[Koha-bugs] [Bug 30594] Package Crypt::CBC 2.35 or higher to increase security
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Apr 5 08:11:56 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30594
Mason James <mtj at kohaaloha.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |In Discussion
--- Comment #1 from Mason James <mtj at kohaaloha.com> ---
(In reply to Martin Renvoize from comment #0)
> Currently, Debian mostly comes with Crypt::CBC 2.33 pre-packaged. If we
> package 2.35 or above we can benefit from a performance boost as well as
> having the ability to update our derivation function to using the
> recommended pbkdf2 algorithm instead of the backwards compatible default of
> opensslv1.
>
> If we choose to package this, we should also update Koha::Encryption to
> reflect the change and use pbkdf2.
hiya, we now have libcrypt-cbc-perl (3.04-3) added to koha-staging/dev repo
so we can proceed with an upgrade to pbkdf2
https://packages.debian.org/bookworm/libcrypt-cbc-perl
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list