Skip to content

Remove unsafe/deprecated Encryptors.querableText(CharSequence,CharSequence) #8980

New issue
New issue
Closed
Closed
Remove unsafe/deprecated Encryptors.querableText(CharSequence,CharSequence)#8980
Assignees
rwinch
Labels
in: cryptoAn issue in spring-security-cryptotype: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement
Milestone
 
6.0.0-M7
@paruss

Description

@paruss
paruss
opened on Aug 24, 2020

The method is deprecated as a result of issue: CVE-2020-5408. The solution was to deprecate this method. This does not satisfy code analyzers such as Fortify as it could potentially still be used.

I would suggest this method be removed as should not be used anyway.

Method in question:
org.springframework.security.crypto.encrypt#queryableText(CharSequence password, CharSequence salt)

Metadata

Metadata

Assignees

Labels

in: cryptoAn issue in spring-security-cryptotype: breaks-passivityA change that breaks passivity with the previous releasetype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions