Changes in default password properties

With the upgrade to Spring Framework 5.0 the password storage has undergone a major change to provide more secure defaults. This means that passwords are now stored in an encrypted way by default. Existing passwords in publisher.properties should all be prefixed with {noop} to ensure that any existing plain text passwords will still work. The encryption algorithm is Bcrypt.

Please update the oauth2.secret accordingly.

Example

In Publisher 4.0.x the oauth2.secret would look like this:

oauth2.secret=123

In Publisher 4.1 you have two choices, either set the password without encryption:

oauth2.secret={noop}123

Or with BCrypt encryption:

oauth2.secret={bcrypt}$2a$04$zMrh.OEz/qDyPZnP14vMwucVpS5rTI91NZDHhW6fVG2sA.9NPGG16

You can encrypt your passwords using an online BCrypt tool such as: https://www.devglan.com/online-tools/bcrypt-hash-generator