Subject: | CGI version 4.20 issues 'CGI::param called in list context' warnings |
Date: | Mon, 22 Jun 2015 16:38:26 +0000 |
To: | "bug-Apache-AuthCookie [...] rt.cpan.org" <bug-Apache-AuthCookie [...] rt.cpan.org> |
From: | James Nelson <jamesnelson [...] acuitymanagement.com> |
OS: CentOS 6.6 x86-64
Perl version: 5.10.1
Apache2::AuthCookie version: 3.22
On upgrading our production servers to CentOS 6, we started getting the following log messages:
CGI::param called in list context from /usr/local/share/perl5/Apache2/AuthCookie.pm line 127, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter"
at /usr/share/perl5/CGI.pm line 404
Per this article: http://www.perlmonks.org/?node_id=1105051, setting $CGI::LIST_CONTEXT_WARN = 0 will suppress the warnings, but it will need to be fixed going forward.