search

cloudfoundry / diego-release

BOSH Release for Diego
Apache License 2.0
201 stars 210 forks source link

Use SHA algorithm for content digest in URLUploader #896

Closed philippthun closed 5 months ago

philippthun commented 5 months ago

Enter an issue title

Use SHA algorithm for content digest in URLUploader

Summary

Staging fails when running Diego and CAPI on a FIPS stemcell. The reason for this is that the URLUploader uses MD5 as content hashing algorithm.

CAPI has already been enhanced to support the Content-Digest HTTP header with the following format:

<algorithm>=:<base64-digest>:

As md5 is not available on FIPS stemcells, the algorithm used by the URLUploader should be one of the following: sha-512, sha-256 or sha-1.

See also cloudfoundry/cloud_controller_ng#3558

Diego repo

cloudfoundry/executor

rkoster commented 5 months ago

Fixed in: https://github.com/cloudfoundry/executor/commit/2b9c1fb524eb562a49a7da69f54506f93a2a672c

mariash commented 5 months ago

The release is out with the fix - https://github.com/cloudfoundry/diego-release/releases/tag/v2.90.0