- title: "Optional enforcement of personal access token expiration"
  announcement_milestone: "14.8"
  announcement_date: "2022-02-22"
  removal_milestone: "15.0"
  removal_date: "2022-05-22"
  breaking_change: true
  reporter: stkerr
  body: |
    Allowing expired personal access tokens to be used is unusual from a security perspective and could create unusual situations where an
    expired key is unintentionally able to be used. Unexpected behavior in a security feature is inherently dangerous and so we now do not let expired personal access tokens be used.

  issue_url: "https://gitlab.com/gitlab-org/gitlab/-/issues/351962"
  documentation_url: "https://docs.gitlab.com/ee/user/admin_area/settings/account_and_limit_settings.html#allow-expired-access-tokens-to-be-used-removed"