- **labels**: security, sf-current, sf-2 --> security, sf-2
--- ** [tickets:#7786] Invalidate pwd reset tokens after email change** **Status:** closed **Milestone:** unreleased **Labels:** security sf-2 **Created:** Thu Oct 30, 2014 07:38 PM UTC by Dave Brondsema **Last Updated:** Mon Feb 23, 2015 03:45 PM UTC **Owner:** Heith Seewald Password reset tokens should be invalidated after an email address change, so that any existing resets that went to a potentially compromised email address cannot be used. --- Sent from forge-allura.apache.org because [email protected] is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
