Version 1.6.3 Released

This security hotfix addresses authentication vulnerabilities in the login system. We've enhanced session generation and login logic to prevent email enumeration attacks and mitigate timing-based attack vectors, ensuring consistent behavior regardless of user existence.

🛡 Security

Authentication Hardening

• Email Enumeration Prevention - The authentication response now behaves consistently, eliminating information leakage through response variations.

• Timing Attack Mitigation - Implemented consistent computational effort during authentication regardless of user existence or password validation outcome. Fixed-salt hash comparison ensures uniform response times, preventing timing-based user enumeration.

• Consistent CAPTCHA Behavior - Updated failed login attempt handling to apply CAPTCHA requirements uniformly for both existing and non-existing users, preventing behavioral fingerprinting.

---