gitlab-org--gitlab-foss/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml at 9fc9ab2ba2b0db05f6365054aa3bddcda3c7333d - kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss - Forgejo by Causa Arcana

kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

Sebastian Arcila Valenzuela 5012c62240 Add User#will_save_change_to_login? to clear reset_password_tokens

Devise checks before updating any of the authentication_keys if it
needs to clear the reset_password_tokens.

This should fix:
https://gitlab.com/gitlab-org/gitlab-ce/issues/42733 (Weak
authentication and session management)

2019-08-21 13:05:55 +02:00

6 lines

154 B

YAML

Raw Blame History

 ---
 title: Fix weak session management by clearing password reset tokens after login (username/email)
   are updated
 merge_request:
 author:
 type: security