This project is not covered by Drupal’s security advisory policy.

This module is unsupported due to a security issue the maintainer didn’t fix.

If you want to use this module, your options are:

  • Choose another, actively maintained module instead
  • File an issue in the queue with a patch to fix the module and then contact the security team to have your version reviewed and the project handed over to you following the unsupported project process.
  • Hire someone to fix the security bug so the module can be re-published and supported (Consider hiring companies listed in the Marketplace)

On multiple submitting of reset password form causes to multiple email notifications to a user in a sequence. Any random email notification can be use to reset password, which causes to vulnerability issue i.e. only last generated notification email should be valid to reset the password, all others notifications should get expired.

To solve this vulnerability issue, this module expires all the multiple notifications except last notification email sent to user.

Requires Drupal: ^8.8 || ^9

Supporting organizations: 

Project information

Releases