##// END OF EJS Templates
auth: don't break hashing in case of user with empty password....
auth: don't break hashing in case of user with empty password. In some cases such as LDAP user created via external scripts users might set the passwords to empty. The hashing uses the md5(password_hash) to store reference to detect password changes and forbid using the same password. In case of pure LDAP users this is not valid, and we shouldn't raise Errors in such case. This change makes it work for empty passwords now.

File last commit:

r1435:02443162 stable
r2203:8a18c3c3 default
Show More
release-notes-4.6.1.rst
55 lines | 1.3 KiB | text/x-rst | RstLexer
/ docs / release-notes / release-notes-4.6.1.rst
docs: added release notes for 4.6.1
r1435 |RCE| 4.6.1 |RNS|
-----------------
Release Date
^^^^^^^^^^^^
- 2017-02-13
New Features
^^^^^^^^^^^^
General
^^^^^^^
- HTTP Protocol: large incoming requests will now properly stream data
into VCSServer. In some cases a large push in GIT can send streaming data.
previously RhodeCode unbundled that data before sending back to VCSServer.
This sometimes caused errors because of wrong headers sent (chunked-encoding)
RhodeCode will now simply stream data back to VCSServer. This should fix the
push problems, and also be much faster for large pushes.
- Docs: updated contribution and dev setup docs.
Security
^^^^^^^^
Performance
^^^^^^^^^^^
Fixes
^^^^^
- Api: cleanup sessions enforces older_then must be a valid INT.
- Api: validate sent commit_id when using commit_comment API.
- Events: fix a case events were called from API and we
couldn't fetch registered user.
- Search: goto repository commit search functionality will now use a safe
search option and try not to throw meaningless errors to users from this view.
- Annotations: fixed UI problems in annotation view for newer browsers.
Upgrade notes
^^^^^^^^^^^^^
- Streaming support was changed for push operations. We tested this in several
cases, but please send any feedback if you encounter any problems with it.