## What's New
We have switched to a Redis session store for production, which enhances both security and scalability. This change allows sessions to be managed more effectively, ensuring a smoother user experience and improved performance in multi-server environments. Additionally, we've implemented new password strength requirements for admin accounts, promoting better security practices.
A new job, the CleanupExpiredInvitesJob, has been added to automatically revoke team invitations that are older than 48 hours. This helps maintain a clean and secure invitation system, reducing the risk of unauthorized access.
## Improvements
The user interface has received a thoughtful redesign for the OAuth and billing redirect pages, ensuring a consistent look and feel across the platform. These updates improve usability and provide users with a more cohesive experience. Furthermore, we've added styling to the OAuth failure page, aligning it with the overall design of the admin login, which enhances the user experience during authentication issues.
To further bolster security, we have introduced rate limiting for admin backup code attempts, helping to mitigate the risk of brute-force attacks. We've also hidden version disclosure headers to prevent potential attackers from gaining insight into our system's specifics.
Overall, these changes reflect our commitment to enhancing security while providing a seamless user experience.