The DefaultSecureHashCodeGeneratorStrategy used for securing blob transformation is considered vulnerable to possible DoS attacks. Therefore a new MD5SecureHashCodeGeneratorStrategy was introduced and is used as default hashing strategy. It includes a server side secret which should be configured via cae.hashing.secret . Otherwise, it will newly be generated after each CAE restart. This could lead to problems with caching and multi-CAE settings.

Please be aware that using the MD5SecureHashCodeGeneratorStrategy will break already generated urls which may be still cached somewhere. Set cae.hashing.backward-compatibility=true to keep the DefaultSecureHashCodeGeneratorStrategy as default for hashing of blob transformation parameters.

(CMS-17396)