docs: add more detail to a confusing changelog entry

safety-db read this entry and reported it as a security issue. It was never a security problem. https://github.com/pyupio/safety-db/issues/2335
author: Ned Batchelder <ned@nedbatchelder.com> 2021-08-02 13:30:08 -0400
committer: Ned Batchelder <ned@nedbatchelder.com> 2021-08-02 13:30:08 -0400
commit: 6adbefa71acf97833ae1e24309fbefd3cda02165 (patch)
tree: 60794ce0c78fede4566127d98b29880ba02dac96 /CHANGES.rst
parent: f3059761830a0716504b04d25a4045c2f4ef4402 (diff)
download: python-coveragepy-git-6adbefa71acf97833ae1e24309fbefd3cda02165.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/CHANGES.rst b/CHANGES.rst
index c5a71ee8..3566eb52 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -58,7 +58,11 @@ Version 6.0b1 --- 2021-07-18
 - Some minor changes to usually invisible details of the HTML report:
 
   - Use a modern hash algorithm when fingerprinting, for high-security
-    environments (`issue 1189`_).
+    environments (`issue 1189`_).  When generating the HTML report, we save the
+    hash of the data, to avoid regenerating an unchanged HTML page. We used to
+    use MD5 to generate the hash, and now use SHA-3-256.  This was never a
+    security concern, but security scanners would notice the MD5 algorithm and
+    raise a false alarm.
 
   - Change how report file names are generated, to avoid leading underscores
     (`issue 1167`_), to avoid rare file name collisions (`issue 584`_), and to
author	Ned Batchelder <ned@nedbatchelder.com>	2021-08-02 13:30:08 -0400
committer	Ned Batchelder <ned@nedbatchelder.com>	2021-08-02 13:30:08 -0400
commit	6adbefa71acf97833ae1e24309fbefd3cda02165 (patch)
tree	60794ce0c78fede4566127d98b29880ba02dac96 /CHANGES.rst
parent	f3059761830a0716504b04d25a4045c2f4ef4402 (diff)
download	python-coveragepy-git-6adbefa71acf97833ae1e24309fbefd3cda02165.tar.gz