/ 
Starch-0.14
River stage two • 10 direct dependents • 10 total dependents
⭐ Starred 3 GitHub stars
/ Starch::Role::Log
Security Advisories (1)
CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Starch::Role::Log - Logging capabilities used internally by Starch.

ATTRIBUTES

log

Returns a Log::Any::Proxy object used for logging to Log::Any. The category is set to the object's package name, minus any __WITH__.* bits that Moo::Role adds when composing a class from roles.

No logging is produced by the stock Starch. The Starch::Plugin::Trace plugin adds extensive logging.

More info about logging can be found at "LOGGING" in Starch.

base_class_name

Returns the object's class name minus the __WITH__.* suffix put on by plugins. This is used to produce more concise logging output.

short_class_name

Returns "base_class_name" with the Starch:: prefix removed.

SUPPORT

See "SUPPORT" in Starch.

AUTHORS

See "AUTHORS" in Starch.

COPYRIGHT AND LICENSE

See "COPYRIGHT AND LICENSE" in Starch.