summary refs log tree commit diff
path: root/changelog.d/10184.bugfix
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2021-06-16 11:07:28 -0400
committerGitHub <noreply@github.com>2021-06-16 11:07:28 -0400
commit76f9c701c3920d83c0fe8f08b9197e2e92e12dad (patch)
treeeea41aae32a58a9484d27b975982143b41d65231 /changelog.d/10184.bugfix
parentA guide to the request log lines format. (#8436) (diff)
downloadsynapse-76f9c701c3920d83c0fe8f08b9197e2e92e12dad.tar.xz
Always require users to re-authenticate for dangerous operations. (#10184)
Dangerous actions means deactivating an account, modifying an account
password, or adding a 3PID.

Other actions (deleting devices, uploading keys) can re-use the same UI
auth session if ui_auth.session_timeout is configured.
Diffstat (limited to 'changelog.d/10184.bugfix')
-rw-r--r--changelog.d/10184.bugfix1
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/10184.bugfix b/changelog.d/10184.bugfix
new file mode 100644
index 0000000000..6bf440d8f8
--- /dev/null
+++ b/changelog.d/10184.bugfix
@@ -0,0 +1 @@
+Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs.