Starch-0.04 - Implementation independent persistent statefulness. - metacpan.org

Security Advisories (1)

CVE-2025-40925 (2025-09-20)

Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference addresses. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Changes for version 0.04 - 2015-07-21

Update state's in_store if the store did not find any data. This should provide some minor performance improvements and correct behavior.
Moved the hash_seed and generate_id methods into the manager.
Renamed invalid key to no_store key, which means its named after what it causes rather than what it is used for (an anti- pattern of sorts, but this key will be used for more general purpose stuff).
Added a mark_dirty method to state.
Moved stringify_key and key_separator from manager to store.
Increase test coverage.

Documentation

Starch::Cookbook

Starch recipes for common situations.

Starch::Extending

How to alter the behavior of Starch.

Implementation independent persistent statefulness.

Modules

Implementation independent persistent statefulness.

Starch::Factory

Role applicator and class creator.

Starch::Manager

Entry point for accessing Starch state objects.

Starch::Plugin::AlwaysLoad

Always retrieve state data.

Starch::Plugin::Bundle

Base role for Starch plugin bundles.

Starch::Plugin::CookieArgs

Arguments and methods for dealing with HTTP cookies.

Starch::Plugin::DisableStore

Disable store read and/or write operations.

Starch::Plugin::ForManager

Base role for Starch plugins.

Starch::Plugin::ForState

Base role for Starch::State plugins.

Starch::Plugin::ForStore

Base role for Starch::Store plugins.

Starch::Plugin::LogStoreExceptions

Turn Starch store exceptions into log messages.

Starch::Plugin::RenewExpiration

Trigger periodic writes to the store.

Starch::Plugin::ThrottleStore

Throttle misbehaving Starch stores.

Starch::Plugin::TimeoutStore

Throw an exception if store access surpass a timeout.

Starch::Plugin::Trace

Add extra trace logging to your manager, states, and stores.

Starch::Role::Log

Logging capabilities used internally by Starch.

Starch::Role::MethodProxy

General purpose method proxy support used internally by Starch.

The Starch state object.

Base role for Starch stores.

Starch::Store::Layered

Layer multiple Starch stores.

Starch::Store::Memory

In-memory Starch store.

Utility functions used internally by Starch.

Test core features of starch.

Other files

To install Starch, copy and paste the appropriate command in to your terminal.

cpanm Starch

perl -MCPAN -e shell
install Starch

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)