CHANGELOG: add notice about password concurrency limit

hashicorp · Jan 22, 2025 · e5dc552 · e5dc552
1 parent 90a92d9
commit e5dc552
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 * Fix bug in parsing IPv6 addresses. Previously setting a target address or the
   initial upstream address in the config file would result in a malformed value.
   ([PR](https://github.com/hashicorp/boundary/pull/5221)).
+* Fix an issue where, when starting a session, the connection limit always displays 0.
+  ([PR](https://github.com/hashicorp/boundary/pull/5396)).
 
 ### New and Improved
 
@@ -29,11 +31,14 @@ maintainability of worker queries, and improve DB performance. ([PR](https://git
     dual-stack support, this Boundary release may consume more memory. From our
     testing, the increase seems to be around 1.6x, however this
     may vary depending on your deployment architecture.
+* Add concurrency limit on the password hashing of all password auth methods.
+  This avoids bursty memory and CPU use during concurrent password auth method
+  authentication attempts. The number of concurrent hashing operations
+  can be set with the new `concurrent_password_hash_workers` configuration
+  value in the controller stanza, or the new 
+  `BOUNDARY_CONTROLLER_CONCURRENT_PASSWORD_HASH_WORKERS` environment variable.
+  The default limit is 1.
 
-### Bug fixes
-
-* Fix an issue where, when starting a session, the connection limit always displays 0.
-  ([PR](https://github.com/hashicorp/boundary/pull/5396)).
 
 ## 0.18.2 (2024/12/12)
 ### Bug fixes