tez-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From László Bodor (Jira) <j...@apache.org>
Subject [jira] [Commented] (TEZ-4240) Remove SHA-256 from Tez
Date Thu, 28 Jan 2021 09:22:00 GMT

    [ https://issues.apache.org/jira/browse/TEZ-4240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17273445#comment-17273445
] 

László Bodor commented on TEZ-4240:
-----------------------------------

pushed to master and branch-0.9, thanks [~jeagles] for the review!

> Remove SHA-256 from Tez
> -----------------------
>
>                 Key: TEZ-4240
>                 URL: https://issues.apache.org/jira/browse/TEZ-4240
>             Project: Apache Tez
>          Issue Type: Improvement
>    Affects Versions: 0.9.2
>            Reporter: László Bodor
>            Assignee: László Bodor
>            Priority: Major
>             Fix For: 0.10.1, 0.9.3
>
>         Attachments: TEZ-4240.01.patch, TEZ-4240.02.patch
>
>
> SHA-256 is being deprecated, and it's recommended to be replaced by at least SHA-384.
Tez uses SHA-256 for resource validation, and even if it doesn't seem to be a direct vulnerability,
it's better to upgrade it in order to remain FIPS compliant.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message