Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
https://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.redmine.org/issues/35417 https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b