From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 7 Oct 2021 12:23:31 +0000 (+0200)
Subject: dnsdist: Add #10157 to the upgrade guide and the 1.7.0-alpha1 ChangeLog
X-Git-Tag: dnsdist-1.7.0-alpha2~17^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10820%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Add #10157 to the upgrade guide and the 1.7.0-alpha1 ChangeLog

As suggested by Denis Machard on the mailing-list (thanks!).
---

diff --git a/pdns/dnsdistdist/docs/changelog.rst b/pdns/dnsdistdist/docs/changelog.rst
index ecc9109abd..a00426d25f 100644
--- a/pdns/dnsdistdist/docs/changelog.rst
+++ b/pdns/dnsdistdist/docs/changelog.rst
@@ -5,6 +5,13 @@ Changelog
   :version: 1.7.0-alpha1
   :released: 23rd of September 2021
 
+  .. change::
+    :tags: Improvements
+    :pullreq: 10157
+    :tickets: 7937
+
+    Move to hashed passwords for the web interface
+
  .. change::
     :tags: Improvements
     :pullreq: 10381
diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst
index a770666287..eb00fffddc 100644
--- a/pdns/dnsdistdist/docs/upgrade_guide.rst
+++ b/pdns/dnsdistdist/docs/upgrade_guide.rst
@@ -10,6 +10,8 @@ Truncated responses received over UDP for DoH clients will now be retried over T
 
 Unless set via :func:`setMaxTCPClientThreads` the number of TCP workers now defaults to 10, instead of the number of TCP binds.
 
+Plain-text API keys and passwords for web server authentication are now strongly discouraged. The :func:`hashPassword` method can be used to generate a hashed and salted version of passwords and API keys instead, so that the plain-text version can no longer be found in either the configuration file or the memory of the running process.
+
 1.5.x to 1.6.0
 --------------