Merge branch 'security-sarcila-fix-weak-session-management-12-2' into '12-2-stable'

Clear reset_password_tokens when login (email or username) change See merge request gitlab/gitlabhq!3346
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-26 10:42:00 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-08-26 10:42:00 +0300
commit: bc1902190f608a1537b8fb7184463422e4a49c20 (patch)
tree: f5a3d5b53503f0a61df5c2f837a6e31dc632fcee /changelogs
parent: ff2c6c9d107eac46726f7a929e2400be8d917c44 (diff)
parent: 8184200705a0755db17e9b1eeb58dab7e8cc6d25 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml b/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml
new file mode 100644
index 00000000000..a37a3099519
--- /dev/null
+++ b/changelogs/unreleased/security-sarcila-fix-weak-session-management.yml
@@ -0,0 +1,6 @@
+---
+title: Fix weak session management by clearing password reset tokens after login (username/email)
+  are updated
+merge_request:
+author:
+type: security
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-26 10:42:00 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-08-26 10:42:00 +0300
commit	bc1902190f608a1537b8fb7184463422e4a49c20 (patch)
tree	f5a3d5b53503f0a61df5c2f837a6e31dc632fcee /changelogs
parent	ff2c6c9d107eac46726f7a929e2400be8d917c44 (diff)
parent	8184200705a0755db17e9b1eeb58dab7e8cc6d25 (diff)