/ 
Apache2-API-v0.5.1
Security Advisories (1)
CVE-2026-5088 (2026-04-15)

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply return 16 bytes generated with Perl's built-in rand function. The rand function is unsuitable for cryptographic use. These salts are used for password hashing.

Changes for version v0.5.1 - 2026-03-19

  • Updating Apache2::API::Request to improve acceptance of application/*+json content types

Documentation

CONTRIBUTING.md
Makefile.PL
README.md
Apache2::API::Password
Create and verify HTTP Basic Auth password hashes (APR1/bcrypt/SHA-crypt)

Modules

Apache2::API
Apache2 API Framework
Apache2::API::DateTime
HTTP DateTime Manipulation and Formatting
Apache2::API::Headers::Accept
Parser and matcher for HTTP Accept header
Apache2::API::Headers::AcceptCommon
Common base class for parsing HTTP Accept and Accept-Language headers
Apache2::API::Headers::AcceptLanguage
Parser and matcher for HTTP Accept-Language header
Apache2::API::Query
utf8 compliant URI query string manipulation
Apache2::API::Request
Apache2 Incoming Request Access and Manipulation
Apache2::API::Request::Params
Apache2 Request Fields Object
Apache2::API::Request::Upload
Apache2 Request Upload Object
Apache2::API::Response
Apache2 Outgoing Response Access and Manipulation
Apache2::API::Status
Apache2 Status Codes

Provides

Apache2::API::Password
in lib/Apache2/API.pm

Other files