Hi, as part of the ongoing path towards 2.11.0, last push removed all @Deprecated code on master with two exceptions:
- AbstractLoginModule: there are several Collection<Principal> annotated with deprecated: m_previousWikiPrincipals, m_principalsToRemove and m_principalsToOverwrite. Those collections are meant to be filled in by classes extending AbstractLoginModule, and are used/removed/overwritten on final methods on AbstractLoginModule. None of the classes extending AbstractLoginModule bundled on JSPWiki make use of them, so that's probably why they're marked with @Deprecated, but I was wondering they might be useful for custom 3rd party implementations. - AbstractUserDatabase: it contains a getOldHash method (dating JSPWiki < 2.8) which gets the SHA-1 hash for a given text. It is retained for backwards compatibility, as old versions of JSPWiki stored this hash; nowadays, if this hash is found then the original text is hashed with getHash (in the same class) and the new value is then stored. Given that removing this method may not be easy for older installations, I thought of keeping it. Also, the getHash method is getting the SHA-1 (salted) hash, so I'm wondering if we should keep both methods as of backwards compatibility and store a SHA-512 by default. Does it make sense to remove any of them, WDYT? best regards, juan pablo
