26 lines
1.3 KiB
YAML
26 lines
1.3 KiB
YAML
- name: "Non-expiring access tokens"
|
|
announcement_milestone: "15.4"
|
|
announcement_date: "2022-09-22"
|
|
removal_milestone: "16.0"
|
|
removal_date: "2023-05-22"
|
|
breaking_change: true
|
|
reporter: hsutor
|
|
body: | # Do not modify this line, instead modify the lines below.
|
|
Access tokens that have no expiration date are valid indefinitely, which presents a security risk if the access token
|
|
is divulged. Because access tokens that have an exipiration date are better, from GitLab 15.3 we
|
|
[populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
|
|
|
|
In GitLab 16.0, any [personal](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html),
|
|
[project](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html), or
|
|
[group](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) access token that does not have an
|
|
expiration date will automatically have an expiration date set at one year.
|
|
|
|
We recommend giving your access tokens an expiration date in line with your company's security policies before the
|
|
default is applied:
|
|
|
|
- On GitLab.com during the 16.0 milestone.
|
|
- On GitLab self-managed instances when they are upgraded to 16.0.
|
|
stage: Manage
|
|
tiers: [Free, Premium, Ultimate]
|
|
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369122
|