Skip to content

Commit 478ccb8

Browse files
author
Bilal Al
committed
fix medium level vulnerability
1 parent 07d0ef4 commit 478ccb8

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

client/src/main/java/io/split/client/JsonLocalhostSplitChangeFetcher.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ private SplitChange processSplitChange(SplitChange splitChange, long changeNumbe
4747
return null;
4848
}
4949
String splitJson = splitChange.splits.toString();
50-
MessageDigest digest = MessageDigest.getInstance("SHA-1");
50+
MessageDigest digest = MessageDigest.getInstance("SHA-256");
5151
digest.reset();
5252
digest.update(splitJson.getBytes());
5353
// calculate the json sha
5454
byte [] currHash = digest.digest();
5555
//if sha exist and is equal to before sha, or if till is equal to default till returns the same segmentChange with till equals to storage CN
56-
if (Arrays.equals(lastHash, currHash) || splitChangeToProcess.till == -1) {
56+
if (java.security.MessageDigest.isEqual(lastHash, currHash) || splitChangeToProcess.till == -1) {
5757
splitChangeToProcess.till = changeNumber;
5858
}
5959
lastHash = currHash;

0 commit comments

Comments
 (0)