##// END OF EJS Templates
auth: don't break hashing in case of user with empty password....
auth: don't break hashing in case of user with empty password. In some cases such as LDAP user created via external scripts users might set the passwords to empty. The hashing uses the md5(password_hash) to store reference to detect password changes and forbid using the same password. In case of pure LDAP users this is not valid, and we shouldn't raise Errors in such case. This change makes it work for empty passwords now.

File last commit:

r1:854a839a default
r2203:8a18c3c3 default
Show More
release-notes-3.7.1.rst
46 lines | 1.1 KiB | text/x-rst | RstLexer

|RCE| 3.7.1 |RNS|

Release Date

  • 2015-12-10

Security

Removed logging of masked authentication tokens completely. This prevents potentially logging parts of a user's password if they are not using tokens.

Admin

  • Created the ability for |RCE| to auto-detect |hg| |repos| which require the Largefiles extension during Remap and Rescan operations.
  • Allow the admin of a repository group to change the group's settings even if he/she does not have admin permission for the parent |repo| group.

Authentication

Fixed support for non-ascii characters in passwords when authenticating using external authentication tools such as LDAP.

Pull Requests

  • Fixed an issue when merging Mercurial pull requests which are not based on branch names.
  • Fixed generated URL creation when |RCE| is running under a URL prefix.

|SVN|

Fixed streaming issues when using Gunicorn based setups.

User Experience

Improved avatar rendering stability. Especially in the case of an invalid email address being used with an external authentication backend.