Gentlemen, The class org.springframework.security.authentication.encoding.PasswordEncoder SHA and MD5 in RollerContext has been depreciated, it can be replaced by StandardPasswordEncoder(), BCryptPasswordEncoder() and NoOpPasswordEncoder.
The down side is the encryption is based on the username and password (rather than just the password), so all passwords will need to be reset. Any objections on doing this upgrade? Cheers Greg.