Passwords will be hashed with the Argon2 library.
https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#using-argon2-with-django

Also, new passwords will go through 'common-passwords-checks'. This will prevent
access to accounts using one of those common brute force password hackers around,
in case of a breach.

If a certain permission was removed on a Group, it didn't explicity
removed the permission from the database. Therefore, removing a permission
from the Group in the command didn't have effect on the production area.

This could lead unattended permissions on a Group.

Needed refactoring of submit manuscript flow.
Checks are run via the forms. Also, the copying
of data from old submissions is done via forms.

All this functionality is removed from the model.

The removeal of the old ArxivCaller made the submit Manuscript
view crash. At least 5 properties of the old caller was relied on
but not found on the new caller.

Also, (more) important are three checks on the submit manuscript
page which are missing now. These should be implemented into the
submission form back again.

Due to the new Commentary request forms, which were
also used during vetting (choice=modify), the vetting
went wrong sometimes.
If the vetting action was 'modify', the user was redirected
to the old form which didn't exist anymore.

As a result of how the contruction of this modify structure, the Commentary
was first deleted and thus the data was lost. The requester did receive
a mail that his/her Commentary was accessible on SciPost however.

I fixed this by recontructing the vetting views. I combined the
vetting list and the vet request. I removed the action removing
the Commentary and made this a redirect to a new view which is
a modify page accessible only for EdCol Admins to modify+accept
the Commentary. Also, the mail for 'modify' vetting is also just sent
at *after* modification now.