Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Changes since 8.x-3.0-alpha4: #2956550 by Sivaprasad C, AohRveTPV: Fix dependency declaration #2948046 by emartoni: Configuration link is wrong on README.md #2843326 by aamouri, voleger: Missing use t() function for some messages #2856294 by Znak: Deprecated methods
This release fixes a bug that could, under certain circumstances, prevent users from setting or changing passwords.
A site is affected by the bug only if it is using the "Character Types" ("Complexity") constraint and the module was updated from 7.x-1.11 or lower directly to 7.x-1.13, skipping 7.x-1.12. See #2873715: Update 7105 faulty under certain circumstances for details.
This alpha release supports all Drupal 8 beta changes to date, automated tests, and all known issues raised during testing.
This release currently supports password policies, password reset management and enforcement, and a pluggable system for extending password constraint types.
This release adds compatibility with the Secure Password Hashes module. If your site uses both the Secure Password Hashes and Password Policy modules, you are advised to upgrade to this release.
Prior to this release, the following Password Policy features did not work properly with Secure Password Hashes installed:
This release fixes a "division by zero" error that could occur when upgrading to 7.x-2.0-alpha2. The error is harmless, but could cause uncertainty over whether the updates completed successfully.
Changes since 7.x-2.0-alpha2:
#2289023 by izus, AohRveTPV: password_policy.install division by zero
This release is mainly to fix a "division by zero" error that could occur when upgrading to 7.x-1.7. The error is harmless, but could cause uncertainty over whether the updates completed successfully.
The username constraint now checks for the username anywhere in the password, rather than the exact password. This should probably have been the behavior all along and won't directly affect existing passwords.