[
https://issues.apache.org/jira/browse/CAUSEWAY-3988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18083881#comment-18083881
]
Andi Huber commented on CAUSEWAY-3988:
--------------------------------------
We are in the middle of a release, or perhaps we'll make a new vote on a new
candidate later this year. Anyway, this change got polished with breaking
changes.
see
https://github.com/apache/causeway/commit/55c48ec0970d20f20dd4e7c627f8966cfc0adc59
> [Security] Support for Env Var provided HMAC Secret
> ---------------------------------------------------
>
> Key: CAUSEWAY-3988
> URL: https://issues.apache.org/jira/browse/CAUSEWAY-3988
> Project: Causeway
> Issue Type: Improvement
> Components: Core
> Reporter: Andi Huber
> Assignee: Andi Huber
> Priority: Major
> Fix For: 4.0.0-M2
>
>
> When the env var {color:#000000}causeway_hmac_sha256{color} is set to a comma
> separated list of signed integers, those are read in as (signed) bytes and
> used as the HMAC secret for digitally signing viewmodel bookmarks. A minimum
> of 16 bytes is required, we recommend 32.
> It allows an application's bookmarks to be valid beyond application restart.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
