Breaking: #102763 - Frontend user password recovery hashes invalidated¶
See forge#102763
Description¶
The replacement of deprecated class
\TYPO3\
results in existing
password recovery hashes of frontend users being invalid.
Impact¶
A frontend user with a valid and unexpired password recovery link created with a TYPO3 version < 13 can not use the password recovery link to reset the password.
These hashes have a limited lifetime already (12 hours). On large installations that require hashes to survive a major update, you could write a small CLI task that re-adds missing hashes created in the maintenance time window of the upgrade.
Affected installations¶
TYPO3 installations which use the "Display Password Recovery Link" option of ext:fe_login.
Migration¶
Frontend users need to request a new password recovery link to reset the password.