Merge branch 'security-sarcila-fix-weak-session-management' into 'master'

Clear reset_password_tokens when login (email or username) change See merge request gitlab/gitlabhq!3334
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-29 21:33:52 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-29 21:33:52 +0000
commit: 4e8e402bc59062849288da8d5b6e437907442fa9 (patch)
tree: 575bf6b3cfe4130a69a2fcd4cf1e39b7b327fef0 /changelogs
parent: a69aebcd2c7edbe7fba1bd4aa583b3a8d3a11cdf (diff)
parent: 5012c622405e63655256735d266168450ad1d159 (diff)
download: gitlab-ce-4e8e402bc59062849288da8d5b6e437907442fa9.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml b/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml
new file mode 100644
index 00000000000..a37a3099519
--- /dev/null
+++ b/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml
@@ -0,0 +1,6 @@
+---
+title: Fix weak session management by clearing password reset tokens after login (username/email)
+  are updated
+merge_request:
+author:
+type: security
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-29 21:33:52 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-29 21:33:52 +0000
commit	4e8e402bc59062849288da8d5b6e437907442fa9 (patch)
tree	575bf6b3cfe4130a69a2fcd4cf1e39b7b327fef0 /changelogs
parent	a69aebcd2c7edbe7fba1bd4aa583b3a8d3a11cdf (diff)
parent	5012c622405e63655256735d266168450ad1d159 (diff)
download	gitlab-ce-4e8e402bc59062849288da8d5b6e437907442fa9.tar.gz