This plugin is the base of two related parts of functionality
required for session management in web applications.
The first part, the State, is getting the browser to repeat back a
session key, so that the web application can identify the client and
logically string several requests together into a session.
The second part, the Store, deals with the actual storage of information
about the client. This data is stored so that the it may be revived for
every request made by the same client.
This plugin links the two pieces together.
Update Information:
This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs.
* Sun Aug 31 2025 Emmanuel Seyman
[ 1 ] Bug #2381744 - CVE-2025-40924 perl-Catalyst-Plugin-Session: Catalyst::Plugin::Session generates session ids insecurely [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381744
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-90d5989bee' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.