Weekly Update, February 18th, 2025 –– Please test 3.2-beta.1

A few days ago we announced that: Meteor.js v3.1.2 is out! πŸŽ‰

Since then we have started working on 3.2 and currently, we have a beta version for you to try:

meteor update --release 3.2-beta.1

This beta includes:

Changes we would love the community to give it a shot at testing.


Nacho is also working on a 2.16 patch to help out with the Error building cordova project that we are having on the 2.x versions.

Next releases:

  • Meteor 3.2.0 (late-February/early March 2025)
6 Likes

It will help a lot for a migration guide, not only technically, but also how it should happen in operations for the removal of bcrypt.

Not all users will be migrated through a login and therefore has to be forced to reset passwords before removing bcrypt

2 Likes

As of my understanding, we will need that migration guide, but not immediately. It will be critical when bcrypt got removed.

2 Likes

We decided to roll out this feature in multiple phases.

The first phase is planned for 3.2 and won’t introduce any breaking changes. A guide on optionally enabling Argon2 is available in the docs. Feel free to share any feedback with the author there.

In the second phase, after broader community adoption, we plan to remove bcrypt. Guidance will be provided, considering insights from early adopters. A future version will introduce this as a breaking change with clear warnings and necessary actions.

2 Likes

@nachocodoner, which one is the case here:

  1. We are sure that bcrypt will be removed in the future
  2. Removal of bcrypt depends on the feedback about the use of argon2
  1. Removal of bcrypt depends on the feedback about the use of argon2

The second option prioritizes safety for everyone. We need people to dive into the implementation and share feedback to handle this major breaking change in the future, affecting both code and data in a widely used part like auth system of any Meteor app.

For now, we expect developers to move there optionally, share their experiences, and provide feedback to the original author, as seen in the PR. Performance implications matter too, I’d like to see how login behaves in comparison, as it could be a good meteor/performance case to measure. That’s why it’s important for users to migrate when possible and help improve stability and experience, before any final call on its mandatory adoption.

3 Likes