/ 
Catalyst-Authentication-Credential-HTTP-1.003
River stage two • 4 direct dependents • 13 total dependents
Security Advisories (1)
CVE-2025-40920 (2025-08-11)

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

Changes for version 1.003 - 2008-09-11

  • Add ability to override the realm name presented for authentication when calling $c->authenticate. Documentation and tests for this.
  • Clean up documentation of options inherited from Catalyst::Authentication::Credential::Password.
  • Added an example of calling methods in the credential module from a controller to the POD.
  • Tests for the authorization_required_message configuration parameter.
  • Document use_uri_for configuration option
  • Document domain option (passed through from $c->authenticate) and add tests for this option.

Modules

Catalyst::Authentication::Credential::HTTP
HTTP Basic and Digest authentication for Catalyst.

Provides

Catalyst::Authentication::Credential::HTTP::Nonce
in lib/Catalyst/Authentication/Credential/HTTP.pm

Other files