Because of the recent security issue, our organization updated the PRLP module from version 8.x-1.3 to 8.x-1.5. After the update, when we tested the password reset functionality, the reset links were still emailed to the appropriate addresses, but when the users attempted to use them, they received a 400 Bad Request error. This did not happen prior to the update. Thinking that this might be resolved in 8.x-1.6, we tried to update PRLP to the latest version but the problem still occurred.
A sample URL from PRLP reset is shown below.
https://<ourorg>/user/reset/214/1592942239/izl896rI8kdsx20gs4b8EsFMaheRWd9-MBc44BCS_vI
Closed: cannot reproduce
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.