On a fresh installation of the last community edition Version 6.5.22 (Build 1055)
if a user want to reset his password at "forgot password" on the logon screen, and his email adress has ".world" for top level part of his domain, the system ask for a valid email adress... But the email is valid and configure in the user account.
If I go with the admin in user management and ask a reset password, that's work.
Where in the source code can I modify the validation of the email adresse at forgot password at logon screen?