Merge pull request #398 from jonafato/bcrypt-hotfix

Restrict bcrypt to <2.0.0
2026-06-27 16:10:11 +08:00 · 2015-06-24 22:23:36 -05:00
parent 33252ae178 398f5c920b
commit cbd0db7c39
2 changed files with 5 additions and 2 deletions
@@ -23,7 +23,10 @@ Core
                                         passwords. Recommended values for
                                         production systems are ``bcrypt``,
                                         ``sha512_crypt``, or ``pbkdf2_sha512``.
-                                         Defaults to ``plaintext``.
+                                         Defaults to ``plaintext``. Note:
+                                         ``bcrypt>=2.0.0`` is not currently
+                                         supported. If ``bcrypt`` is preferred,
+                                         please use ``bcrypt<2.0``.
 ``SECURITY_PASSWORD_SALT``               Specifies the HMAC salt. This is only
                                         used if the password hash type is set
                                         to something other than plain text.
@@ -1,5 +1,5 @@
 Flask-SQLAlchemy>=1.0
-bcrypt>=1.0.2
+bcrypt>=1.0.2,<2.0.0
 flask-mongoengine>=0.7.0
 flask-peewee>=0.6.5
 pymongo==2.8