Added breaking changes for /users/password and /users/authorize APIs to 7.8 release notes

rrelledge · rrelledge · commit 0e046cbed432 · 2025-05-15T10:23:12.000-05:00
diff --git a/content/operate/rs/release-notes/rs-7-8-releases/_index.md b/content/operate/rs/release-notes/rs-7-8-releases/_index.md
@@ -65,6 +65,24 @@ Redis Software version 7.8.2 introduces the following breaking changes:
 
     - When you [upgrade a database]({{<relref "/operate/rs/references/rest-api/requests/bdbs/upgrade#post-bdbs-upgrade">}}) using the REST API, you can set `"latest_with_modules": false` in the request body to prevent module upgrades.
 
+- Authentication method changes for [`/v1/users/password`]({{<relref "/operate/rs/references/rest-api/requests/users/password">}}) REST API requests.
+
+    - `PUT`, `POST`, and `DELETE` methods require users to include their usernames and a current password in the authentication header to change their password lists. If the authentication header is not provided, the response status will be `401 Unauthorized`.
+
+    - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests.
+
+    - `PUT` and `POST` requests will ignore `username` and `old_password` parameters provided in the request body.
+
+    - `DELETE` requests will ignore the `username` parameter provided in the request body.
+
+- Authentication method changes for [`POST /v1/users/authorize`]({{<relref "/operate/rs/references/rest-api/requests/users/authorize">}}) REST API requests.
+
+    - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token.
+
+    - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests.
+
+    - `POST` requests will ignore `username` and `password` parameters provided in the request body.
+
 #### Redis database version 7.4 breaking changes {#redis-74-breaking-changes}
 
 When new major versions of Redis Community Edition change existing commands, upgrading your database to a new version can potentially break some functionality. Before you upgrade, read the provided list of breaking changes that affect Redis Software and update any applications that connect to your database to handle these changes.
diff --git a/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md b/content/operate/rs/release-notes/rs-7-8-releases/rs-7-8-2-34.md
@@ -246,6 +246,24 @@ Redis Software version 7.8.2 introduces the following breaking changes:
 
     - When you [upgrade a database]({{<relref "/operate/rs/references/rest-api/requests/bdbs/upgrade#post-bdbs-upgrade">}}) using the REST API, you can set `"latest_with_modules": false` in the request body to prevent module upgrades.
 
+- Authentication method changes for [`/v1/users/password`]({{<relref "/operate/rs/references/rest-api/requests/users/password">}}) REST API requests.
+
+    - `PUT`, `POST`, and `DELETE` methods require users to include their usernames and a current password in the authentication header to change their password lists. If the authentication header is not provided, the response status will be `401 Unauthorized`.
+
+    - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests.
+
+    - `PUT` and `POST` requests will ignore `username` and `old_password` parameters provided in the request body.
+
+    - `DELETE` requests will ignore the `username` parameter provided in the request body.
+
+- Authentication method changes for [`POST /v1/users/authorize`]({{<relref "/operate/rs/references/rest-api/requests/users/authorize">}}) REST API requests.
+
+    - The `POST` method requires users to include their usernames and a current password in the authentication header to generate a JSON Web Token.
+
+    - `/v1/users/password` requests change the password list of the user who provides their credentials in the authorization header when sending the requests.
+
+    - `POST` requests will ignore `username` and `password` parameters provided in the request body.
+
 ### Redis database version 7.4 breaking changes {#redis-74-breaking-changes}
 
 When new major versions of Redis Community Edition change existing commands, upgrading your database to a new version can potentially break some functionality. Before you upgrade, read the provided list of breaking changes that affect Redis Software and update any applications that connect to your database to handle these changes.
