Clone wiki

passlib / Roadmap

Passlib Roadmap


Passlib is slowly moving towards 2.0, and with it, there are plans to cleanup (and attempt to simplify) a lot of the internal code. Release 1.7 made some major cleanups to the API, while trying to maintain backwards compatibility. 1.8 will shed some low-impact features, and add some slated new ones.

If something here would impact your application, please post a question / feedback on the mailing list!

Upcoming Changes

As a heads-up, developers may be impacted by the following changes planned for future releases:


  • passlib.context: Removal of long-deprecated CryptPolicy class.
  • passlib.apache: Removal of deprecated v1.5 compatibility methods.
  • passlib.ext.django: Split out as separate project, or remove it. See issue #81
  • passlib.handlers: This package contains the actual hasher implementations, and should have been private all along. It will probably be renamed to passlib._hashers (or even relocated to within passlib.hash, if that's feasible given the proxy module that currently sits there).


  • Depending on v2.0 development changes, there may be a v1.9 a transitional release: applications using non-deprecated parts of 1.9 should be able to drop in 2.0 without much pain.


  • Dropping Python 2.x / 3.3 support (May happen sooner, if pip/tox toolchain drops support first).

  • A large number of deprecated methods and features will be removed; primarily the deprecated PasswordHash.encrypt and CryptContext.encrypt methods.

  • passlib.context: CryptContext objects will default to deprecated="auto", meaning all but the first scheme will be considered deprecated unless explicitly stated otherwise.

  • passlib.apache: HtpasswdFile will default to apache-2.4 compatible defaults. Forward- & backward- compatible default_scheme settings are available as of Passlib 1.7.

Python Deprecation Policy

The following is a rough guide for when Passlib will drop support for a Python version:

  • When pip or setuptools drops support, Passlib will follow.

  • When tox or virtualenv drops support, Passlib will generally follow, unless there's a particular demand for that python release, and that demand justifies the special handling required for testing.

  • Otherwise general compatibility will be attempted, unless the python version requires specific hacks to the source code, in which case support will be dropped once general usage is low enough.