From b3e8e22ae2bbede161ee438f9c27b6aae4544a87 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 1 Jan 2025 03:12:47 +0000 Subject: [PATCH 1/2] Updated License Year --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index c022e920..df08de3f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright © 2024 Split Software, Inc. +Copyright © 2025 Split Software, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From 478ccb88987e18aae6ff53e6e73dfe3c4d20cb81 Mon Sep 17 00:00:00 2001 From: Bilal Al Date: Mon, 27 Jan 2025 09:27:39 -0800 Subject: [PATCH 2/2] fix medium level vulnerability --- .../java/io/split/client/JsonLocalhostSplitChangeFetcher.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/main/java/io/split/client/JsonLocalhostSplitChangeFetcher.java b/client/src/main/java/io/split/client/JsonLocalhostSplitChangeFetcher.java index e2cb5d5c..6eb09246 100644 --- a/client/src/main/java/io/split/client/JsonLocalhostSplitChangeFetcher.java +++ b/client/src/main/java/io/split/client/JsonLocalhostSplitChangeFetcher.java @@ -47,13 +47,13 @@ private SplitChange processSplitChange(SplitChange splitChange, long changeNumbe return null; } String splitJson = splitChange.splits.toString(); - MessageDigest digest = MessageDigest.getInstance("SHA-1"); + MessageDigest digest = MessageDigest.getInstance("SHA-256"); digest.reset(); digest.update(splitJson.getBytes()); // calculate the json sha byte [] currHash = digest.digest(); //if sha exist and is equal to before sha, or if till is equal to default till returns the same segmentChange with till equals to storage CN - if (Arrays.equals(lastHash, currHash) || splitChangeToProcess.till == -1) { + if (java.security.MessageDigest.isEqual(lastHash, currHash) || splitChangeToProcess.till == -1) { splitChangeToProcess.till = changeNumber; } lastHash = currHash;