From: Peter Kokot Date: Tue, 7 May 2019 00:22:29 +0000 (+0200) Subject: [ci skip] Add password registry RFC to changelog X-Git-Tag: php-7.4.0alpha1~350 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=88f64d4a7ba1aff61c0e8a595e48b8d4d8646f19;p=php [ci skip] Add password registry RFC to changelog --- diff --git a/NEWS b/NEWS index f77fe62f8f..debd28573d 100644 --- a/NEWS +++ b/NEWS @@ -33,8 +33,8 @@ PHP NEWS . Added FFI extension. (Dmitry) - Filter: - . The filter extension no longer have the --with-pcre-dir on Unix builds, - allowing the extension to be once more compiled as shared using + . The filter extension no longer have the --with-pcre-dir on Unix builds, + allowing the extension to be once more compiled as shared using ./configure. (Kalle) - FPM: @@ -108,7 +108,7 @@ PHP NEWS . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints). (krakjoe) . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe) - + - Sockets: . Fixed bug #67619 (Validate length on socket_write). (thiagooak) @@ -132,6 +132,8 @@ PHP NEWS . Implemented FR #38301 (field enclosure behavior in fputcsv). (cmb) . Implemented FR #51496 (fgetcsv should take empty string as an escape). (cmb) . Implemented FR #77377 (No way to handle CTRL+C in Windows). (Anatol) + . Implemented password hashing registry RFC: + https://wiki.php.net/rfc/password_registry. (Sara) - Reflection: . Fixed bug #76737 (Unserialized reflection objects are broken, they diff --git a/UPGRADING b/UPGRADING index 1ec2b211b9..4c0f7a6ca1 100644 --- a/UPGRADING +++ b/UPGRADING @@ -102,6 +102,17 @@ PHP 7.4 UPGRADE NOTES - Standard: . The "o" serialization format has been removed. As it is never produced by PHP, this may only break unserialization of manually crafted strings. + . Password hashing algorithm identifiers are now nullable strings rather + than integers. + + * PASSWORD_DEFAULT was int 1; now is null + * PASSWORD_BCRYPT was int 1; now is string '2y' + * PASSWORD_ARGON2I was int 2; now is string 'argon2i' + * PASSWORD_ARGON2ID was int 3; now is string 'argon2id' + + Applications correctly using the constants PASSWORD_DEFAULT, + PASSWORD_BCRYPT, PASSWORD_ARGON2I, and PASSWORD_ARGON2ID will continue to + function correctly. ======================================== 2. New Features @@ -243,6 +254,9 @@ PHP 7.4 UPGRADE NOTES identical to using the default). . proc_open() on Windows can be passed a "create_process_group" option. It is required, if the child process is supposed to handle CTRL events. + . password_hash() now accepts nullable string and int as $algo argument. + . password_needs_rehash() now accepts nullable string and int as $algo + argument. ======================================== 6. New Functions @@ -271,6 +285,9 @@ PHP 7.4 UPGRADE NOTES function is expected have a signature "function handler(int $event)". . bool sapi_windows_generate_ctrl_event(int type, int pid) - send a CTRL event to another process. + . array password_algos() - return a complete list of all registered password + hashing algorithms. For more details see the RFC: + https://wiki.php.net/rfc/password_registry ======================================== 7. New Classes and Interfaces @@ -343,9 +360,9 @@ PHP 7.4 UPGRADE NOTES . The bundled libsqlite has been removed. To build the SQLite3 extension a system libsqlite3 ≥ 3.7.4 is now required. To build the PDO_SQLite extension a system libsqlite3 ≥ 3.5.0 is now required. - . (Un)serialization of SQLite3, SQLite3Stmt and SQLite3Result is now explicitly - forbidden. Formerly, serialization of instances of these classes was - possible, but unserialization yielded unusable objects. + . (Un)serialization of SQLite3, SQLite3Stmt and SQLite3Result is now + explicitly forbidden. Formerly, serialization of instances of these classes + was possible, but unserialization yielded unusable objects. . The @param notation can now also be used to denote SQL query parameters. - Zip: