If a verified email address is changed or removed, an email notification should be sent to the old address. The email is for informational purposes only, it should not contain any verification codes. The main purpose of this is a reasonable defense against account cracking.
Discussion on en.wp: [[Wikipedia:Village pump (proposals)/Account security#Notify of removal of verified email address]]
Version: unspecified
Severity: enhancement
Change 276563 had a related patch set uploaded (by Galorefitz):
User.php: Update 'setEmailWithConfirmation' for notification email
Change 276563 merged by jenkins-bot:
User.php: Update 'setEmailWithConfirmation' for notification email
Change #1165073 had a related patch set uploaded (by Reedy; author: Michael Große):
[mediawiki/core@REL1_43] SECURITY: fix IP leak to unverified email
Change #1165086 had a related patch set uploaded (by Reedy; author: Michael Große):
[mediawiki/core@REL1_39] SECURITY: fix IP leak to unverified email
Change #1165099 had a related patch set uploaded (by Reedy; author: Michael Große):
[mediawiki/core@REL1_44] SECURITY: fix IP leak to unverified email
Change #1165086 merged by jenkins-bot:
[mediawiki/core@REL1_39] SECURITY: fix IP leak to unverified email
Change #1165114 had a related patch set uploaded (by Reedy; author: Michael Große):
[mediawiki/core@master] SECURITY: fix IP leak to unverified email
Change #1165133 had a related patch set uploaded (by Reedy; author: Michael Große):
[mediawiki/core@REL1_42] SECURITY: fix IP leak to unverified email
Change #1165099 merged by jenkins-bot:
[mediawiki/core@REL1_44] SECURITY: fix IP leak to unverified email
Change #1165073 merged by jenkins-bot:
[mediawiki/core@REL1_43] SECURITY: fix IP leak to unverified email
Change #1165114 merged by jenkins-bot:
[mediawiki/core@master] SECURITY: fix IP leak to unverified email
Change #1165133 merged by jenkins-bot:
[mediawiki/core@REL1_42] SECURITY: fix IP leak to unverified email