[Rt-commit] rt branch, master, updated. rt-4.1.19-111-gc98c055

Wed Sep 4 13:48:52 EDT 2013

The branch, master has been updated
       via  c98c055f155f8f9348098fc94fbab58c1cfd443a (commit)
       via  7a0fe00d4379f7b183aa04a931f37a7decbce984 (commit)
       via  87cf33b8d1a4d8ba04ba46fb201182d04f0414eb (commit)
       via  b0e494c69aebcca9f5441e369e5814bba8e5acf1 (commit)
      from  20d34b77a3e9b578c05a294b590c2eae164fc3de (commit)

Summary of changes:
 docs/UPGRADING-4.2           |  8 ++++++++
 etc/RT_Config.pm.in          | 11 ++++++++++
 lib/RT/User.pm               | 48 +++++++++++++++++++++++++++++++++++++++-----
 sbin/rt-test-dependencies.in |  1 +
 t/api/password-types.t       | 16 +++++++++++++--
 5 files changed, 77 insertions(+), 7 deletions(-)

- Log -----------------------------------------------------------------
commit c98c055f155f8f9348098fc94fbab58c1cfd443a
Merge: 20d34b7 7a0fe00
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Wed Sep 4 13:20:38 2013 -0400

    Merge branch '4.2/bcrypt-passwords'
    
    Conflicts:
    	docs/UPGRADING-4.2

diff --cc docs/UPGRADING-4.2
index ac830f1,d71d6ff..93a6840

--- a/docs/UPGRADING-4.2
+++ b/docs/UPGRADING-4.2
@@@ -263,6 -263,16 +263,14 @@@ removed
  
  =item *
  
 -To increase security againt offline brute-force attacks, RT's default
++To increase security against offline brute-force attacks, RT's default
+ password encryption has been switched to the popular bcrypt() key
+ derivation function.  Passwords cannot be automatically bulk upgraded to
+ the new format, but will be replaced with bcrypt versions upon the first
+ successful login.
+ 
 -=back
 -
+ =item *
+ 
  We updated default "Forward" and "Forward Ticket" templates to support
  customizing messages on forward. They will be updated automatically if you
  didn't change them before.

-----------------------------------------------------------------------
