diff --git a/core/modules/user/src/Controller/UserController.php b/core/modules/user/src/Controller/UserController.php
index ca7adb2..018cfb5 100644
--- a/core/modules/user/src/Controller/UserController.php
+++ b/core/modules/user/src/Controller/UserController.php
@@ -158,7 +158,11 @@ public function resetPass($uid, $timestamp, $hash) {
    */
   public function changeEmail($uid, $timestamp, $new_email, $hash) {
     $user = \Drupal::currentUser();
-    $account = $this->userData->get('user', $uid);
+    $account = $this->userStorage->load($uid);
+
+    // We need to set the new email here to validate the hash correctly, which is
+    // created using the new mail adress. We only save the account if the hash matches.
+    $account->setEmail($new_email);
 
     $timeout = 24 * 60 * 60;
     $current = $_SERVER['REQUEST_TIME'];
@@ -170,11 +174,10 @@ public function changeEmail($uid, $timestamp, $new_email, $hash) {
       else if ($user->id() && $user->id() != $account->id()) {
         drupal_set_message(t('You are currently logged in as %user, and are attempting to confirm an email address change for %account, which is not allowed. Please log in as %account and initiate a new change of email request.', array('%user' => $user->name, '%account' => $account->name)), 'error');
       }
-      else if ($hash != user_pass_rehash($account->getPassword(), $timestamp, $new_email, $account->id())) {
+      else if ($hash != user_pass_rehash($account, $timestamp)) {
         drupal_set_message(t('There was a problem validating the used link. Please visit your account edit page and retry changing your email address.'), 'error');
       }
-      else if ($timestamp > $account->login && $timestamp < $current) {
-        $account->setEmail($new_email);
+      else if ($timestamp > $account->getLastLoginTime() && $timestamp < $current) {
         $account->save();
         drupal_set_message(t('Your email address has been changed to %mail.', array('%mail' => $new_email)));
       }
@@ -184,7 +187,7 @@ public function changeEmail($uid, $timestamp, $new_email, $hash) {
       throw new AccessDeniedHttpException();
     }
 
-    $this->redirect('user');
+    return $this->redirect('user.page');
   }
 
   /**
diff --git a/core/modules/user/user.install b/core/modules/user/user.install
index 91a908e..0c59cb7 100644
--- a/core/modules/user/user.install
+++ b/core/modules/user/user.install
@@ -85,3 +85,16 @@ function user_install() {
     ))
     ->save();
 }
+
+
+/**
+ * Update config for change mail notifications.
+ */
+function user_update_8002() {
+  $mail_config = \Drupal::service('config.factory')->getEditable('user.mail');
+  $mail_config->set('mail_change_notification.body',"[user:display-name],\n\nA request to change your e-mail address has been made at [site:name]. In order to complete the change you will need to follow the instructions sent to your new e-mail address within one day.");
+  $mail_config->set('mail_change_notification.subject','E-mail change information for [user:display-name] at [site:name]');
+  $mail_config->set('mail_change_verification.body',"[user:display-name],\n\nA request to change your e-mail address has been made at [site:name]. You need to verify the change by clicking on the link below or copying and pasting it in your browser:\n\n[user:mail-change-login-url]\n\nThis is a one-time URL, so it can be used only once. It expires after one day. If not used, your e-mail address at [site:name] will not change.");
+  $mail_config->set('mail_change_verification.subject','E-mail change information for [user:display-name] at [site:name]');
+  $mail_config->save();
+}