## What's New
In this release, we have implemented database-level encryption for sensitive tokens, including GitHub tokens and webhook secrets. This change significantly enhances the security of user data by protecting it against potential database breaches.
Additionally, we introduced automatic session timeout configurations for user sessions to further safeguard against unauthorized access. This means that sessions will automatically expire after a period of inactivity, helping to keep your information secure.
## Improvements
We have made several improvements to the security surrounding administrative actions. The way admin commands are executed has been refined, ensuring that they are now performed with a restricted sudoers rule. This enhances the security of critical operations, such as restarting services, and minimizes the risk of privilege escalation.
Furthermore, we have added session timeout handling to various controllers, ensuring that public and API endpoints do not require session management, thus simplifying user interactions in those contexts. This adjustment allows for a smoother experience while aligning with our security protocols.
## Documentation
Alongside these changes, we've updated our documentation to detail the new security measures implemented for admin commands and the encryption of sensitive tokens. This guidance provides clarity on our security model and outlines the steps taken to protect user data effectively.