diff options
author | Ned Batchelder <ned@nedbatchelder.com> | 2021-08-02 13:30:08 -0400 |
---|---|---|
committer | Ned Batchelder <ned@nedbatchelder.com> | 2021-08-02 13:30:08 -0400 |
commit | 6adbefa71acf97833ae1e24309fbefd3cda02165 (patch) | |
tree | 60794ce0c78fede4566127d98b29880ba02dac96 | |
parent | f3059761830a0716504b04d25a4045c2f4ef4402 (diff) | |
download | python-coveragepy-git-6adbefa71acf97833ae1e24309fbefd3cda02165.tar.gz |
docs: add more detail to a confusing changelog entry
safety-db read this entry and reported it as a security issue. It was never a
security problem.
https://github.com/pyupio/safety-db/issues/2335
-rw-r--r-- | CHANGES.rst | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index c5a71ee8..3566eb52 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -58,7 +58,11 @@ Version 6.0b1 --- 2021-07-18 - Some minor changes to usually invisible details of the HTML report: - Use a modern hash algorithm when fingerprinting, for high-security - environments (`issue 1189`_). + environments (`issue 1189`_). When generating the HTML report, we save the + hash of the data, to avoid regenerating an unchanged HTML page. We used to + use MD5 to generate the hash, and now use SHA-3-256. This was never a + security concern, but security scanners would notice the MD5 algorithm and + raise a false alarm. - Change how report file names are generated, to avoid leading underscores (`issue 1167`_), to avoid rare file name collisions (`issue 584`_), and to |