1 files changed, 26 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
new file mode 100644
index 000000000..091898ae1
--- /dev/null
+++ b/CHANGES
@@ -0,0 +1,26 @@
+This file contains only important changes made to Bugzilla.  If you
+are updating from an older verseion, make sure that you check this file!
+
+For a more complete list of what has changed, use Bonsai
+(http://cvs-mirror.mozilla.org/webtools/bonsai/cvsqueryform.cgi) to
+query the CVS tree.  For example,
+
+    http://cvs-mirror.mozilla.org/webtools/bonsai/cvsquery.cgi?module=all&branch=HEAD&branchtype=match&dir=mozilla%2Fwebtools%2Fbugzilla&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=week&mindate=&maxdate=&cvsroot=%2Fcvsroot 
+
+will tell you what has been changed in the last week.
+
+
+9/2/98 Changed the way password validation works.  We now keep a
+crypt'd version of the password in the database, and check against
+that.  (This is silly, because we're also keeping the plaintext
+version there, but I have plans...)  Stop passing the plaintext
+password around as a cookie; instead, we have a cookie that references
+a record in a new database table, logincookies.
+
+IMPORTANT: if updating from an older version of Bugzilla, you must run
+the following commands to keep things working:
+
+ ./makelogincookiestable.sh
+ echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs
+ echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
+