keystone/releasenotes/notes/bug-1705485-7a1ad17b9cc99b9d.yaml
ZhongShengping 5f90447b40 Replace git.openstack.org URLs with opendev.org URLs
Thorough replacement of git.openstack.org URLs with their opendev.org
counterparts.

Change-Id: I7cd39dacaa1f2cdc2d74da39ae3971246e922907
2019-04-24 11:51:00 +08:00

20 lines
983 B
YAML

---
upgrade:
- |
[`bug 1705485 <https://bugs.launchpad.net/keystone/+bug/1705485>`_]
The `change_password` protection policy can be removed from file-based
policies. This policy is no longer used to protect the self-service
password change API since the logic was moved into code. Note that the
administrative password reset functionality is still protected via policy
on the `update_user` API.
fixes:
- |
[`bug 1705485 <https://bugs.launchpad.net/keystone/+bug/1705485>`_]
A `previous change <https://review.opendev.org/#/c/404022/>`_ removed
policy from the self-service password API. Since a user is required to
authenticate to change their password, protection via policy didn't
necessarily make sense. This change removes the default policy from code,
since it is no longer required or used by the service. Note that
administrative password resets for users are still protected via policy
through a separate endpoint.