OpenStack Object Storage (swift)

  1. Bug #1733634
  2. Comment #13

Comment 13 for bug 1733634

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.opendev.org/c/openstack/swift/+/525771
Committed: https://opendev.org/openstack/swift/commit/118cf2ba8af97dbbd78271126e22cb80f18f9adc
Submitter: "Zuul (22348)"
Branch: master

commit 118cf2ba8af97dbbd78271126e22cb80f18f9adc
Author: Tim Burke <email address hidden>
Date: Tue Dec 5 21:52:51 2017 +0000

    tempurl: Deprecate sha1 signatures

    We've known this would eventually be necessary for a while [1], and
    way back in 2017 we started seeing SHA-1 collisions [2].

    [1] https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
    [2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

    UpgradeImpact:
    ==============
    "sha1" has been removed from the default set of `allowed_digests` in the
    tempurl middleware config. If your cluster still has clients requiring
    the use of SHA-1,

    - explicitly configure `allowed_digests` to include "sha1" and
    - encourage your clients to move to more-secure algorithms.

    Depends-On: https://review.opendev.org/c/openstack/tempest/+/832771
    Change-Id: I6e6fa76671c860191a2ce921cb6caddc859b1066
    Related-Change: Ia9dd1a91cc3c9c946f5f029cdefc9e66bcf01046
    Closes-Bug: #1733634