Summary: | Password change should invalidate all user sessions | ||
---|---|---|---|
Product: | Community | Reporter: | Turan Al Ayat <rebelliousbd> |
Component: | Vulnerability Reports | Assignee: | Security vulnerabilitied reported against Eclipse projects <vulnerability.reports-inbox> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | major | ||
Priority: | P3 | CC: | chris.guindon, wayne.beaton |
Version: | unspecified | Keywords: | security |
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | All | ||
Whiteboard: |
Description
Turan Al Ayat
2018-10-29 00:14:16 EDT
Marking as Committer-only group for handling security advisories in a closed fashion. I created a patch that will delete any duplicate session of a user on logout: https://foundation.eclipse.org/r/2924 This should be fixed now! Could you confirm? |