phpass 5.x-2.0-rc4

Security update
Bug fixes
Unsupported

Changes since 5.x-2.0-rc3:

  • Security fix by mr.j, dsnopek: fix for sessions not being regenerated when password is changed

phpass 6.x-2.2

Security update
Bug fixes
Unsupported

Changes since 6.x-2.1:

  • Security fix by mr.j, dsnopek: fix for sessions not being regenerated when password is changed

phpass 5.x-2.0-rc3

Security update
Insecure
Unsupported

Fix for denial of service attack SA-CONTRIB-2014-113

back-ported from Drupal 7.x core

phpass 6.x-2.1

Security update
Insecure
Unsupported

Fix for denial of service attack SA-CONTRIB-2014-113

back-ported from Drupal 7.x core

phpass 6.x-2.0

Insecure
Unsupported

No changes since 6.x-2.0-rc2. Simply promoting to official release.

phpass 6.x-2.0-rc1

New features
Bug fixes
Insecure
Unsupported

Changes since 6.x-2.0-beta3:

  • #1235658 increase hash iterations to match core per issue #1203852
  • #1224732 Adjust the enable code so it will work for large sites like drupal.org

phpass 5.x-2.0-beta2

Bug fixes
Insecure
Unsupported

This is still essentially the initial beta version, though the underlying code is the well-tested .inc file from Drupal 7

Changes since 5.x-2.0-beta1:

  • #1220874 re-order code in update function so schema change happens before copying portable hashes
  • update INSTALL.txt

phpass 6.x-2.0-beta3

Bug fixes
Insecure
Unsupported

Changes since 6.x-2.0-beta1:

  • #1220874 re-order code in update function so schema change happens before copying portable hashes
  • Update INSTALL.txt
  • #1220874 fix SQL in update function
  • #1220874 make the minimum php version 5.2.4
  • #1220874 update the account object when the hash is changed

phpass 6.x-2.0-beta2

Bug fixes
Insecure
Unsupported

Changes since 6.x-2.0-beta1:

  • Update INSTALL.txt
  • #1220874 fix SQL in update function
  • #1220874 make the minimum php version 5.2.4
  • #1220874 update the account object when the hash is changed

phpass 5.x-2.0-beta1

New features
Insecure
Unsupported

5.x-2.x branch parallels 6.x-2.x

Initial beta release - please test.

phpass 6.x-2.0-beta1

New features
Bug fixes
Insecure
Unsupported

This is the first beta release for the 2.x branch which features simplified code and only supports the portable password hashing mechanism backported from Drupal 7 core. It works fine for fresh installs with < 1000 users but has not been extensively tested yet for updates form 1.x or large numbers of users.

Note that if you enable the module via drush, all users should be updated in one pass rather than via batch.

phpass 5.x-1.6

Bug fixes
Unsupported

Changes since 5.x-1.4:

  • #1027680 by roderik: fix for bug in code disabling the module
  • DRUPAL-SA-CONTRIB-2011-026

Changes since 5.x-1.5:

  • #1204176 fix for re-declared phpass_user()

phpass 6.x-1.1

Security update
Bug fixes
Unsupported

Changes since 6.x-1.0:

  • #1027680 by roderik: fix for bug in code disabling the module
  • DRUPAL-SA-CONTRIB-2011-026
  • Stripping CVS keywords

phpass 5.x-1.5

Security update
Bug fixes
Unsupported

Broken release - use 5.x-1.6

Changes since 5.x-1.4:

  • #1027680 by roderik: fix for bug in code disabling the module
  • DRUPAL-SA-CONTRIB-2011-026

phpass 5.x-1.4

Bug fixes
Insecure
Unsupported

Changes since DRUPAL-5--1-3:

phpass 5.x-1.3

Bug fixes
Insecure
Unsupported

Changes since DRUPAL-5--1-2:

  • #273754 - fix pretty serious bug that wasn't updating the hashes when the user tried to change their password.
  • update the hash to 'phpass' in the odd case that the phpass hash exists, but is invalid, and the old drupal pass exists and is valid
  • fix pretty critical bug that was changing the admin users's password when admin changed a user's password

phpass 5.x-1.2

Bug fixes
Insecure
Unsupported

Changes since DRUPAL-5--1-1:

  • always reset the user.pass to phpass
  • fix bug of not loading the roles on login

phpass 5.x-1.1

Insecure
Unsupported

Initial stable release, ready for use on production sites

Subscribe with RSS Subscribe to Releases for Secure Password Hashes