample size, indicates no. We need to do further testing though. The default would only be changed for Groovy 5+.
Attachments
Issue Links
- is a clone of
-
GROOVY-11459 weak hashing algorithm (使用弱哈希算法)
-
- Closed
-