13 lines
789 B
YAML
13 lines
789 B
YAML
- name: "Optional enforcement of personal access token expiration"
|
|
announcement_milestone: "14.8"
|
|
announcement_date: "2022-02-22"
|
|
removal_milestone: "15.0"
|
|
removal_date: "2022-05-22"
|
|
breaking_change: true
|
|
reporter: stkerr
|
|
body: |
|
|
Allowing expired personal access tokens to be used is unusual from a security perspective and could create unusual situations where an
|
|
expired key is unintentionally able to be used. Unexpected behavior in a security feature is inherently dangerous and so we now do not let expired personal access tokens be used.
|
|
|
|
issue_url: "https://gitlab.com/gitlab-org/gitlab/-/issues/351962"
|
|
documentation_url: "https://docs.gitlab.com/ee/user/admin_area/settings/account_and_limit_settings.html#allow-expired-access-tokens-to-be-used-removed"
|