[Cubicweb] [cubicweb] version 3.15.4 is now in state "published"

Julien Cristau julien.cristau at logilab.fr
Thu Sep 20 17:00:25 CEST 2012


On Thu, Sep 20, 2012 at 16:50:12 +0200, Aurélien Campéas wrote:

> Le 20/09/2012 16:46, Julien Cristau a écrit :
> >On Tue, Sep 18, 2012 at 15:29:11 +0200, Aurélien Campéas wrote:
> >
> >>Le 18/09/2012 15:24, Sylvain Thenault a écrit :
> >>>Enhancements implemented in this release:
> >>>	- #2465904 upgrade weak hashes automatically on login
> >>
> >>Dear all,
> >>
> >>How is it that we publish a patch release with a potentially
> >>destabilizing "enhancement" within ?
> >>
> >My bad, I should probably have based that change on 'default', that
> >hardening wasn't quite as urgent as the other related fixes in 3.15.4.
> >
> >Cheers,
> >Julien
> 
> Thanks.
> 
> Can you explain what/how we can check that after an upgrade
> everything is still working fine ?
> 
I'd expect the failure mode to be to lock out users from the 'system'
source created before upgrading to cw 3.14.7 (and that haven't changed
their password since).  So if one of those users can still login (twice,
to account for the password hash being updated on the first login) after
the upgrade, everything should be ok (famous last words).

Cheers,
Julien
-- 
Julien Cristau          <julien.cristau at logilab.fr>
Logilab		        http://www.logilab.fr/
Informatique scientifique & gestion de connaissances



More information about the Cubicweb mailing list