-
3.0.15 Stable
kerem released this
2016-04-11 20:28:04 +03:00 | 60 commits to master since this release📅 Originally published on GitHub: Mon, 11 Apr 2016 17:30:02 GMT
🏷️ Git tag created: Mon, 11 Apr 2016 17:28:04 GMTIn https://github.com/opensolutions/OSS-Framework/issues/43 it was pointed out that a typo in the authentication code meant that the md5.salted and sha1.salted password schemes didn't actually use the requested salt string but a fixed salt of "md5.salted" and "sha1.salted" respectively.
This has been corrected in this commit: https://git.io/vV5iE
A note to this effect has been added to ViMbAdmin is this commit: https://git.io/vV5ii
As a result of this, "md5.salted" and "sha1.salted" have been replaced with hyphenated versions: "md5-salted" and "sha1-salted" which will use the actual salt as requested.
For all existing ViMbAdmin installations, "md5.salted" and "sha1.salted" will continue to work but with the static salts of "md5.salted" and "sha1.salted" respectively.
One should always pick a hashing function as strong as your mail system allows. At time of writing, Dovecot ( http://wiki2.dovecot.org/Authentication/PasswordSchemes ) recommends one of BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT in descending order of strength
As such, the default version ViMbAdmin ships with in application.ini.dist is now:
defaults.mailbox.password_scheme = "dovecot:BLF-CRYPT"While no code changes have occurred in ViMbAdmin, we've pushed a new release to mark this issue:
https://github.com/opensolutions/ViMbAdmin/releases/tag/3.0.15
NB: no code changes have actually occurred in ViMbAdmin but rather a library used by ViMbAdmin. To get the new version of the library, just run:
composer updateDownloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
Source code (ZIP)
mirror of
https://github.com/opensolutions/ViMbAdmin.git
synced 2026-04-26 00:36:00 +03:00