From b7033bb9807c4773a8aae835b42100e9a95d69fc Mon Sep 17 00:00:00 2001 From: Shivam-Singh-Dev Date: Wed, 23 Apr 2025 17:07:10 +0530 Subject: [PATCH] Update pdfdoc.py This PR replaces usage of the insecure md5 hashing algorithm with sha256 in pdfdoc.py. MD5 is known to be cryptographically broken and is vulnerable to collision and pre-image attacks. Replacing it with SHA-256 aligns the library with modern security practices, especially when generating PDF identifiers and document signatures. --- src/reportlab/pdfbase/pdfdoc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/reportlab/pdfbase/pdfdoc.py b/src/reportlab/pdfbase/pdfdoc.py index 1c45eb24..80993d92 100755 --- a/src/reportlab/pdfbase/pdfdoc.py +++ b/src/reportlab/pdfbase/pdfdoc.py @@ -21,7 +21,7 @@ from reportlab.lib.utils import import_zlib, open_for_read, makeFileName, isSeq, isBytes, isUnicode, _digester, isStr, bytestr, isPy3, annotateException from reportlab.lib.rl_accel import escapePDF, fp_str, asciiBase85Encode, asciiBase85Decode from reportlab.pdfbase import pdfmetrics -from hashlib import md5 +from hashlib import md5,sha256 from sys import platform from sys import version_info @@ -146,7 +146,7 @@ def __init__(self, self.setCompression(compression) self._pdfVersion = pdfVersion # signature for creating PDF ID - sig = self.signature = md5() + sig = self.signature = sha256() sig.update(b"a reportlab document") if not self.invariant: cat = _getTimeStamp()