Auditlog are not signature the field resolver

why are the version v2.22dev5 (file lib/auditmodules/ ignore the field “resolver” in the signature?


It is because the resolver is not added in the string, that is signed. This was probably simply forgotton. Or maybe done for a good reason a few years ago - which however I doubt.

The serialization function log_to_string? does not contain the resolver:

I think I open an issue for that - althoug I am currently not sure, how I would resolve this.

Maybye a new db field with a version what fields are included.
Newer auditlog includes the resolver and the version:

create list with old style
if (version == 1 ) { append resolver and version to the list }

Or the signature get a “salt” that includes the fieldnames or the version