Login brute force Vulnerability in Latest Release

[HatBoy]

Hi, I would like to report login brute force vulnerability in latest release.

Description:
Login brute force vulnerability in app/api/cms/user.py 43 line login() function.
No need to limit the number of logins and set the verification code will cause the username and password to be brute force, like this:

author by jin.dong@dbappsecurity.com.cn

[colorful3]

Thank for your advice, We will deal with this bug in the next release.

[OS-WS]

Hi @colorful3 @HatBoy,
Was this issue fixed?
if so, in what commit and what tag/version?
thanks!