You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by da...@apache.org on 2017/06/30 12:17:46 UTC

svn commit: r1800384 - /subversion/trunk/CHANGES

Author: danielsh
Date: Fri Jun 30 12:17:46 2017
New Revision: 1800384

URL: http://svn.apache.org/viewvc?rev=1800384&view=rev
Log:
* CHANGES (1.9.6): Add an explicit mention of SHA-1 and shattered.io.

Suggested by: jcorvel

Modified:
    subversion/trunk/CHANGES

Modified: subversion/trunk/CHANGES
URL: http://svn.apache.org/viewvc/subversion/trunk/CHANGES?rev=1800384&r1=1800383&r2=1800384&view=diff
==============================================================================
--- subversion/trunk/CHANGES (original)
+++ subversion/trunk/CHANGES Fri Jun 30 12:17:46 2017
@@ -222,6 +222,10 @@ http://svn.apache.org/repos/asf/subversi
     * fsfs: improve error message upon failure to open rep-cache (r1781655)
     * fsfs: never attempt to share directory representations (r1785053)
     * fsfs: make consistency independent of hash algorithms (r1785737 et al)
+	This change makes Subversion resilient to collision attacks, including
+	SHA-1 collision attacks such as <http://shattered.io/>.  See also our
+	documentation at <https://subversion.apache.org/faq#shattered-sha1> and
+	<https://subversion.apache.org/docs/release-notes/1.9#shattered-sha1>.
 
   - Client-side and server-side bugfixes:
     * work around an APR bug related to file truncation (r1759116)