Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 9.11.0
Affects Version/s: 8.22.6
Component/s: Security
Labels:

Introduced in Version:
8.22
Support reference count:
4
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy
Current Status:

Hide

Atlassian Update – 28 June 2023

Hi everyone,

Thank you for taking the time to file and comment on this issue. We've reviewed it and agreed it’s a priority for us to resolve. Our engineers have already started working on the issue.

Please continue watching this ticket for future updates and changes in the timeline that may impact your work.

Andrzej Kotas

Jira DC Product Manager

Show
Atlassian Update – 28 June 2023 Hi everyone, Thank you for taking the time to file and comment on this issue. We've reviewed it and agreed it’s a priority for us to resolve. Our engineers have already started working on the issue. Please continue watching this ticket for future updates and changes in the timeline that may impact your work. Andrzej Kotas Jira DC Product Manager

Description

When a user changes their username via the UI the session cookie is not invalidated. For security purposes, all sessions should be invalidated and require the user to sign back in with the new password.

Attachments

Issue Links

is cloned from

CONFSERVER-75184 Confluence does not invalidate session after a password change

Gathering Interest

is incorporated by

JRASERVER-74939 Session invalidation should be propagated to other nodes in the cluster

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

relates to: VULN-790549 Loading...; VULN-872373 Loading...; RAID-3460 Loading...

(3 relates to)

Activity

People

Assignee:: Mikolaj Rydzewski (Inactive)

Reporter:: asah (Inactive)

Votes:: 3 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 11/Mar/2022 1:55 PM

Updated:: 04/Sep/2023 5:44 PM

Resolved:: 04/Sep/2023 10:38 AM