community: uuidv1 is unsafe (#30432)

this_row_id previously used UUID v1. However, since UUID v1 can be
predicted if the MAC address and timestamp are known, it poses a
potential security risk. Therefore, it has been changed to UUID v4.
This commit is contained in:
Jiwon Kang 2025-03-23 04:27:49 +09:00 committed by GitHub
parent 31551dab40
commit 699475a01d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -103,7 +103,7 @@ class CassandraChatMessageHistory(BaseChatMessageHistory):
Args:
message: A message to write.
"""
this_row_id = uuid.uuid1()
this_row_id = uuid.uuid4()
self.table.put(
partition_id=self.session_id,
row_id=this_row_id,
@ -113,7 +113,7 @@ class CassandraChatMessageHistory(BaseChatMessageHistory):
async def aadd_messages(self, messages: Sequence[BaseMessage]) -> None:
for message in messages:
this_row_id = uuid.uuid1()
this_row_id = uuid.uuid4()
await self.table.aput(
partition_id=self.session_id,
row_id=this_row_id,