Question: Will newer versions of bcrypt be supported?

[mbarakaja]

In the latest documentation of Flask-Security appears that bcrypt>=2.0.0 is not currently supported.

How can this impact the application security? I'm new with text hashing libraries and I wondering if is fine to use an older version of the library.

In another hand, installing bcrypt to the latest version (3.1.0) and running my test doesn't broke anything at this time.

[jonafato]

As of #430, bcrypt>=2.0.0 should be supported, and the docs no longer mention this restriction. Can you point to where this is documented so it can be updated?

[mbarakaja]

I see...

I was reading the documentation in pythonhosted.org, which is where the documentation link point out in the README.rst file.

Actually, the link http://packages.python.org/Flask-Security is redirecting to https://pythonhosted.org/Flask-Security/.

[sherzberg]

I just tried bcrypt==3.1.1 and it worked just fine.

Just another datapoint for people coming here after looking at the same old documentation I was looking at like the above poster.

[savraj]

I'm glad I came here because i was trying to figure out how to use bcrypt < 2.0.0 as that's what these docs say: https://pythonhosted.org/Flask-Security/configuration.html

[owkwen]

I fell for this, the doc is in fact updated on git but still not on the website, can we push the update to the website so others don't get confused by the, not anymore existing, bcrypt version restriction?

This issue will be good for closing then!

[owkwen]

Hmm I just found out that the documentation link mentioned in the read.me is http://flask-security.readthedocs.io/en/latest/configuration.html and not https://pythonhosted.org/Flask-Security/configuration.html Maybe a redirection to readthedocs.io would help? Or update pythonhosted.org version too? All I could find on google was the pythonhosted.org version

[jirikuncar]

@owkwen The documentation will be updated together with new release. develop branch has not limit on bcrypt library version.