🚨 Emergency Update: TOTP (Google Authenticator) Support Added

Overview

An emergency security update has been released introducing TOTP-based two-factor authentication (2FA) for user accounts, compatible with Google Authenticator, Authy, 1Password, and Microsoft Authenticator.

Details

• New Feature: Enable TOTP 2FA in your account settings.
• Standard Compatibility: Supports RFC 6238-compliant TOTP tokens.
• Login Flow Update: After enabling, users must enter a 6-digit code from their authenticator app on login.
• Recovery Options: Generate backup codes for emergency access if your device is lost or reset.

Technical Notes

• Implemented under the totp module using a secure SHA-1 algorithm.
• QR codes are generated dynamically with encrypted secret keys.
• Enforcement is optional now but will become mandatory for privileged accounts (admins, moderators, developers) within 48 hours.

Action Required

• All staff must enable TOTP authentication immediately.
• Go to Account → Security → Two-Factor Authentication and scan the QR code with your app.
• Store your recovery codes in a secure location.

Markdown Support Added

This update also introduces Markdown rendering across multiple components:

• User bios
• Posts and announcements

Supported Markdown Features

• Headings (#, ##, etc.)
• Lists (-, *, and numbered lists)
• Links ([text](url))
• Inline code (`code`)
• Code blocks (``````language ... ```````)

A sanitization layer has been applied to prevent XSS vulnerabilities and ensure safe rendering.

Version: v2.4.1-emergency
Release Date: October 20, 2025
Priority: Critical