spring-security

mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-24 11:13:30 +00:00

History

Rob Winch 8c08eeb57b SEC-1666: Use constant time comparison for sensitive data.

Constant time comparison helps to mitigate timing attacks. See the following link for more information

 * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
 * http://en.wikipedia.org/wiki/Timing_attack for more information.

2011-01-31 23:03:51 -06:00

src

SEC-1666: Use constant time comparison for sensitive data.

2011-01-31 23:03:51 -06:00

core.gradle

SEC-1564: testCompile configurations should include jcl-over-slf4j rather than logback.

2010-09-11 11:01:12 +01:00

template.mf

SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.

2010-10-27 13:25:40 +01:00