[SECURITY-49] Deprecating Jenkins.getSecretKey()
We are replacing it by the ConfidentialStore class and the ConfidentialKey class, which provides purpose-specific confidential information that are separated from each other. In this way, not all eggs are in one basket, and in case of a compromise, the impact will contained. Also replaced several insecure use of digest(secret|messsage) or digest(message|secret) by HMAC. (cherry picked from commit a9aff088) Conflicts: core/src/main/java/hudson/DNSMultiCast.java core/src/main/java/hudson/model/Job.java core/src/main/java/hudson/model/UsageStatistics.java
Please register or sign in to comment