contwidgetor
contwidgetor copied to clipboard
jrm2k6
Is there a new version of this package?
It seems that the authentication of this package uses SHA-1 (code location), which has been compromised (link) a few weeks ago.
Using SHA-256 would be safer.
Do you have any issue using it? On Sat, Mar 11, 2017 at 5:30 PM Liang Gong [email protected] wrote:
Reopened #4 https://github.com/jrm2k6/contwidgetor/issues/4.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jrm2k6/contwidgetor/issues/4#event-996168755, or mute the thread https://github.com/notifications/unsubscribe-auth/ABCaY3IqQvJxBN5n0vFlJtHoASePUdaJks5rk0q2gaJpZM4MR1Vt .
No. I was trying to report the potential security issue mentioned above. Not sure if this is the right place since it hasn't been updated since a few months ago.
Oh yeah I saw that, I will try to fix it really soon
On Sat, Mar 11, 2017 at 5:45 PM Liang Gong [email protected] wrote:
No. I was trying to report the potential security issue mentioned above. Not sure if this is the right place since it hasn't been updated since a few months ago.
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/jrm2k6/contwidgetor/issues/4#issuecomment-285914845, or mute the thread https://github.com/notifications/unsubscribe-auth/ABCaYyJ00TzLybzc4QDs18alusr5NwFmks5rk04jgaJpZM4MR1Vt .
Sorry getting to this only now. For bitbucket I am using oauth 1.0, I am not sure SHA-256 is supported so I will have to investigate, or hopefully they have updated their api to let us use oauth2.0, meaning we could use SHA-256