From d6f827c50db5664ab6bd6cf61802a80734fb8e0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A1vid=20Kov=C3=A1cs?= Date: Sat, 9 May 2020 22:12:42 +0200 Subject: [PATCH] Document NoOpPasswordEncoder will not be removed This commit adds extension to deprecation notice. Fixes gh-8506 --- .../security/crypto/password/NoOpPasswordEncoder.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java index 907eb7c718..3c28e16741 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java @@ -26,7 +26,8 @@ package org.springframework.security.crypto.password; * @deprecated This PasswordEncoder is not secure. Instead use an * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports - * password upgrades. + * password upgrades. There are no plans to remove this support. It is deprecated to indicate that + * this is a legacy implementation and using it is considered insecure. */ @Deprecated public final class NoOpPasswordEncoder implements PasswordEncoder {