Roundup Tracker - Issues

Issue 2551265

deprecate SSHA password hash method.
Type: security Severity: normal
Components: Web interface Versions:
Status: fixed fixed
: rouilj : rouilj
Priority: :

Created on 2023-02-24 01:43 by rouilj, last changed 2023-04-02 01:03 by rouilj.

msg7734 Author: [hidden] (rouilj) Date: 2023-02-24 01:43
The SSHA (salted sha1) password hashing function should be deprecated.

The normal roundup migration will elevate it to PBKDF2 on the user's next login.
msg7748 Author: [hidden] (rouilj) Date: 2023-04-02 01:03
deprecated in changeset:   7241:78c3f4aced76

Users using this will be automatically upgraded to the next hash method available
if enabled in config.ini.

If SSHA is set as the scheme for a Password in, it should still work.
I am not sure if explicitly setting the scheme prevents automatic upgrade, but...
Date User Action Args
2023-04-02 01:03:40rouiljsetstatus: new -> fixed
assignee: rouilj
resolution: fixed
messages: + msg7748
2023-02-24 01:43:40rouiljcreate