It has come to our attention that certain companies have the security policy to completely lock an account completely, after a certain number of failed password attempts.

Currently, Confluence allows the user to still login with the correct password after the maximum failed attempts, as long as they enter the correct Captcha.

We need to allow admins the ability to completely lock the account after a number of failed attempts, something like what this query does:

UPDATE cwd_user_attribute c JOIN cwd_user u ON c.user_id = u.id SET c.attribute_value = 'true', c.attribute_lower_value = 'true'
WHERE u.user_name = '<username>' AND c.attribute_name = 'requiresPasswordChange';

Where <username> is the user's username.