This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push: new cd78abb Switch to using 32 bytes for CSRF cd78abb is described below commit cd78abb31072dde90b4dfed4f024347d4e2466b4 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Mon Sep 23 11:06:29 2019 +0100 Switch to using 32 bytes for CSRF --- .../oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java index 79e078a..f33856c 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java @@ -41,7 +41,7 @@ public final class CSRFUtils { // If no existing token then create a new one, save it, and return it if (create) { - String token = StringUtils.toHexString(CryptoUtils.generateSecureRandomBytes(16)); + String token = StringUtils.toHexString(CryptoUtils.generateSecureRandomBytes(32)); request.getSession().setAttribute(CSRF_TOKEN, token); return token; }