- **status**: review --> closed - **private**: Yes --> No
--- ** [tickets:#7786] Invalidate pwd reset tokens after email change** **Status:** closed **Milestone:** unreleased **Labels:** security sf-current sf-2 **Created:** Thu Oct 30, 2014 07:38 PM UTC by Dave Brondsema **Last Updated:** Wed Feb 18, 2015 09:19 PM UTC **Owner:** Heith Seewald Password reset tokens should be invalidated after an email address change, so that any existing resets that went to a potentially compromised email address cannot be used. --- Sent from forge-allura.apache.org because [email protected] is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
