You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2019/05/11 21:16:00 UTC
[jira] [Work logged] (ROL-2137) Require setting rememberme.key
[ https://issues.apache.org/jira/browse/ROL-2137?focusedWorklogId=240676&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-240676 ]
ASF GitHub Bot logged work on ROL-2137:
---------------------------------------
Author: ASF GitHub Bot
Created on: 11/May/19 21:15
Start Date: 11/May/19 21:15
Worklog Time Spent: 10m
Work Description: snoopdave commented on pull request #27: [ROL-2137] Require setting rememberme.key
URL: https://github.com/apache/roller/pull/27
if you're going to enable remember me then you must set a unqiue key; and not the well known "springRocks" that was the previous default.
https://issues.apache.org/jira/browse/ROL-2137
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 240676)
Time Spent: 10m
Remaining Estimate: 0h
> Require setting rememberme.key
> -------------------------------
>
> Key: ROL-2137
> URL: https://issues.apache.org/jira/browse/ROL-2137
> Project: Apache Roller
> Issue Type: Improvement
> Reporter: David Johnson
> Assignee: David Johnson
> Priority: Major
> Fix For: 5.2.3
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> If you are going to enable rememberMe in Roller then you really MUST set a unique (and secret) key for Spring Security's remember me feature.
> Change Roller so that remember-me will not work unless a ''rememberme.key' property set and it is set to something other than the old default value 'springRocks'
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)