php · paymenter/paymenterHeads-up
paymenter/paymenter: Email update fails to reset verification status
Email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain it
What changed
Email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address.
Who it affects
Users of paymenter/paymenter who rely on email verification for account trust and features gated behind verified status.
What to do today
Update the email change process to reset the verification status and require re-verification of the new email address.
The trail
Collected→
Audited→
Written→
Published