## What's New
We are excited to announce the addition of a comprehensive two-factor authentication (2FA) system. This new feature allows users to enhance their account security by using WebAuthn for authentication and backup codes for added convenience. The interfaces have been redesigned to make managing these security features simple and intuitive, helping users to feel more secure in their accounts.
## Improvements
Several improvements have been made to existing functionalities to enhance user experience and security. The markdown rendering for changelog entries now includes HTML sanitization to prevent cross-site scripting (XSS) vulnerabilities. Additionally, we've implemented rate limiting for both password reset requests and login attempts to further protect against unauthorized access.
The changelog entry management has also been enhanced with role-based access control, ensuring that only authorized users can modify or access specific entries. This change reinforces the security measures in place for managing sensitive information.
## Bug Fixes
A number of critical bugs have been addressed in this update. Notably, we've fixed vulnerabilities related to password reset processes and strengthened validation to prevent potential exploits. The email delivery for password resets has been adjusted to ensure timely notifications. Furthermore, issues with the DNS rebinding protection have been resolved to allow custom domains without hindering functionality.
Overall, this release focuses on strengthening security while providing users with the tools they need to manage their accounts confidently.