[DBWG] Upcoming Release of WHOIS Version 2.3
michel.odou at afrinic.net
Wed Aug 30 19:08:40 UTC 2017
We are pleased to announce the upcoming release of WHOIS version 2.3.
The deployment of this new version is scheduled for overnight, on 31
August 2017 and available as from 1 September. 2017.
Details are available at status.afrinic.net
This release will include:
- Introduction of bcrypt as the default password hash
- Auto-generation of maintainer object for person and role objects
- Abuse contacts
- Other security updates
The new version provides for additional security by using bcrypt as
default password hashing method. Crypt and MD5 will be deprecated. It
will therefore not be possible to create or update password hashes using
these methods. However authenticating with existing passwords using the
older methods will continue to be supported.
Person and role objects do not require a maintainer to be created. Thus,
they could be left unprotected in the WHOIS database. After this release
a maintainer will be automatically created to protect any new person or
role object that would have otherwise been unprotected. The details of
the maintainer will be sent by email to the owner of the object. All the
existing unprotected person and role objects will be updated and details
of the generated maintainers will be sent by email to the respective owners.
Abuse contacts will be displayed when querying a resource if they have
been specified in the corresponding irt object.
We have made updates to some dependencies and libraries for security
All WHOIS related tools on the web site will be upgraded at the same
time, including the WHOIS crypt tool for password hashing.
If you have any unprotected person or role objects in the database, you
will receive an email with the details of the generated maintainer.
As part of this planned maintenance, WHOIS updates will be unavailable
for a short period of time. For the detail schedule please refer to
WHOIS queries will remain available throughout.
More information about the DBWG