You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix CVE-2026-8503: Apache::Session::Generate::SHA256 used a low-entropy seed (time, PID, rand, stringified hash ref) to derive session identifiers. Use Crypt::URandom to generate session ids from a cryptographically secure source, falling back to the previous hashing method only if /dev/urandom is unavailable. Similar in scope to CVE-2025-40931 and CVE-2025-40932.
