Version 1.6.3 Released

December 18, 2025 · One min read

This security hotfix addresses authentication vulnerabilities in the login system. We've enhanced session generation and login logic to prevent email enumeration attacks and mitigate timing-based attack vectors, ensuring consistent behavior regardless of user existence.

🛡 Security

Authentication Hardening

Email Enumeration Prevention - The authentication response now behaves consistently, eliminating information leakage through response variations.
Timing Attack Mitigation - Implemented consistent computational effort during authentication regardless of user existence or password validation outcome. Fixed-salt hash comparison ensures uniform response times, preventing timing-based user enumeration.
Consistent CAPTCHA Behavior - Updated failed login attempt handling to apply CAPTCHA requirements uniformly for both existing and non-existing users, preventing behavioral fingerprinting.

🛡 Security​

Authentication Hardening​

🛡 Security

Authentication Hardening