1.8.4

Fixed

• Daemon Threads belonging to the parallelization pool are now shutdown during JVM shutdown in order to prevent memory leaks (#163)

1.8.3

Fixed

• Threads belonging to the parallelization pool are now shutdown during JVM shutdown in order to preven memory leaks (#162)

1.8.2

Fixed

• Multi thread algorithms use daemon threads in order to not block the application shutdown if there is no explicit System.exit() (#151)
• Password4j works even when there is no access to psw4j.properties file due to restrictive security policies (#153)

1.8.1

Fixed

• Argon2Function#internalHash(...) used a double conversion from byte[] to String and back to byte[] that created inconsistencies in `Hash#salt (#143)

Changed

• Hash#Hash(HashingFunction, String, byte[], String) marked deprecated

1.8.0

Added

• Balloon Hashing implementation (#131)

Fixed

• Parallelism is achieved by an ExecutorService instantiated during object creation instead of during the hashing process

Changed

• Banner is disabled by default

1.7.3

Fixed

• Wrong hashes when the password contains non ISO 8859-1 characters (#126)

1.7.2

Fixed

• Suppressed warning for usage of java.security.AccessController. This is how the java development team fixed the problem for the moment (#119)
• In some custom JDK implementations java.security.Provider#getServices() can return null instead of empty java.security.Provider.Service[] (#120)

1.7.1

Fixed

• Bcrypt used negative rounds when cost factor = 31 (#114)

1.7.0

Added

• APIs now accepts byte[] arguments (#93)
• .forceUpdate() forces Password4j to recalculate a new hash even if the parameters didn't change (#102)

Changed

• .andUpdate() no more recalculates the hash if the algorithm, salt or pepper changed from the hash found in Password.check() (#102)

Fixed

• Inconsistency between public and internal APIs for Argon2 (#93)

1.6.3

Fixed

• Inconsistency of Argon2 with some kind of salts generated from external libraries #92