mirror of
https://github.com/AstrBotDevs/AstrBot
synced 2026-07-16 01:40:15 +08:00
- Remove insecure SHA256/MD5 password hash verification from cmd_conf.py (rejection logic for storing legacy hashes is preserved) - Remove API key logging from gemini_source.py, openai_source.py - Remove header logging (contains Authorization header) from volcengine_tts.py CodeQL issues fixed: - Broken cryptographic hash (SHA256/MD5 for passwords) - Clear-text logging of sensitive information (API keys)