5.1 build 505

This update fixes some corner case bugs and a security vulnerability in the password brute-force protection. More details below.

Change log

Fixed lag on some operating systems when gathering CPU load during high CPU activity by moving CPU, RAM and Disk Space gathering to a non-server thread.

Fixed an issue when Authorization header was used for reverse-proxy (for basic authentication) with Plan authentication disabled. There was a code path that ran anyway due to an attempt to get the Plan user from the header that caused the header to count as a login attempt, leading to an eventual 403. Now that code path is sorted to not run if authentication is disabled.
Fixed an issue where failed login attempts were incorrectly counted, leading to a 403 error appearing on the main page after one failed login followed by a successful login.
Cleaned up the error page for blocked access 403 when css resources are also blocked (due to 3 failed attempts).

Plan prevents login attempts for two minutes after failed 3 failed logins in order to make brute-forcing passwords more difficult. An oversight in how the failed login attempts were counted reset the counter after a successful response (HTTP 200 OK) was sent by Plan. Because .css files do not require authentication, bad actor could have automated their code to make a request for a .css file every 2 attempts. Fixed by properly detecting a successful login instead of using http status codes.

Plan recently reached over 200 stars on Github!
If you have a bug, don’t hesitate to report it over here: http://bugs.playeranalytics.net - Thanks!