diff options
| author | Peter Kokot <peterkokot@gmail.com> | 2019-05-07 02:22:29 +0200 |
|---|---|---|
| committer | Peter Kokot <peterkokot@gmail.com> | 2019-05-07 02:22:29 +0200 |
| commit | 88f64d4a7ba1aff61c0e8a595e48b8d4d8646f19 (patch) | |
| tree | 675dbca3243589e546a54a69cae4f257c40378d6 | |
| parent | eb9ad31b48f6047fafed6221e130ff715d6d5748 (diff) | |
| download | php-git-88f64d4a7ba1aff61c0e8a595e48b8d4d8646f19.tar.gz | |
[ci skip] Add password registry RFC to changelog
| -rw-r--r-- | NEWS | 8 | ||||
| -rw-r--r-- | UPGRADING | 23 |
2 files changed, 25 insertions, 6 deletions
@@ -33,8 +33,8 @@ PHP NEWS . Added FFI extension. (Dmitry) - Filter: - . The filter extension no longer have the --with-pcre-dir on Unix builds, - allowing the extension to be once more compiled as shared using + . The filter extension no longer have the --with-pcre-dir on Unix builds, + allowing the extension to be once more compiled as shared using ./configure. (Kalle) - FPM: @@ -108,7 +108,7 @@ PHP NEWS . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints). (krakjoe) . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe) - + - Sockets: . Fixed bug #67619 (Validate length on socket_write). (thiagooak) @@ -132,6 +132,8 @@ PHP NEWS . Implemented FR #38301 (field enclosure behavior in fputcsv). (cmb) . Implemented FR #51496 (fgetcsv should take empty string as an escape). (cmb) . Implemented FR #77377 (No way to handle CTRL+C in Windows). (Anatol) + . Implemented password hashing registry RFC: + https://wiki.php.net/rfc/password_registry. (Sara) - Reflection: . Fixed bug #76737 (Unserialized reflection objects are broken, they @@ -102,6 +102,17 @@ PHP 7.4 UPGRADE NOTES - Standard: . The "o" serialization format has been removed. As it is never produced by PHP, this may only break unserialization of manually crafted strings. + . Password hashing algorithm identifiers are now nullable strings rather + than integers. + + * PASSWORD_DEFAULT was int 1; now is null + * PASSWORD_BCRYPT was int 1; now is string '2y' + * PASSWORD_ARGON2I was int 2; now is string 'argon2i' + * PASSWORD_ARGON2ID was int 3; now is string 'argon2id' + + Applications correctly using the constants PASSWORD_DEFAULT, + PASSWORD_BCRYPT, PASSWORD_ARGON2I, and PASSWORD_ARGON2ID will continue to + function correctly. ======================================== 2. New Features @@ -243,6 +254,9 @@ PHP 7.4 UPGRADE NOTES identical to using the default). . proc_open() on Windows can be passed a "create_process_group" option. It is required, if the child process is supposed to handle CTRL events. + . password_hash() now accepts nullable string and int as $algo argument. + . password_needs_rehash() now accepts nullable string and int as $algo + argument. ======================================== 6. New Functions @@ -271,6 +285,9 @@ PHP 7.4 UPGRADE NOTES function is expected have a signature "function handler(int $event)". . bool sapi_windows_generate_ctrl_event(int type, int pid) - send a CTRL event to another process. + . array password_algos() - return a complete list of all registered password + hashing algorithms. For more details see the RFC: + https://wiki.php.net/rfc/password_registry ======================================== 7. New Classes and Interfaces @@ -343,9 +360,9 @@ PHP 7.4 UPGRADE NOTES . The bundled libsqlite has been removed. To build the SQLite3 extension a system libsqlite3 ≥ 3.7.4 is now required. To build the PDO_SQLite extension a system libsqlite3 ≥ 3.5.0 is now required. - . (Un)serialization of SQLite3, SQLite3Stmt and SQLite3Result is now explicitly - forbidden. Formerly, serialization of instances of these classes was - possible, but unserialization yielded unusable objects. + . (Un)serialization of SQLite3, SQLite3Stmt and SQLite3Result is now + explicitly forbidden. Formerly, serialization of instances of these classes + was possible, but unserialization yielded unusable objects. . The @param notation can now also be used to denote SQL query parameters. - Zip: |