Two Vulnerabilities in One Line #5

paragonie-scott opened this Issue Jun 9, 2015 · 3 comments


None yet

3 participants


Is there any interest in fixing this?

rnapier commented Dec 6, 2015

My PHP background is weak, and I haven't heard from @curtisdf in a while. I've asked a colleague of mine with much more PHP experience to take a look. I'd also be happy to look at a pull request.

Thanks for the issue.

@curtisdf curtisdf pushed a commit that referenced this issue Dec 6, 2015
Curtis Farnham Fix for GitHub issue #5 (hash_equals) 53c1ab5
curtisdf commented Dec 6, 2015

Hi @rnapier. Sorry for being AWOL. I wasn't receiving any emails about RNCryptor so it was out of sight out of mind.

I have migrated the project to use hash_equals() along with the polyfill library. I also took the opportunity to fix up our TravisCI configs. Since PHP 5.4 is at EOL, I have moved the minimum supported PHP version to 5.5. I also added support for testing in PHP7.

We are now at version 3.1.0. Thanks @paragonie-scott for the feedback.

@curtisdf curtisdf closed this Dec 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment