diff options
Diffstat (limited to 'data/deprecations/15-4-non-expiring-access-tokens.yml')
-rw-r--r-- | data/deprecations/15-4-non-expiring-access-tokens.yml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/data/deprecations/15-4-non-expiring-access-tokens.yml b/data/deprecations/15-4-non-expiring-access-tokens.yml new file mode 100644 index 00000000000..c4becf9ed34 --- /dev/null +++ b/data/deprecations/15-4-non-expiring-access-tokens.yml @@ -0,0 +1,25 @@ +- name: "Non-expiring access tokens" + announcement_milestone: "15.4" + announcement_date: "2022-09-22" + removal_milestone: "16.0" + removal_date: "2023-05-22" + breaking_change: true + reporter: hsutor + body: | # Do not modify this line, instead modify the lines below. + Access tokens that have no expiration date are valid indefinitely, which presents a security risk if the access token + is divulged. Because access tokens that have an exipiration date are better, from GitLab 15.3 we + [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660). + + In GitLab 16.0, any [personal](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html), + [project](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html), or + [group](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) access token that does not have an + expiration date will automatically have an expiration date set at one year. + + We recommend giving your access tokens an expiration date in line with your company's security policies before the + default is applied: + + - On GitLab.com during the 16.0 milestone. + - On GitLab self-managed instances when they are upgraded to 16.0. + stage: Manage + tiers: [Free, Premium, Ultimate] + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369122 |