The previous implementation used Werkzeug’s default PBKDF2 hashing and allowed weak passwords with no protection against brute-force login attempts.
I upgraded the system by implementing Argon2 password hashing, enforcing strong password validation rules, adding login rate limiting to prevent brute-force attacks, and securing session cookies with proper security configurations.
According to the comment, the instance folder should exist in any case.
But a PermissionError was ignored silently.
Since Python 3.9 is the minimum required version, it is safe to use
"exist_ok" added in Python 3.2 and avoid exception handling.