• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • github-plugin
    • None

      The Github plugin currently validates received webhooks using the legacy sha-1 HMAC.

      The plugin should migrate to use the X-Hub-Signature-256 header and the SHA256 HMAC.

      See https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries for details.

          [JENKINS-73851] support SHA256 HMAC in verifying webooks

          There are no comments yet on this issue.

            lanwen Kirill Merkushev
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: