github-plugin
github-plugin copied to clipboard
jenkinsci
[JENKINS-73851] support SHA256 HMAC in verifying webooks
The Github plugin currently validates received webhooks using the legacy sha-1 HMAC.
The plugin should migrate to use the X-Hub-Signature-256 header and the SHA256 HMAC.
See https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries for details.
Originally reported by 
teilo, imported from: support SHA256 HMAC in verifying webooks
- assignee:
lanwen
- status: Open
- priority: Minor
- component(s): github-plugin
- resolution: Unresolved
- votes: 0
- watchers: 1
- imported: 2025-12-08
Raw content of original issue
The Github plugin currently validates received webhooks using the legacy sha-1 HMAC.
The plugin should migrate to use the X-Hub-Signature-256 header and the SHA256 HMAC.
See https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries for details.
