ACF 2021 Update 14 Breaking Change With Hash and CFMX_COMPAT Algorithm

I thought I was finished with my ACF update 14 woes, but as it turns out, they introduced another breaking change my forcing the default algorithm in the hash() method from CFMX_COMPAT to SHA-256 . (Adobe Documentation)

This means if you hashed something like this in your code:
hashedValue = hash( mySecret );

The result of hashedValue will be different if you’re on ACF 2021 update 14+ vs any earlier version. This is problematic if you happened to store any prior hashed values in a database and need to check them for consistency.

The fix for this issue is to look for any place in your code you use hash() without the optional second argument, and manually specify CFMX_COMPAT like this:
hashedValue = hash( mySecret, "CFMX_COMPAT" );

The result will be what you expected prior to update 14.

Adobe obviously recommends you not use CFMX_COMPAT anymore, but since hashing values only goes one way, unlike encrypt() or decrypt(), you may be stuck in a pickle jar until you can get your users to re-enter the original data that you want to hash. It also makes things more complicated because you might have some data that was hashed using the old algorithm, and newer data that uses the new one.

One possible workaround would be to add a new field in your database called hashedBy and include the name of the algorithm. Then your hash code would look something like this:
hashedValue = hash( mySecret, dbResult.hashedBy );

I hope this helps someone.

1 Like