Starch-0.14 - A framework independent HTTP session library. - metacpan.org

Security Advisories (1)

CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Changes for version 0.14 - 2019-05-13

Avoid CPANTS Kwalitee check for Test2::V0.
Switch to the GNU General Public License version 3.
Stop using Test2::Require::Module in Test::Starch.

Documentation

Starch::Cookbook

Starch recipes for common situations.

Starch::Extending

How to alter the behavior of Starch.

Modules

A framework independent HTTP session library.

Starch::Factory

Role applicator and class creator.

Starch::Manager

Entry point for accessing Starch state objects.

Starch::Plugin::AlwaysLoad

Always retrieve state data.

Starch::Plugin::Bundle

Base role for Starch plugin bundles.

Starch::Plugin::CookieArgs

Arguments and methods for dealing with HTTP cookies.

Starch::Plugin::DisableStore

Disable store read and/or write operations.

Starch::Plugin::ForManager

Base role for Starch plugins.

Starch::Plugin::ForState

Base role for Starch::State plugins.

Starch::Plugin::ForStore

Base role for Starch::Store plugins.

Starch::Plugin::LogStoreExceptions

Turn Starch store exceptions into log messages.

Starch::Plugin::RenewExpiration

Trigger periodic writes to the store.

Starch::Plugin::ThrottleStore

Throttle misbehaving Starch stores.

Starch::Plugin::Trace

Add extra trace logging to your manager, states, and stores.

Starch::Role::Log

Logging capabilities used internally by Starch.

The Starch state object.

Base role for Starch stores.

Starch::Store::Layered

Layer multiple Starch stores.

Starch::Store::Memory

In-memory Starch store.

Utility functions used internally by Starch.

Test core features of starch.

Provides

Starch::Plugin::CookieArgs::Manager

in lib/Starch/Plugin/CookieArgs/Manager.pm

Starch::Plugin::CookieArgs::State

in lib/Starch/Plugin/CookieArgs/State.pm

Starch::Plugin::RenewExpiration::Manager

in lib/Starch/Plugin/RenewExpiration/Manager.pm

Starch::Plugin::RenewExpiration::State

in lib/Starch/Plugin/RenewExpiration/State.pm

Starch::Plugin::Trace::Manager

in lib/Starch/Plugin/Trace/Manager.pm

Starch::Plugin::Trace::State

in lib/Starch/Plugin/Trace/State.pm

Starch::Plugin::Trace::Store

in lib/Starch/Plugin/Trace/Store.pm

Other files

To install Starch, copy and paste the appropriate command in to your terminal.

cpanm Starch

perl -MCPAN -e shell
install Starch

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)