Register | Log in

libmojolicious-perl

simple, yet powerful, Web Application Framework

Choose email to subscribe with

general

source: libmojolicious-perl (main)
version: 9.45+dfsg-2
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Philip Hands [DMD] – gregor herrmann [DMD] – Angel Abad [DMD] – Dominique Dumont [DMD] – CSILLAG Tamas [DMD] – Nick Morrott [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 8.71+dfsg-1
oldstable: 9.31+dfsg-1
old-bpo: 9.37+dfsg-2~bpo12+1
stable: 9.39+dfsg-1
stable-bpo: 9.42+dfsg-1~bpo13+2
testing: 9.42+dfsg-1
unstable: 9.45+dfsg-2

versioned links

8.71+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.31+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.37+dfsg-2~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.39+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.42+dfsg-1~bpo13+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.42+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.45+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmojolicious-perl (1 bugs: 0, 1, 0, 0)

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-58134: Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
CVE-2024-58135: Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

Created: 2025-05-03 Last update: 2026-05-09 20:03

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2024-58134: Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
CVE-2024-58135: Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

Created: 2025-08-09 Last update: 2026-05-09 20:03

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2021-47208: The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.

Created: 2024-04-08 Last update: 2024-06-28 11:38

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2024-58134: (needs triaging) Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
CVE-2024-58135: (needs triaging) Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-05-03 Last update: 2026-05-09 20:03

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-58134: (needs triaging) Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
CVE-2024-58135: (needs triaging) Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-05-03 Last update: 2026-05-09 20:03

testing migrations

excuses:
- Migration status for libmojolicious-perl (9.42+dfsg-1 to 9.45+dfsg-2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for libcpanel-json-xs-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libebook-tools-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libfuture-http-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libgraph-writer-dsm-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libio-async-loop-mojo-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libjson-schema-modern-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libjson-validator-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for liblog-report-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmango-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmcp-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmime-types-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libminion-backend-sqlite-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libminion-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojo-ioloop-readwriteprocess-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojo-jwt-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojo-pg-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojo-rabbitmq-client-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojo-server-fastcgi-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojo-sqlite-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-assetpack-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-authentication-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-authorization-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-basicauth-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-bcrypt-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-cgi-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-i18n-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-mailexception-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-oauth2-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-openapi-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-renderfile-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libmojolicious-plugin-templatetoolkit-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libnet-mac-vendor-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libtest-json-schema-acceptance-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libtest-mock-time-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libtest-www-mechanize-mojo-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libwebservice-musicbrainz-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for libwww-oauth-perl: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for os-autoinst: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for perlimports: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for request-tracker5: amd64: Test triggered, arm64: Test triggered, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Too young, only 2 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libm/libmojolicious-perl.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- Not considered

news

[2026-05-09] Accepted libmojolicious-perl 9.45+dfsg-2 (source) into unstable (gregor herrmann)
[2026-05-08] Accepted libmojolicious-perl 9.45+dfsg-1 (source) into unstable (gregor herrmann)
[2026-05-03] Accepted libmojolicious-perl 9.42+dfsg-1~bpo13+2 (all source) into stable-backports (Debian FTP Masters) (signed by: Philip Hands)
[2025-12-25] libmojolicious-perl 9.42+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-12-23] Accepted libmojolicious-perl 9.42+dfsg-1 (source) into unstable (gregor herrmann)
[2024-12-10] libmojolicious-perl 9.39+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-12-07] Accepted libmojolicious-perl 9.39+dfsg-1 (source) into unstable (gregor herrmann)
[2024-08-20] libmojolicious-perl 9.38+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-08-17] Accepted libmojolicious-perl 9.38+dfsg-1 (source) into unstable (gregor herrmann)
[2024-08-13] Accepted libmojolicious-perl 9.37+dfsg-2~bpo12+1 (source) into stable-backports (Philip Hands)
[2024-08-03] libmojolicious-perl 9.37+dfsg-2 MIGRATED to testing (Debian testing watch)
[2024-07-31] Accepted libmojolicious-perl 9.37+dfsg-2 (source) into unstable (Philip Hands)
[2024-06-28] Accepted libmojolicious-perl 8.12+dfsg-1.1~deb10u1 (source) into oldoldstable (Arturo Borrero Gonzalez)
[2024-05-17] libmojolicious-perl 9.37+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-05-15] Accepted libmojolicious-perl 9.37+dfsg-1 (source) into unstable (gregor herrmann)
[2024-04-23] Accepted libmojolicious-perl 9.36+dfsg-1~bpo12+2 (all source) into stable-backports (Debian FTP Masters) (signed by: Philip Hands)
[2024-03-26] libmojolicious-perl 9.36+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-03-24] Accepted libmojolicious-perl 9.36+dfsg-1 (source) into unstable (gregor herrmann)
[2023-11-06] libmojolicious-perl 9.35+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-10-28] Accepted libmojolicious-perl 9.35+dfsg-1 (source) into unstable (gregor herrmann)
[2023-10-02] libmojolicious-perl 9.34+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-09-29] Accepted libmojolicious-perl 9.34+dfsg-1 (source) into unstable (gregor herrmann)
[2023-08-14] libmojolicious-perl 9.33+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-08-11] Accepted libmojolicious-perl 9.33+dfsg-1 (source) into unstable (gregor herrmann)
[2022-12-25] libmojolicious-perl 9.31+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-12-22] Accepted libmojolicious-perl 9.31+dfsg-1 (source) into unstable (gregor herrmann)
[2022-10-18] libmojolicious-perl 9.28+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted libmojolicious-perl 9.28+dfsg-1 (source) into unstable (gregor herrmann)
[2022-09-21] libmojolicious-perl 9.27+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-09-21] libmojolicious-perl 9.27+dfsg-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 9.42+dfsg-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing