Make it harder to brute-force Trac user passwords
Currently we don't have any measures in place to stop brute-forcing passwords of Trac accounts. I know, we are all using secure passwords, but still we could do better here and set up an upper limit password retries.
That got reported via HackerOne by S.M.Usman (muhammad_usman)