P Richards
2014-10-19 22:53:37 UTC
If anyone's running 1.3-dev on a 'production box', you might want to read
the following:
Following Roland's suggestion to victor to think about what
config_is_private is "good for"
[https://github.com/mantisbt/mantisbt/pull/386#issuecomment-59629700 ], and
following reviewing our use of global-only config's - the next logical step
was to review config_is_private:
I've put in a Pull Request following that
(https://github.com/mantisbt/mantisbt/pull/509/files )
One of the changes in that pull request is as follows:
- case 'master_crypto_salt':
+ case 'crypto_master_salt':
Within config.api, config_is_private function
If you are running a version of 1.3 as a "production" instance somewhere,
I'd like to suggest you change your master salt and apply the patch in this
Pull Request.
Paul
the following:
Following Roland's suggestion to victor to think about what
config_is_private is "good for"
[https://github.com/mantisbt/mantisbt/pull/386#issuecomment-59629700 ], and
following reviewing our use of global-only config's - the next logical step
was to review config_is_private:
I've put in a Pull Request following that
(https://github.com/mantisbt/mantisbt/pull/509/files )
One of the changes in that pull request is as follows:
- case 'master_crypto_salt':
+ case 'crypto_master_salt':
Within config.api, config_is_private function
If you are running a version of 1.3 as a "production" instance somewhere,
I'd like to suggest you change your master salt and apply the patch in this
Pull Request.
Paul