Security Advisories (1)

CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Starch::Plugin::Bundle - Base role for Starch plugin bundles.

SYNOPSIS

# Create a bundle.
package MyDevPlugins;
use Moo;
with 'Starch::Plugin::Bundle';
sub bundled_plugins {
    return ['::Trace', 'MyApp::Starch::CustomPLugin'];
}

# Use the bundle.
my $starch = Starch->new(
    plugins => ['MyDevPlugin'],
    ...,
);

DESCRIPTION

Plugin bundles package together any number of other plugins and plugin bundles. To create a plugin bundle just make a new class that consumes this role and defines the bundled_plugins method. This method should return an array ref of plugin names (absolute or relative).

See "PLUGINS" in Starch::Extending for more information.

ATTRIBUTES

plugins

This returns the array ref of plugins provided by the bundled_plugins method.

resolved_plugins

This returns "plugins" with all relative plugin names made absolute.

roles

Returns "resolved_plugins" with all plugin bundles expanded to their roles.

manager_roles

Of the "roles" this returns the ones that consume the Starch::Plugin::ForManager role.

state_roles

Of the "roles" this returns the ones that consume the Starch::Plugin::ForState role.

store_roles

Of the "roles" this returns the ones that consume the Starch::Plugin::ForStore role.

SUPPORT

See "SUPPORT" in Starch.

AUTHORS

See "AUTHORS" in Starch.

COPYRIGHT AND LICENSE

See "COPYRIGHT AND LICENSE" in Starch.

To install Starch, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Starch

CPAN shell

perl -MCPAN -e shell
install Starch

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)