GitHub user jornfranke opened a pull request:
https://github.com/apache/poi/pull/90
Replace default insecure SHA1 hash algorithm
Replace default insecure SHA1 hash algorithm with SHA256.
SHA1 has been broken and should not be used anymore for signatures and
should not be the default, cf. also
https://security.googleblog.com/2016/11/sha-1-certificates-in-chrome.html
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jornfranke/poi trunk
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/poi/pull/90.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #90
----
commit f5917c78864987c3f97050055b03cf5379ce6c69
Author: Jörn Franke <jornfranke@...>
Date: 2018-01-08T22:30:50Z
Replace default insecure SHA1 hash algorithm
Replace default insecure SHA1 hash algorithm with SHA256
----
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
