Skip to content

Security fix: replace insecure SHA-1/MD5 hash functions with SHA-256#224

Merged
oleksandr-mykhailenko merged 2 commits into
masterfrom
DE-2027-customer-report-for-mg-wp-plugin-insecure-hash-function
Jul 17, 2026
Merged

Security fix: replace insecure SHA-1/MD5 hash functions with SHA-256#224
oleksandr-mykhailenko merged 2 commits into
masterfrom
DE-2027-customer-report-for-mg-wp-plugin-insecure-hash-function

Conversation

@oleksandr-mykhailenko

Copy link
Copy Markdown
Collaborator

sha1() and md5() are cryptographically weak. Replace usages in the Mailgun API hash param, the multipart boundary generator, and the widget ID generator with hash('sha256', ...).

sha1() and md5() are cryptographically weak. Replace usages in the
Mailgun API hash param, the multipart boundary generator, and the
widget ID generator with hash('sha256', ...).
Document the SHA-1/MD5 to SHA-256 security fix in CHANGELOG.md,
readme.md, and readme.txt, and bump the plugin version accordingly.
@oleksandr-mykhailenko
oleksandr-mykhailenko merged commit 933161e into master Jul 17, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant