Ok, after lots of digging I just found another problem.

Here is the code that has been recently changed:

 private void MustChangePassword(AuthorizationContext filterContext)
        {
            var changePasswordPath = "~/changepassword";
            var ctx = filterContext.RequestContext.HttpContext;
            //If not already on the ChangePassword page, then redirect there
            //This check prevents an infinite page redirect loop
            if (ctx.Request.Url.AbsolutePath.ToLower() != changePasswordPath)
                filterContext.Result = new RedirectResult(changePasswordPath);
        }

The ~ in the first string was added few days ago to allow to work with virtual directories. Apparently that change now caused me to spent a few hours figuring out what is wrong and why I am getting 'Redirecting too many times' error...