Repository: couchdb-documentation Updated Branches: refs/heads/1.6.x [created] 5243953a2
docs: include release notes for improved handling of admin password hashing - closes COUCHDB-2298 - closes COUCHDB-2299 Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/5bfd43dd Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/5bfd43dd Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/5bfd43dd Branch: refs/heads/1.6.x Commit: 5bfd43dd0e3681bdb39dbbe47b6e56105a599cef Parents: ff91acf Author: Dave Cottlehuber <d...@apache.org> Authored: Fri Aug 22 00:18:11 2014 +0200 Committer: Jan Lehnardt <j...@apache.org> Committed: Mon Aug 29 22:18:08 2016 +0200 ---------------------------------------------------------------------- src/whatsnew/1.6.rst | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/5bfd43dd/src/whatsnew/1.6.rst ---------------------------------------------------------------------- diff --git a/src/whatsnew/1.6.rst b/src/whatsnew/1.6.rst index 7c65af2..b4f82ed 100644 --- a/src/whatsnew/1.6.rst +++ b/src/whatsnew/1.6.rst @@ -21,18 +21,36 @@ :depth: 1 :local: +.. warning:: + + :ref:`release/1.6.1` contains important patches to hash of passwords on + restart. The previous :ref:`release/1.6.0` release is not recommended for + usage as certain edge cases with admin passwords may prevent CouchDB from + starting. + .. _release/1.6.x/upgrade: -Upgrade Notes -============= +Deprecations +============ The :ref:`Proxy Authentication <api/auth/proxy>` handler was renamed to -``proxy_authentication_handler`` to follow the ``*_authentication_handler`` form +``proxy_authentication_handler`` to follow the ``*_authentication_handler`` from of all other handlers. The old ``proxy_authentification_handler`` name is marked -as deprecated and will be removed in future releases. It's strongly recommended -to update :config:option:`httpd/authentication_handlers` option with new value -in case if you had used such handler. +as deprecated and will be removed in future releases. It's highly recommended +to update :config:option:`httpd/authentication_handlers` option with the new +value if you have used such a handler. + +.. _release/1.6.1: + +Version 1.6.1 +============= + +A bugfix release to handle various edge cases related to admin password hashing. +* :issue:`2298`: Hash plaintext admin passwords stored in ``local.ini`` on startup + :commit:`ed825d3`. +* :issue:`2299`: Filter out local admin users before updating password hash in + ``_users`` db :commit:`5e46f3b`. .. _release/1.6.0: