Sadly the release schedule has slipped a bit from that roadmap. I should probably update it :)
A number of factors have contributed to the slippage. Foremost, my day job has been keeping me extremely busy this year, so while I can hop over passlib in a flash if any security issues come up, new feature development has been somewhat sporadic, and for major releases like v1.7, the real release date is basically "when enough new features are ready". The main reason there haven't been any point releases (e.g. v1.6.2) is that there haven't been any new bugs since then... but I should probably schedule a point release of passlib soon anyways, just to update the default rounds settings and documentation (it's been about a year).
I've blocked out some time later this week when I can sit down and update the roadmap, to account for the status of various new features that are in the pipeline. But to quickly summarize things: the two biggest items blocking the 1.7 release are support for peppered hashes, and support for scrypt. Those are two features which I *strongly* want to include within the
next release, but they are requiring quite a bit of legwork to make sure
I've got them right, both from a cryptographic- and an API- perspective.
1. Peppered Hashes (issue 38 -- https://code.google.com/p/passlib/issues/detail?id=38
) and 2): I won't consider this feature ready for release until I feel the API is easy to use, but is also an API that also encourages people to use it in a secure manner. None of the designs I've tried so far have felt right to me and/or secure, so I've spent most of my time on that issue researching the solutions of others.
2. Scrypt (issue 8 -- https://code.google.com/p/passlib/issues/detail?id=8
): This feature just requires a lot of hacking until passlib has both a cross-platform CFFI-based C extension (which I'm still at a documentation-hunting stage for), and a pure-python fallback (which exists, but hasn't been scrutinized and tested as much as I'd like).
Once those and a few other smaller features (such as the password generation & strength checking) are done, there will definitely be a 1.7 release! I'll post a followup to this email later in the week when I've worked out a more accurate timeline, given my dayjob's current workload :)