DL 0.12 is the last release offering an upgrade path from DL 0.3. Version 0.13 can only upgrade from 0.4 and above. If you have an old installation, you’ll need to perform a two step upgrade using an earlier release.
Please note: DL 0.12 requires a database schema update! Please read the database upgrade procedure in the README!
Please note: DL 0.11 requires a database schema update! Please read the database upgrade procedure in the README!
Upgrading to DL 0.11 has implication for existing users. The new hashing scheme limits usernames to 60 characters and passwords to 72 to prevent DoS attacks. Users having usernames/passwords exceeding these limits won’t be able to login after the upgrade, and can only be managed manually through the command line.
The password hash of existing users is automatically rehashed using the new scheme upon a successful login (no password change is required).
The optional password of tickets and grants is similarly affected and upgraded transparently upon successful usage. Tickets/grants having passwords longer than 72 characters though will require a manual password reset.
To fully prevent CSRF attacks on the REST interface when used in combination with HTTP authentication the protocol has been broken. Clients (such as the supplied “dl-wx”) require an upgrade, though new clients can still communicate to an old server.
Please note: DL 0.10 requires a database schema and webserver configuration update! Please read the database upgrade procedure in the README and the relevant notes about web server configuration.