SEC-1764: z/OS Password Encoding Error #1986

spring-issuemaster opened this Issue Jun 13, 2011 · 1 comment


None yet

1 participant


Bob Markle (Migrated from SEC-1764) said:


Fix - line 104: has been tested with "" on z/OS 1.12
was: return prefix + new String(Base64.encode(hash));
change: return prefix + new String(Base64.encode(hash), "UTF-8"); also looks like it has same issue.


Luke Taylor said:

Thanks for the report. I've updated password encoders to replace calls to new String(byte[]) with Utf8 encoded values.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment