summaryrefslogtreecommitdiffhomepage
path: root/sites/www/changelog.rst
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2017-06-06 13:26:13 -0700
committerJeff Forcier <jeff@bitprophet.org>2017-06-06 13:27:21 -0700
commitd6e57d34bafb65c6ce62a022d1b509f35cf82d49 (patch)
tree5afc870e7c12f8d14762bc33dfdfe9588b94f408 /sites/www/changelog.rst
parent9db59ac05e03ede7ba5d5059b7e00effca275430 (diff)
Partially apply #983 for 2.0+
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r--sites/www/changelog.rst3
1 files changed, 3 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index ec1c09cb..9aead611 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,9 @@
Changelog
=========
+* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of
+ preferred MAC algorithms, as an incremental security improvement for users
+ whose target systems offer both. Credit: Pierce Lopez.
* :bug:`667` The RC4/arcfour family of ciphers has been broken since version
2.0; but since the algorithm is now known to be completely insecure, we are
opting to remove support outright instead of fixing it. Thanks to Alex Gaynor