diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2021-06-16 11:07:28 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-16 11:07:28 -0400 |
commit | 76f9c701c3920d83c0fe8f08b9197e2e92e12dad (patch) | |
tree | eea41aae32a58a9484d27b975982143b41d65231 /changelog.d/10184.bugfix | |
parent | A guide to the request log lines format. (#8436) (diff) | |
download | synapse-76f9c701c3920d83c0fe8f08b9197e2e92e12dad.tar.xz |
Always require users to re-authenticate for dangerous operations. (#10184)
Dangerous actions means deactivating an account, modifying an account password, or adding a 3PID. Other actions (deleting devices, uploading keys) can re-use the same UI auth session if ui_auth.session_timeout is configured.
Diffstat (limited to 'changelog.d/10184.bugfix')
-rw-r--r-- | changelog.d/10184.bugfix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/10184.bugfix b/changelog.d/10184.bugfix new file mode 100644 index 0000000000..6bf440d8f8 --- /dev/null +++ b/changelog.d/10184.bugfix @@ -0,0 +1 @@ +Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs. |