in reply to Re: use lib "."
in thread use lib "."

Adding "." to @INC has security implications. It used to be a default but was removed in Perl v5.26.0.

Thanks for the information. I wasn't aware of the change...I thought it was still there for all versions of Perl. I am using v5.16.3 in this environment so "." is still included as is shown from perl -V 

@INC:
    /home/account/perl5/lib/perl5/5.16.3/x86_64-linux-thread-multi
    /home/account/perl5/lib/perl5/5.16.3
    /home/account/perl5/lib/perl5/x86_64-linux-thread-multi
    /home/account/perl5/lib/perl5
    /usr/local/lib64/perl5
    /usr/local/share/perl5
    /usr/lib64/perl5/vendor_perl
    /usr/share/perl5/vendor_perl
    /usr/lib64/perl5
    /usr/share/perl5
    .

[download]
But this could potentially bite me locally where I have v5.32.1. The difference is definitely there... 
@INC:
    C:/Strawberry/perl/site/lib/MSWin32-x64-multi-thread
    C:/Strawberry/perl/site/lib
    C:/Strawberry/perl/vendor/lib
    C:/Strawberry/perl/lib

[download]

Replies are listed 'Best First'.
Re^3: use lib "."
by etj (Priest) on Apr 22, 2025 at 16:59 UTC
    For actual commercial stuff (i.e. where there is real customer PII and/or financial data at stake), I think the only responsible approach is to keep to a supported version of Perl. That means released in the last 2 years (I believe), so it will get security patches. You'd then need to keep up with the latest sub-version in order to get those patches.

    I'd say it's the same as keeping your OS patched, and I hope you do that too.

[reply]

In Section Seekers of Perl Wisdom