Commit bb0f2d0e40efc03e6e0a2cc4b3eee72eca89c9c4
Clarify gem vs bcrypt() itself
T.J. Schuck committed on 2/21/2014, 7:09:15 PMParent: 053804330b025bd804000e403bf3d41264426e73
Files changed
| README.md | changed |
| README.md | ||
|---|---|---|
| @@ -16,9 +16,9 @@ | ||
| 16 | 16 | security experts is not a professional response to risk. |
| 17 | 17 | |
| 18 | 18 | `bcrypt()` allows you to easily harden your application against these kinds of attacks. |
| 19 | 19 | |
| 20 | -*Note*: JRuby versions of bcrypt `<= 2.1.3` had a [security | |
| 20 | +*Note*: JRuby versions of the bcrypt gem `<= 2.1.3` had a [security | |
| 21 | 21 | vulnerability](http://www.mindrot.org/files/jBCrypt/internat.adv) that |
| 22 | 22 | was fixed in `>= 2.1.4`. If you used a vulnerable version to hash |
| 23 | 23 | passwords with international characters in them, you will need to |
| 24 | 24 | re-hash those passwords. This vulnerability only affected the JRuby gem. |
Built with git-ssb-web