swauth (1.3.0)

    [SECURITY] Stop using client headers for cross-middleware communication
    WARNING: You need to upgrade Swift3 to at least 1.12

    [SECURITY] Hash token before storing it in Swift (CVE-2017-16613)
    WARNING: In deployments without memcached this patch logs out all users
    because tokens became invalid.

swauth (1.2.0)

    Allow to set password by hash

    Allow to set hash salt in config for S3 compatibility

    Due to security reason, S3 support is disabled by default

    Salt is not included in S3 HMAC computation

    Use correct content type on JSON responses

    Fix changing of auth_type in existing deployments

    Remove outdated locale

swauth (1.1.0)

    This is first release after move to OpenStack Infra

    Allow users to change their own password/key

    Add support for storage policy

    Show password prompt if key is not specified

    Allow to use Keystone at same time

    Support SHA512 for password hashing

    Code cleanup

    Bugfixies a security fixies

swauth (1.0.8)

   Added request.environ[reseller_request] = True if request is coming from an
   user in .reseller_admin group

   Fixed to work with newer Swift versions whose memcache clients require a
   time keyword argument when the older versions required a timeout keyword
   argument.

swauth (1.0.7)

    New X-Auth-Token-Lifetime header a user can set to how long they'd like
    their token to be good for.

    New max_token_life config value for capping the above.

    New X-Auth-Token-Expires header returned with the get token request.

    Switchover to swift.common.swob instead of WebOb; requires Swift >= 1.7.6
    now.

swauth (1.0.6)

    Apparently I haven't been keeping up with this CHANGELOG. I'll try to be
    better onward.

    This release added passing OPTIONS requests through untouched, needed for
    CORS support in Swift.

    Also, Swauth is a bit more restrictive in deciding when it's the definitive
    auth for a request.

swauth (1.0.3-dev)

    This release is still under development. A full change log will be made at
    release. Until then, you can see what has changed with:

    git log 1.0.2..HEAD

swauth (1.0.2)

    Fixed bug rejecting requests when using multiple instances of Swauth or
    Swauth with other auth services.

    Fixed bug interpreting URL-encoded user names and keys.

    Added support for the Swift container sync feature.

    Allowed /not/ setting super_admin_key to disable Swauth administration
    features.

    Added swauth_remote mode so the Swauth middleware for one Swift cluster
    could be pointing to the Swauth service on another Swift cluster, sharing
    account/user data sets.

    Added ability to purge stored tokens.

    Added API documentation for internal Swauth API.

swauth (1.0.1)

    Initial release after separation from Swift.
