Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 7556:273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
Failed API login rate limiting with expiring lockout added.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 19 Jul 2023 20:37:45 -0400 |
| parents | f3c456e9a6c2 |
| children | 978285986b2c |
comparison
equal
deleted
inserted
replaced
| 7555:451232f83244 | 7556:273c8c2b5042 |
|---|---|
| 87 | 87 |
| 88 Contents: | 88 Contents: |
| 89 | 89 |
| 90 .. contents:: | 90 .. contents:: |
| 91 :local: | 91 :local: |
| 92 | |
| 93 .. index:: Upgrading; 2.2.0 to 2.3.0 | |
| 94 | |
| 95 Migrating from 2.3.0 to 2.4.0 | |
| 96 ============================= | |
| 97 | |
| 98 Update your ``config.ini`` (required) | |
| 99 ------------------------------------- | |
| 100 | |
| 101 Upgrade tracker's config.ini file. Use:: | |
| 102 | |
| 103 roundup-admin -i /path/to/tracker updateconfig newconfig.ini | |
| 104 | |
| 105 to generate a new ini file preserving all your settings. | |
| 106 You can then merge any local comments from the tracker's | |
| 107 ``config.ini`` to ``newconfig.ini`` and replace | |
| 108 ``config.ini`` with ``newconfig.ini``. | |
| 109 | |
| 110 ``updateconfig`` will tell you if it is changing old default | |
| 111 values or if a value must be changed manually. | |
| 112 | |
| 113 This will insert the bad API login rate limiting settings. | |
| 114 | |
| 115 Bad Login Rate Limiting and Locking (info) | |
| 116 ------------------------------------------ | |
| 117 | |
| 118 Brute force logins have been rate limited in the HTML web interface | |
| 119 for a while. This was not the case with the API interfaces. | |
| 120 | |
| 121 This release introduces rate limiting for invalid REST or XMLRPC API | |
| 122 logins. As with the web interface, users who have hit the rate limit | |
| 123 have their accounts locked until after the recommended delay time has | |
| 124 passed. See `information on configuring the API rate limits`_ for | |
| 125 details. | |
| 126 | |
| 127 .. _`information on configuring the API rate limits`: rest.html#rate-limiting-api-failed-logins | |
| 92 | 128 |
| 93 .. index:: Upgrading; 2.2.0 to 2.3.0 | 129 .. index:: Upgrading; 2.2.0 to 2.3.0 |
| 94 | 130 |
| 95 Migrating from 2.2.0 to 2.3.0 | 131 Migrating from 2.2.0 to 2.3.0 |
| 96 ============================= | 132 ============================= |