Changelog

What's changed, fixed, and shipped.

May 2026
Security
  • Fixed SQL injection vulnerabilities in multiple API endpoints
  • Fixed shell injection in video background upload
  • Admin panel now requires admin_id — no regular user bypass
  • Auction bidding wrapped in database transaction to prevent race conditions
  • Admin MFA codes now delivered via email; no longer shown in flash messages
  • Custom CSS save endpoint now respects user authentication properly
  • Profile search results no longer expose email addresses to non-admins
  • Password reset validates user existence and ban status before updating
May 2026
Platform
  • Removed all paywalls — custom CSS, extra usernames, all features now free
  • Full visual redesign: new design system, cohesive color tokens, new typography
  • Navigation redesigned with better mobile support
  • Dashboard sidebar now shows grouped sections with icons
  • Error pages (404, 403, 500) fully redesigned
  • Footer added across all public pages
Initial
Launch
  • Profile builder with custom themes, fonts, and animated backgrounds
  • Social links, status, widgets, and collections
  • Real-time profile analytics and view tracking
  • Username auction house with WebSocket bid updates
  • Global leaderboard and ELO battle ratings
  • Badges, friends, guestbook comments
  • SEO customization per profile