summaryrefslogtreecommitdiffhomepage
path: root/sites
diff options
context:
space:
mode:
authorJeff Forcier <jeff@bitprophet.org>2017-06-06 13:26:15 -0700
committerJeff Forcier <jeff@bitprophet.org>2017-06-06 13:26:15 -0700
commit772e405a2172fa90997fea9fdf2d9eb78a2f3fb7 (patch)
treebb3020fe5b3c21fbffe6f9dc559cfb380dff21ea /sites
parent39d167298094eb04237db430cc6bc3cb7d988e3f (diff)
parent102c694ca8ae46d384d3a9c4e2e963836d6f1509 (diff)
Merge branch '2.0' into 2.1
Diffstat (limited to 'sites')
-rw-r--r--sites/www/changelog.rst4
1 files changed, 4 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 14c804a8..da9d6d05 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
Changelog
=========
+* :bug:`-` (partial application of :issue:`983`) Move ``sha1`` above the
+ now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an
+ incremental security improvement for users whose target systems offer both.
+ Credit: Pierce Lopez.
* :bug:`667` The RC4/arcfour family of ciphers has been broken since version
2.0; but since the algorithm is now known to be completely insecure, we are
opting to remove support outright instead of fixing it. Thanks to Alex Gaynor