We have ran a security check on
compile group: 'org.apache.phoenix', name: 'phoenix', version: '4.7.0-CLABS-1.3.0', classifier: 'client-minimal'
and our security scan has reveled that phoenix is using a week encryption MD5 like
digest = java.security.MessageDigest.getInstance("MD5")
The hashing algorithm used, MD5, has been found by researchers to be unsafe for protecting sensitive data with today's technology.
I have checked the https://github.com/apache/phoenix/tree/4.7.0-HBase-1.1
and also other versions it is still having the same algorithm. Is Phoenix team considering to use more stronger algorithm like SHA-256. Can you please let us know if this is already available any new versions of phoenix or in which version can this be made available if team is working on it.