已弃用 java.security.egd=file:/dev/./urandom 用于 Spring Boot 应用程序? [英] Deprecated java.security.egd=file:/dev/./urandom for Spring Boot applications?

问题描述

我曾经在我的 Dockerfile 中为 Spring Boot 应用程序配置 -Djava.security.egd=file:/dev/./urandom.

I used to configure -Djava.security.egd=file:/dev/./urandom in my Dockerfile for Spring Boot applications.

在 https://spring.io/guides/gs/spring-boot-docker/ 添加了一条评论，说明新版本不再需要这样做:

In https://spring.io/guides/gs/spring-boot-docker/ a comment was added that this is not required any more for newer versions:

为了减少 Tomcat 启动时间，我们添加了一个指向/dev/urandom"的系统属性作为熵源.如果您使用 Tomcat(或任何其他 Web 服务器)的标准"版本，则对于较新版本的 Spring Boot，这不是必需的.

To reduce Tomcat startup time we added a system property pointing to "/dev/urandom" as a source of entropy. This is not necessary with more recent versions of Spring Boot, if you use the "standard" version of Tomcat (or any other web server).

我正在 Tomcat 或 Spring Boot 存储库中寻找有关此更改的任何参考资料，以及哪些 Spring Boot 版本会受到影响.

I am looking for any references for this change in Tomcat or Spring Boot repos, and which Spring Boot versions are affected.

推荐答案

这个问题应该已经被 JDK Enhancement Proposal 解决了:JEP 123，可配置的安全随机数生成.

This problem should have been resolved by the JDK Enhancement Proposal : JEP 123, Configurable Secure Random-Number Generation.

根据 JDK 8 安全增强 官方 Oracle 文档，JDK 8 不再需要 /dev/./urandom 解决方法.

According to the JDK 8 Security Enhancements official Oracle document, the /dev/./urandom workaround is no more necessary from JDK 8.

SHA1PRNG 和 NativePRNG 已修复，以正确遵守 java.security 文件中的 SecureRandom 种子源属性.(不再需要使用 file:///dev/urandom 和 file:/dev/./urandom 的模糊解决方法.)

SHA1PRNG and NativePRNG were fixed to properly respect the SecureRandom seed source properties in the java.security file. (The obscure workaround using file:///dev/urandom and file:/dev/./urandom is no longer required.)

这篇关于已弃用 java.security.egd=file:/dev/./urandom 用于 Spring Boot 应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！