Releases: Password4j/password4j
Releases · Password4j/password4j
1.8.2
Fixed
- Multi thread algorithms use daemon threads in order to not block the application shutdown if there is no explicit
System.exit() (#151)
- Password4j works even when there is no access to
psw4j.properties file due to restrictive security policies (#153)
1.8.1
Fixed
Argon2Function#internalHash(...) used a double conversion from byte[] to String and back to byte[] that created inconsistencies in `Hash#salt (#143)
Changed
Hash#Hash(HashingFunction, String, byte[], String) marked deprecated
1.8.0
Added
- Balloon Hashing implementation (#131)
Fixed
- Parallelism is achieved by an
ExecutorService instantiated during object creation instead of during the hashing process
Changed
- Banner is disabled by default
1.7.3
Fixed
- Wrong hashes when the password contains non ISO 8859-1 characters (#126)
1.7.2
Fixed
- Suppressed warning for usage of
java.security.AccessController. This is how the java development team fixed the problem for the moment (#119)
- In some custom JDK implementations
java.security.Provider#getServices() can return null instead of empty java.security.Provider.Service[] (#120)
1.7.1
Fixed
- Bcrypt used negative rounds when cost factor = 31 (#114)
1.7.0
Added
- APIs now accepts
byte[] arguments (#93)
.forceUpdate() forces Password4j to recalculate a new hash even if the parameters didn't change (#102)
Changed
.andUpdate() no more recalculates the hash if the algorithm, salt or pepper changed from the hash found in Password.check() (#102)
Fixed
- Inconsistency between public and internal APIs for Argon2 (#93)
1.6.3
Fixed
- Inconsistency of Argon2 with some kind of salts generated from external libraries #92
1.6.2
Added
- Application banner (#83).
Fixed
Removed
- Dependencies to Apache Commons Text, which had been vulnerable to arbitrary code execution in the past (#84).
