This is an automated email from the ASF dual-hosted git repository.
zhaijia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new b5e9be62 Suggest use sha-512 in SaslRoleTokenSigner for security
concern (#6447)
b5e9be62 is described below
commit b5e9be6290f76586d1e497b19c7b5aef26add4bc
Author: YYTVicky <[email protected]>
AuthorDate: Mon Mar 30 21:17:51 2020 -0400
Suggest use sha-512 in SaslRoleTokenSigner for security concern (#6447)
Suggest use sha-512 in SaslRoleTokenSigner for security concern #6447
---
.../org/apache/pulsar/broker/authentication/SaslRoleTokenSigner.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/SaslRoleTokenSigner.java
b/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/SaslRoleTokenSigner.java
index dee320f..ccd2547 100644
---
a/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/SaslRoleTokenSigner.java
+++
b/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/SaslRoleTokenSigner.java
@@ -93,7 +93,7 @@ public class SaslRoleTokenSigner {
*/
protected String computeSignature(String str) {
try {
- MessageDigest md = MessageDigest.getInstance("SHA");
+ MessageDigest md = MessageDigest.getInstance("SHA-512");
md.update(str.getBytes());
