31 August 2017 - We are pleased to announce the upcoming release of WHOIS version 2.3.
The deployment of this new version is scheduled for overnight, on 31 August 2017 and available as from 1 September. 2017.
Details are available at status.afrinic.net
This release will include:
- Introduction of bcrypt as the default password hash
- Auto-generation of maintainer object for person and role objects
- Abuse contacts
- Other security updates
The new version provides for additional security by using bcrypt as default password hashing method. Crypt and MD5 will be deprecated. It will therefore not be possible to create or update password hashes using these methods. However authenticating with existing passwords using the older methods will continue to be supported.
Person and role objects do not require a maintainer to be created. Thus, they could be left unprotected in the whois database. After this release a maintainer will be automatically created to protect any new person or role object that would have otherwise been unprotected. The details of the maintainer will be sent by email to the owner of the object. All the existing unprotected person and role objects will be updated and details of the generated maintainers will be sent by emails to the respective owners.
Abuse contacts will be displayed when querying a resource if they have been specified in the corresponding irt object.
We have made updates to some dependencies and libraries for security improvements.All WHOIS related tools on the web site will be upgraded at the same time, including the WHOIS crypt tool for password hashing. If you have any unprotected person or role objects in the database, you will receive an email with the details of the generated maintainer. As part of this planned maintenance, WHOIS updates will be unavailable for a short period of time. For the detail schedule please refer to status.afrinic.net
WHOIS queries will remain available throughout.