v0.7.572
Security hardening and reliability improvements
This release strengthens account security with additional verification steps for sensitive actions, improves the reliability of background checks, and includes several internal fixes to keep the platform running smoothly.
Features
- Extra verification for sensitive actions: When a staff member with two-factor authentication (TOTP) enabled performs high-risk actions — such as inviting an admin, resetting a password, or invalidating a session — they are now asked to confirm their identity with a fresh authentication code. This reduces the risk of unauthorized changes even if a session is compromised.
Security and reliability
- Sensitive administrative actions now require a fresh two-factor confirmation, adding an extra layer of protection against unauthorized use.
- Background integrity checks now run against the live environment after each release, giving earlier detection of any unexpected changes to the data structure.
- Feedback submissions are now anonymized after one year across all fields, ensuring personal information is not retained longer than necessary.