v2.4.0

[kOaDT]

What's New

• Introduced a new admin review moderation workflow with customizable display names and an author filtering system. Added a realistic second-order SQL injection challenge integrated into moderation filters. (Implement Second-Order SQL Injection via Admin Review Moderation Filters #53)
• Implemented a progressive hints system for CTF flags to help guide players through challenges.

Improvements

• Auth tokens are no longer stored in localStorage; they are now handled via HTTP-only cookies with sameSite:lax, enabling more accurate simulation of real-world CSRF scenarios. (Migrate authentication from localStorage to cookies for realistic CSRF demonstration #25)
• Authentication flow redesigned to rely on HTTP-only cookie based JWTs, providing a more realistic browser security model. (Migrate authentication from localStorage to cookies for realistic CSRF demonstration #25)
• Frontend API layer updated to automatically include credentials in requests. (Migrate authentication from localStorage to cookies for realistic CSRF demonstration #25)
• Documentation and walkthrough content refreshed to align with the new authentication and vulnerability mechanics. (Migrate authentication from localStorage to cookies for realistic CSRF demonstration #25)

---

This discussion was created from the release v2.4.0.