- Updated challenge grid to 6 columns on desktop to accommodate the new category
- Alphabetized challenge categories in the main view and Admin panel selection
- Alphabetized operators list in the Admin panel with case-insensitive sorting
- Restricted visibility of Challenges, Scoreboard, and Score Matrix to authenticated users only
- Secured the /state API endpoint to prevent leaking challenges, solves, teams, or internal IP (dockerIp) to guests
- Implemented server-side verification of user profile in the state response to prevent client-side admin spoofing
- Refactored the /state backend endpoint using async/await for better reliability and error handling
- Rebranded the project from "cypherstrike-ctf" to "hipctf" across package.json, index.html, and server defaults
- Synchronized browser page title with the competition name configured in the Admin panel
- Fixed a "black page" issue by resolving a missing React import and adding frontend sanity checks
- Added operator solves list to the Admin panel profile
- Allowed deletion of specific operator solves from the Admin panel
- Enhanced operator solves list with alphabetical sorting, difficulty colors, and point values
- Added rank medal icons to operator solves in the Admin panel
2. Fixed: Default Admin Security (the admin:admin account is now disabled once another administrator is created).
3. Fixed: Information Disclosure (sensitive team data is now filtered out for non-admins).
4. Fixed: Denial of Service (added type-safe password checks and error handling for hashing functions).
5. Fixed: SQL Injection (implemented SCHEMA_WHITELIST for database restore validation).
6. Fixed: Path Traversal (sanitized filenames for administrative file uploads).
7. Preserved: Predictable File URLs (kept as an intentional vulnerability for CTF participants).
