* SONAR-14175 Add upgrade note about default admin credentials usage
* SONAR-14175 Update docs to set reset_password to true in the resetting admin password SQL
## Reinstating Admin Access
If you changed and then lost the `admin` password, you can reset it using the following query:
```
-update users set crypted_password = '$2a$12$uCkkXmhW5ThVK8mpBvnXOOJRLd64LJeHTeCkSuB3lfaR2N0AYBaSi', salt=null, hash_method='BCRYPT' where login = 'admin'
+update users set crypted_password = '$2a$12$uCkkXmhW5ThVK8mpBvnXOOJRLd64LJeHTeCkSuB3lfaR2N0AYBaSi', salt=null, hash_method='BCRYPT', reset_password=true where login = 'admin'
```
If you've deleted `admin` and subsequently locked out the other users with global administrative permissions, you'll need to re-grant `admin` to a user with the following query:
```
We recommend only giving external access to the application nodes and to the main port. ([SONAR-12686](https://jira.sonarsource.com/browse/SONAR-12686)).
+**Default Authentication and Administrator credentials**
+On a fresh install, to avoid mis-configuration and related security risks, you now have by default to authenticate and to update the password for the Administrator account. When upgrading, if your were still using default credentials, you'll be asked to change the password the next time you authenticate with the admin account. ([MMF-1352](https://jira.sonarsource.com/browse/MMF-2146), [MMF-1352](https://jira.sonarsource.com/browse/MMF-1352)).
+
[Full release notes](https://jira.sonarsource.com/secure/ReleaseNote.jspa?projectId=10930&version=16435)
## Release 8.5 Upgrade Notes
projects / sonarqube.git / commitdiff