UpgradeImpact:
==============
"sha1" has been removed from the default set of `allowed_digests` in the
tempurl middleware config. If your cluster still has clients requiring
the use of SHA-1,
- explicitly configure `allowed_digests` to include "sha1" and
- encourage your clients to move to more-secure algorithms.
Reviewed: https:/ /review. opendev. org/c/openstack /swift/ +/525771 /opendev. org/openstack/ swift/commit/ 118cf2ba8af97db bd78271126e22cb 80f18f9adc
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 118cf2ba8af97db bd78271126e22cb 80f18f9adc
Author: Tim Burke <email address hidden>
Date: Tue Dec 5 21:52:51 2017 +0000
tempurl: Deprecate sha1 signatures
We've known this would eventually be necessary for a while [1], and
way back in 2017 we started seeing SHA-1 collisions [2].
[1] https:/ /www.schneier. com/blog/ archives/ 2012/10/ when_will_ we_se.html /security. googleblog. com/2017/ 02/announcing- first-sha1- collision. html
[2] https:/
UpgradeImpact:
==============
"sha1" has been removed from the default set of `allowed_digests` in the
tempurl middleware config. If your cluster still has clients requiring
the use of SHA-1,
- explicitly configure `allowed_digests` to include "sha1" and
- encourage your clients to move to more-secure algorithms.
Depends-On: https:/ /review. opendev. org/c/openstack /tempest/ +/832771 191a2ce921cb6ca ddc859b1066 946f5f029cdefc9 e66bcf01046
Change-Id: I6e6fa76671c860
Related-Change: Ia9dd1a91cc3c9c
Closes-Bug: #1733634