Amon2-Auth-Site-LINE-0.05

Changes for version 0.05 - 2025-05-20

Previously, this module used String::Random module which uses rand(), a built-in Perl function, to generate random tokens when the state and nonce parameters in OAuth2 are unset. However, the rand() function is vulnerable to a PRNG vulnerability called CWE-338, so it's not cryptographically secure. From this version, it has discarded dependencies of String::Random and has been replaced with Crypt::URandom::Token module, which uses the more secure /dev/urandom to generate tokens.
- The above vulnerability was pointed out to me by Robert Rothenberg (RRWO). Thanks for pointing this out.
I'm aware that the above implementation has fixed the vulnerability in this module corresponding to the vulnerability number below.
- CVE-2024-57835 https://www.cve.org/CVERecord?id=CVE-2024-57835
- JVNDB-2025-003449 https://jvndb.jvn.jp/ja/contents/2025/JVNDB-2025-003449.html

LINE integration for Amon2

To install Amon2::Auth::Site::LINE, copy and paste the appropriate command in to your terminal.

cpanm Amon2::Auth::Site::LINE

perl -MCPAN -e shell
install Amon2::Auth::Site::LINE

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)