Upgrade Guide (V0.18.0)

For this release, there have been no breaking changes. Everything should still work without any intervention but in case it does not, or you want finer control over your upgrade. Please review the below.

Argon2 Password Hashing

One of the major changes in this update, is the fact that the application has switched over to using Argon2 for password hashing. When logging in it should automatically upgrade your hash to the Argon2 spec from the previous hashers.

This is a setting that is enabled by default and can be disabled. You can set the env var (SHOPPING_ALLOW_LEGACY_HASHING) to 0 to disable this. This means that users will not be able to login unless their passwords are hashed with Argon2.

As mentioned before, this will be enabled by default and will require no intervention, meaning your users should automatically be upgraded to Argon2.

NOTE: You should get all your users to move to Argon2 with a new login as the old hashing algorithms will be deprecated as part of V1.

We recommend leaving this enabled.

Force legacy hashing

If for any reason, the new hashing algorithms do not work on your machine. You can disable it by passing the env var (SHOPPING_FORCE_LEGACY_HASHING) as 1 to disable Argon2 and use the legacy hashers.

This is not recommended as is only intended as an escape hatch while issues are resolved. Please ensure to get this resolved ASAP as this will be deprecated as part of V1. Meaning your users will be locked out if not migrated to Argon2.