Skip to content

CakePHP Authentication 2.8.0
Compare
Choose a tag to compare
@markstory markstory released this 04 Jan 22:23
· 167 commits to 2.x since this release
2.8.0
463bd69
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • Allow skipping the challenge exception generation for Http Basic/Digest Auth. by @ADmad in #498
  • Fixed translation errors in documents. by @karintou8710 in #503
  • Added the default option to add the application salt to the cookie by @RobertoRoos in #467

⚠️ Important Upgrade Information for Cookie Authenticator Users

This release changes the default stored token for Cookie Authenticator. The token is now comprised of hash(username + password-hash + hmac(username + password, salt)). This helps prevent forged tokens from being created in case an application database is compromised. This change will invalidate all existing cookie tokens. If you do not desire that, be sure to set salt => false in your configuration for CookieAuthenticator

New Contributors

Full Changelog: 2.7.0...2.8.0

Contributors

ADmad, RobertoRoos, and karintou8710
Assets 2
Loading