From 76f9c701c3920d83c0fe8f08b9197e2e92e12dad Mon Sep 17 00:00:00 2001
From: Patrick Cloke <clokep@users.noreply.github.com>
Date: Wed, 16 Jun 2021 11:07:28 -0400
Subject: Always require users to re-authenticate for dangerous operations.
 (#10184)

Dangerous actions means deactivating an account, modifying an account
password, or adding a 3PID.

Other actions (deleting devices, uploading keys) can re-use the same UI
auth session if ui_auth.session_timeout is configured.
---
 changelog.d/10184.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/10184.bugfix

(limited to 'changelog.d/10184.bugfix')

diff --git a/changelog.d/10184.bugfix b/changelog.d/10184.bugfix
new file mode 100644
index 0000000000..6bf440d8f8
--- /dev/null
+++ b/changelog.d/10184.bugfix
@@ -0,0 +1 @@
+Always require users to re-authenticate for dangerous operations: deactivating an account, modifying an account password, and adding 3PIDs.
-- 
cgit 1.5.1