Auditlog are not signature the field resolver


why are the version v2.22dev5 (file lib/auditmodules/ ignore the field “resolver” in the signature?



It is because the resolver is not added in the string, that is signed. This was probably simply forgotton. Or maybe done for a good reason a few years ago - which however I doubt.

The serialization function log_to_string? does not contain the resolver:

I think I open an issue for that - althoug I am currently not sure, how I would resolve this.


Maybye a new db field with a version what fields are included.
Newer auditlog includes the resolver and the version:

create list with old style
if (version == 1 ) { append resolver and version to the list }

Or the signature get a “salt” that includes the fieldnames or the version