diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 05d02fa69..fb0676b34 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -21,21 +21,6 @@
    definition and the table schema.
  - Fixed a limit bug in the asset discovery service.
  - Fixed #8853: link to manageWorkflows is broken
- - Fixed #8890: meta_loop in post form not working (United Knowledge)
- - added: ldaps and ldapi are now supported when working with LDAP authentication
- - rfe #740: Thingy Pre-Text (SDH Consulting Group)
- - rfe #746: use the menu title in asset manager
- - rfe #549: New macro for checking spectre status.  VersionTag::RequestCommit and Operation::VestionTag::www_commitVertionTag now both check for spectre status before trying to commit.
- - rfe #637: Alphabetize wiki items under a keyword?
- - Autocommit assets like CS posts or Calendar Events can now be added before the
-    parent is committed.  They will go into the same version tag as their parent.
- - rfe #640: Refactored autocommit and autocomment
- - added a perltidyrc to the docs folder. we'll be using this to clean up code.
- - fixed: Site Nav navigation template can now be used more than once per page
- - added: TextArea now supports "maxlength" attribute
- - added: DataForm can now run a workflow when an entry is added
- - Fixed #8921: Duplicating templates through conventional methods maintains default template flag
- - Fixed #8962: Wrong mime-type used for json data
  - Added: WebGUI::Pluggable find() and findAndLoad() for easier module loading
  - Added RFE #327: Select All button to class list in Search asset
  - Fixed #8984: Weather Asset missing hoverhelp
@@ -162,6 +147,39 @@
  - fixed: Shelf/Product import export does not work
  - fixed: Shelf/Product import does not work with windows files
 
+7.5.31
+ - fixed: debian licensing problem with user list
+ - fixed: Wrong password behaviour  (#8905)
+ - removed the old js file IndexedSearch/ColorPicker2.js that hasn't been used
+   in about 3 years. 
+ - Fixed #8984: Weather Asset missing hoverhelp
+
+7.5.30
+ - fixed: can't add EMS tickets to badges
+ - fixed 8962: Wrong mime-type used for json data
+ - fixed: default site has no content
+ - fixed: possible to execute arbitrary perl code as any user that can upload files
+
+7.5.29
+ - fixed: Site Nav is broken
+
+7.5.28
+ - Fixed #8890: meta_loop in post form not working (United Knowledge)
+ - added: ldaps and ldapi are now supported when working with LDAP authentication
+ - rfe #740: Thingy Pre-Text (SDH Consulting Group)
+ - rfe #746: use the menu title in asset manager
+ - rfe #549: New macro for checking spectre status.  VersionTag::RequestCommit and Operation::VestionTag::www_commitVertionTag now both check for spectre status before trying to commit.
+ - rfe #637: Alphabetize wiki items under a keyword?
+ - Autocommit assets like CS posts or Calendar Events can now be added before the
+    parent is committed.  They will go into the same version tag as their parent.
+ - rfe #640: Refactored autocommit and autocomment
+ - added a perltidyrc to the docs folder. we'll be using this to clean up code.
+ - fixed: Site Nav navigation template can now be used more than once per page
+ - added: TextArea now supports "maxlength" attribute
+ - added: DataForm can now run a workflow when an entry is added
+ - Fixed #8921: Duplicating templates through conventional methods maintains default template flag
+ - Fixed #8962: Wrong mime-type used for json data
+
 7.5.24
  - fixed: Spelling mistake on site starter
  - fixed: DatePicker.js can now use different first days of the week.
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index 67626733d..f93aa1b0b 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -120,7 +120,7 @@ sub authenticate {
 	
 	$identifier = $_[1];
 	$userData = $self->getParams;
-	if ((Digest::MD5::md5_base64(Encode::encode_utf8($identifier)) eq $$userData{identifier}) && ($identifier ne "")) {
+	if (($self->hashPassword($identifier) eq $$userData{identifier}) && ($identifier ne "")) {
 		return 1;
 	} 
 	$self->user(WebGUI::User->new($self->session,1));
@@ -246,7 +246,7 @@ sub createAccountSave {
     my $properties;
     $properties->{ changeUsername       } = $setting->get("webguiChangeUsername");
     $properties->{ changePassword       } = $setting->get("webguiChangePassword");   
-    $properties->{ identifier           } = Digest::MD5::md5_base64($password);
+    $properties->{ identifier           } = $self->hashPassword($password);
     $properties->{ passwordLastUpdated  } = $session->datetime->time();
     $properties->{ passwordTimeout      } = $setting->get("webguiPasswordTimeout");
     $properties->{ status } = 'Deactivated' if ($setting->get("webguiValidateEmail"));
@@ -409,7 +409,7 @@ sub editUserFormSave {
    my $userData = $self->getParams($userId);
    my $identifier = $self->session->form->process('authWebGUI.identifier');
    unless (!$identifier || $identifier eq "password") {
-      $properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process('authWebGUI.identifier'));
+      $properties->{identifier} = $self->hashPassword($self->session->form->process('authWebGUI.identifier'));
 	   if($userData->{identifier} ne $properties->{identifier}){
 	     $properties->{passwordLastUpdated} =$self->session->datetime->time();
       }
@@ -671,6 +671,13 @@ sub getUserIdByPasswordRecoveryToken {
        return $session->db->quickScalar("select userId from authentication where fieldName = 'emailRecoverPasswordVerificationNumber' and fieldData = ?", [$token]); 
 }
 
+#-------------------------------------------------------------------
+sub hashPassword {
+    my ($self, $password) = @_;
+    return Digest::MD5::md5_base64(Encode::encode_utf8($password));
+}
+
+
 #-------------------------------------------------------------------
 sub login {
    my $self = shift;
@@ -954,7 +961,7 @@ sub profileRecoverPasswordFinish {
 	if ($self->_isValidPassword($password, $passwordConfirm)) {
 		$self->user( $user );
 		$self->saveParams($userId, $self->authMethod,
-				  { identifier => Digest::MD5::md5_base64($password),
+				  { identifier => $self->hashPassword($password),
 				    passwordLastUpdated => $self->session->datetime->time });
 		$self->_logSecurityMessage;
 		return $self->SUPER::login;
@@ -1103,7 +1110,7 @@ sub emailResetPasswordFinish {
        if ($self->_isValidPassword($password, $passwordConfirm)) {
                $self->user(WebGUI::User->new($self->session, $userId));
                $self->saveParams($userId, $self->authMethod,
-                                 { identifier => Digest::MD5::md5_base64($password),
+                                 { identifier => $self->hashPassword($password),
                                    passwordLastUpdated => $self->session->datetime->time });
                $self->_logSecurityMessage;
 
@@ -1157,7 +1164,7 @@ sub resetExpiredPasswordSave {
    
    return $self->resetExpiredPassword($u->userId, "<h1>".$i18n->get(70)."</h1><ul>".$error.'</ul>') if ($error);
    
-   $properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process("identifier"));
+   $properties->{identifier} = $self->hashPassword($self->session->form->process("identifier"));
    $properties->{passwordLastUpdated} =$self->session->datetime->time();
    
    $self->saveParams($u->userId,$self->authMethod,$properties);
@@ -1229,7 +1236,7 @@ sub updateAccount {
 	  if($password){
 	     my $userData = $self->getParams;
          unless ($password eq "password") {
-            $properties->{identifier} = Digest::MD5::md5_base64($password);
+            $properties->{identifier} = $self->hashPassword($password);
 			$self->_logSecurityMessage();
 	        if($userData->{identifier} ne $properties->{identifier}){
 	           $properties->{passwordLastUpdated} =$self->session->datetime->time();