Changelog entry
Admin destructive confirm-token hardening (Issue #764)
2026-03-31
- Hardened admin destructive-action confirmation checks by validating the `RESET` token with timing-safe comparison logic, reducing token-check side-channel risk in admin operations.