Addressed bandit high severity that this is intentional and not a security vulnerability

rajeswari1301 · web-flow · commit 666eca23529f · 2026-03-12T23:00:33.000-07:00
diff --git a/docassemble/AssemblyLine/sessions.py b/docassemble/AssemblyLine/sessions.py
@@ -1714,7 +1714,7 @@ def update_session_metadata(
 
     # 2) Derive two signed 32‑bit ints from MD5(session_id|filename|tags)
     key_string = f"{session_id}|{filename}|{metadata_key_name}"
-    digest = hashlib.md5(key_string.encode("utf-8")).digest()
+    digest = hashlib.md5(key_string.encode("utf-8"), usedforsecurity=False).digest()
     high_u32, low_u32 = struct.unpack(">II", digest[:8])
 
     def to_signed_32(x: int) -> int:
