You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2015/02/19 17:56:05 UTC

[allura:tickets] #7786 Invalidate pwd reset tokens after email change

- **status**: review --> closed
- **private**: Yes --> No



---

** [tickets:#7786] Invalidate pwd reset tokens after email change**

**Status:** closed
**Milestone:** unreleased
**Labels:** security sf-current sf-2 
**Created:** Thu Oct 30, 2014 07:38 PM UTC by Dave Brondsema
**Last Updated:** Wed Feb 18, 2015 09:19 PM UTC
**Owner:** Heith Seewald

Password reset tokens should be invalidated after an email address change, so that any existing resets that went to a potentially compromised email address cannot be used.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.