packagist symfonycasts/reset-password-bundle v1.1.1
Security Enhancement: clear all user requests after usage

latest releases: dev-main, dev-bocharsky-bw-patch-1, 2.x-dev...
4 years ago

Hi friends!

This release contains one change to harden security:

  • ensure all requests are removed for user - #105 thanks to @kbond

While not normally possible (unless you change the throttle timeout), if a user does have multiple, active "password reset requests" in storage, after using one of them to change their password, all "password reset requests" for that user should be removed. This is safer than allowing other password reset requests to remain active.

Cheers!

Don't miss a new reset-password-bundle release

NewReleases is sending notifications on new releases.