Mention SHA1 issue in docs & pinned post

  • Resolved p15h

    (@prestonwordsworth)


    1 year ago

    There’s now numerous posts about the SHA1 issue WF has on RHEL9 and derivatives. The unsecure workaround is helpfully written up here: https://www.ads-software.com/support/topic/rules-not-updating-done-a-lot-to-fix-this-but-no-vail/#post-16875273.

    While WF works on fixing the crypto, there’s a more urgent issue: the existence of this by now fairly common issue isn’t currently mentioned in your docs or the standard answer you provide to users reporting the /wflogs ‘permission’ warning.

    At present, the slower MySQLi is still suggested by WF as the last-resort solution for people who still see this ‘permission’ warning after getting all the permissions right.

    Recommended actions:

    1. Revise the ‘permission’ warning to distinguish cases where the real issue is SHA1.
    2. Highlight SHA1 in docs and support-staff answers as an increasingly common cause of /wflogs rules not updated.
Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @prestonwordsworth, thanks for your thoughts on this.

    We’re always careful about guaranteeing a release date for a feature or fix here on the forums in case urgent new threats or plugin vulnerabilities delay it. However, I approached the team about your suggestions here, and the SHA1 issue resolution is planned for our upcoming release. It is currently undergoing final testing with our QA team.

    From your suggestion, we have opened discussions about adding a “known issues” page on our own site, which could be linked to in our pinned topic(s) for cases such as this.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Mention SHA1 issue in docs & pinned post’ is closed to new replies.