Added
- Login rate limiting: after 5 failed login attempts from the same IP, further attempts are blocked for 5 minutes (sliding window). Works for both page-based and Basic Auth (popup) login modes. Configurable via
LOGIN_RATE_LIMIT_MAX_ATTEMPTSandLOGIN_RATE_LIMIT_WINDOW_SECONDS. Set max attempts to0to disable.
Fixed
- Version footer: the Docker image now shows the actual version number instead of "dev" (the
VERSIONfile was missing from the container build).