crypto-js weakness
#3808
Replies: 1 comment 2 replies
-
|
Thanks for the report. Looking through our usage this doesn't cause a security issue based on these reports. We'll update the library, though, as a matter of course. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
To follow up, we won't be updating, as we have a custom, stripped down 3.1.2 build that does not contain the random function causing the problem here. So, the manifest will indicate 3.1.2, but that's mostly not the case. |
Beta Was this translation helpful? Give feedback.
-
|
Understood. Thank you David! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
The
crypto-jspackage before3.2.1for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.The current version in on drawio is
3.1.2.Shouldn't this be addressed?
More info:
Beta Was this translation helpful? Give feedback.
All reactions