New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove md5 password encryption support #11530

Open

6 tasks

emteknetnz opened this issue Jan 7, 2025 · 0 comments

Labels

affects/v6 type/api-break

Milestone

Silverstripe CMS 6.0

Member

emteknetnz commented Jan 7, 2025

Follow on from #11524 (comment)

Acceptance criteria

Using md5 for password encryption shows a deprecation message in CMS 5
md5 support is removed in CMS 6
Done for both the md5 and md5_v2.4 keys in encryptors.yml
A new 'best practice' algorithm is chosen, if it hasn't already been chosen e.g. sha1, blowfish, something else
Consideration is given to the developer experience of migrating from a database full of md5 encrypted passwords
Any required migration documentation is added to the changelog

emteknetnz added the affects/v6 label

emteknetnz added this to the Silverstripe CMS 6.0 milestone

emteknetnz added the type/api-break label

emteknetnz mentioned this issue

API Remove deprecated API #11524

Merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment