CakePHP Authentication 2.8.0
What's Changed
- Allow skipping the challenge exception generation for Http Basic/Digest Auth. by @ADmad in #498
- Fixed translation errors in documents. by @karintou8710 in #503
- Added the default option to add the application salt to the cookie by @RobertoRoos in #467
⚠️ Important Upgrade Information for Cookie Authenticator Users
This release changes the default stored token for Cookie Authenticator. The token is now comprised of hash(username + password-hash + hmac(username + password, salt))
. This helps prevent forged tokens from being created in case an application database is compromised. This change will invalidate all existing cookie tokens. If you do not desire that, be sure to set salt => false
in your configuration for CookieAuthenticator
New Contributors
- @karintou8710 made their first contribution in #503
- @RobertoRoos made their first contribution in #467
Full Changelog: 2.7.0...2.8.0