##// END OF EJS Templates
u » pc » rhodecode-enterprise-ce-fork-pc
RSS

Fork of rhodecode-enterprise-ce

auth: don't break hashing in case of user with empty password....
auth: don't break hashing in case of user with empty password. In some cases such as LDAP user created via external scripts users might set the passwords to empty. The hashing uses the md5(password_hash) to store reference to detect password changes and forbid using the same password. In case of pure LDAP users this is not valid, and we shouldn't raise Errors in such case. This change makes it work for empty passwords now.
marcink - - Load All Authors

File last commit:

r1167:c0cc2e45 default
r2203:8a18c3c3 default
Show More
release-notes-4.4.2.rst
41 lines | 766 B | text/x-rst | RstLexer
/ docs / release-notes / release-notes-4.4.2.rst
History | Annotation | Raw |Copy content |Copy permalink

|RCE| 4.4.2 |RNS|

Release Date

  • 2016-10-17

New Features

General

  • Packaging: pinned against rhodecode-tools 0.10.1

Security

  • Integrations: fix 500 error on integrations page when delegated admin tried to access integration page after adding some integrations. Permission checks were to strict for delegated admins.

Performance

Fixes

  • Vcsserver: make sure we correctly ping against bundled HG/GIT/SVN binaries. This should fix a problem where system binaries could be used accidentally by the RhodeCode.
  • LDAP: fixed email extraction issues. Empty email addresses from LDAP server will no longer take precedence over those stored inside RhodeCode database.