Upgrade Gravatar Hash to SHA256

dharple / organizer

A web application for keeping track of storage boxes

BSD 2-Clause "Simplified" License

0 stars 1 forks source link

Closed dharple closed 3 months ago

dharple commented 3 months ago

Snyk reported the use of md5() on the Gravatar hash as a vulnerability (it thinks I'm hashing a password).

Gravatar still has MD5 as the hashing method in their example docs for PHP, but in their main docs, they say to use SHA256.

So, upgrade the Gravatar class to use SHA256.

dharple commented 3 months ago

Gravatar now uses SHA256 hashes instead of MD5 hashes.