- Affected version
We have noticed XF\Authentication\Core12::isUpgradable always returns true in our installation. Apparently, running XF\Authentication\Core12::generate will return "$2y" if password_hash is available. If I disable that branch and force it to use XF\Authentication\PasswordHash::HashPassword, the hash comes back with "$2a" prefix. Is this a bug?