mbien opened a new pull request #115:
URL: https://github.com/apache/roller/pull/115
- **notable dependency update: spring 5.3.18** with **security** fixes for
"[spring4shell](https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751)"
- bouncy castle was added so that the popular Argon2 pw encoder can be used
available (non legacy) encoders: bcrypt, pbkdf2, scrypt, argon2
**Reminder how to change the encoder:**
`passwds.encryption.algorithm=argon2`, default remains `pbkdf2`
automatic migration happens on next pw change
**If one of the (very, very) old legacy codecs is still in use, roller will
need a hint for migration**
`passwds.encryption.lazyUpgradeFrom=`
possible options: `plaintext, MD5, SHA-1` can be left empty if the db
doesn't contain any legacy encoded pws
@snoopdave might be a good time for another point release :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@roller.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
