I’m on 2.8.4 Parse Server, on which we use a Mailgun adapter for password reset. Today we got this email:
Hey there,
In our continual efforts to uphold the highest security standards possible to protect our customers, starting November 1, 2021, we will no longer return a value for the smtp_password parameter in GET /domains and /domains/ API calls. Why we’re doing this As a security best practice, we are moving towards hashing SMTP passwords, just as we do with all other passwords on our platform. Due to this new standard, we will be unable to show the passwords in plain text once they are hashed and stored in our secure database. How this impacts you After this change, you will no longer be able to view the SMTP password in plain text and must store the password on your end – ideally using a secure password manager. Depending on your configuration, any applications reliant on the smtp_password parameter could throw errors. What you need to do After securely storing your SMTP password, you will need to update any reliant systems. Applications that are expecting the plain text password in the API response will need to be updated to no longer rely on the password in order to function correctly. We’ve created an FAQ to help you make the change.
I’m not sure if it affects us or not.