[CRITICAL] Existing sessions are not correctly invalidated when a user changes their password

PKSA-62kn-sxm4-zf9x CVE-2019-10641 GHSA-vcgg-hp4r-87gx

Affected package: contao/core-bundle

Affected version: >=4.0.0,<4.4.37|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.7.3

Reported by:
FriendsOfPHP/security-advisories, GitHub