commit 05f9b9732767cbe1ac6f01900b1b0080baf6c147
Author: Robert Rothenberg <rrwo@cpansec.org>
Date:   Tue Jun 16 18:06:08 2026 +0100

    Fix CVE-2026-9692 by using a CSPRNG
    
    This requires either Mojolicious 9.46 or later.

diff --git a/lib/Mojolicious/Sessions/Storable.pm b/lib/Mojolicious/Sessions/Storable.pm
index 7d8f15c..31b5911 100644
--- a/lib/Mojolicious/Sessions/Storable.pm
+++ b/lib/Mojolicious/Sessions/Storable.pm
@@ -6,11 +6,13 @@ use warnings;
 our $VERSION = '0.05';
 
 use Mojo::Base 'Mojolicious::Sessions';
-use Digest::SHA1 ();
+
+use Mojolicious 9.46;
+use Mojo::Util qw( random_bytes );
 
 has sid_generator => sub {
     sub {
-        Digest::SHA1::sha1_hex( rand() . $$ . {} . time );
+        return unpack( 'H*', random_bytes(20) );
     };
 };