Bug #26707
Updated by François ARMAND 11 days ago
There's a funny, low impact CVE (CVE-2025-22228) impacting us. Hopefully, no user used more than 72 chars pass :)
NOTE: we don't even use that implementation of bcrypt (we use the one from bouncycastle, which seems to be clean). But green must be green for CISO.