Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add default key rotation for SHA1 to SHA256 for all new App on cookie generation and usage #39563

Closed
wants to merge 1 commit into from
Closed

Add default key rotation for SHA1 to SHA256 for all new App on cookie generation and usage #39563

wants to merge 1 commit into from

Conversation

vipulnsward
Copy link
Member

Related #39373

  • Ensure backwards compat for old Apps
  • New Apps should use 256 for cookie digest
  • Old Apps should get opted in to rotate to 256 by default on upgrade
  • This approach is trying to move all the places away from old digests MessageEncryptor/MessageVerifier before we can migrate at places like ActiveSupport::KeyGenerator / Digest, etc.
  • New framework defaults
  • Changelog/Documentation

Opening for initial feeback and using CI.

@rails-bot
Copy link

rails-bot bot commented Sep 5, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@rails-bot rails-bot bot added the stale label Sep 5, 2020
@rails-bot rails-bot bot closed this Sep 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
actionpack activesupport railties stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@vipulnsward