Whenever a new user in Matomo is created or a password is changed Matomo calls the
UsersManager.checkPassword event and if it fails, warns the user that the password is insecure.
That's used by https://plugins.matomo.org/PasswordVerifier and other plugins to disallow some kind of passwords.
But with the new invitation process and
acceptInvitation() this function is never called in the process and only the builtin basic check is done:
This means users could sign up with passwords that don't match the password requirements.
Matomo Version: 04c1149d81bd5e48671f212f9a1cbd12fa10ef85