Skip to content
Commit 7983ae3b authored by Kohsuke Kawaguchi's avatar Kohsuke Kawaguchi
Browse files

[SECURITY-49] Deprecating Jenkins.getSecretKey() 

We are replacing it by the ConfidentialStore class and the
ConfidentialKey class, which provides purpose-specific confidential
information that are separated from each other.

In this way, not all eggs are in one basket, and in case of a
compromise, the impact will contained.

Also replaced several insecure use of digest(secret|messsage) or
digest(message|secret) by HMAC.
(cherry picked from commit a9aff088)

Conflicts:

	core/src/main/java/hudson/DNSMultiCast.java
	core/src/main/java/hudson/model/Job.java
	core/src/main/java/hudson/model/UsageStatistics.java
parent 48ecccc1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment