Running 3.7.1 and when my users try to reset their password they are getting the expired link to reset the password. All updates are current, but this issue has only been reported since the recent update went through. I have notification emails about password resets the day before the update (28th), but none since.
I have tested this, and the same reset key is being supplied for all password reset attempts - different users, browsers - same result. So it appears the system is not creating new keys for resets- just sending the same old expired one.
Have deactivated all plugins that might work on password/user to test and it has made no difference.
Any other options? Have a site with a lot of users sending this issue.