busya
12118ac4ec
fix(security): resolve Critical+High findings from module audit — agent, translate, superset_client
P0 — CRITICAL (CWE-798): JWT_SECRET crash-early
Replace hardcoded super-secret-key fallback with os.environ["JWT_SECRET"]
and ${JWT_SECRET:?} syntax in app.py + docker-compose files
P1 — HIGH: Frontend dependency CVEs
Upgrade svelte 5.43.8 → 5.56.4 — resolves devalue DoS (GHSA-g2pg-6438-jwpf)
and svelte XSS (GHSA-crpf-4hrx-3jrp, GHSA-m56q-vw4c-c2cp, GHSA-rcqx-6q8c-2c42)
P2 — MEDIUM: Logging hygiene + contract gaps + tool resolver refactor
Apply _redact_sensitive_fields() in middleware + event streaming
Truncate LLM error body to 100 chars
Add @RATIONALE/@REJECTED to HandleResume + SaveConversation
Refactor deterministic intent matching → LLM-driven tool resolution
P3 — LOW: Translate logging hardening
Move _sanitize_url() to _utils.py (shared, no circular imports)
Sanitize base_url before logging in _llm_call.py and _llm_async_http.py
Emit EXPLORE warning when LLM_SSL_VERIFY=false disables TLS
superset_client module: passed clean — no changes needed
2026-07-01 13:17:29 +03:00
..
2026-05-25 08:36:33 +03:00
2026-06-11 19:12:49 +03:00
2026-05-17 14:18:02 +03:00
2026-07-01 13:17:29 +03:00
2026-06-30 19:05:17 +03:00
2026-05-26 19:18:28 +03:00
2026-05-26 19:18:28 +03:00
2026-06-15 17:31:43 +03:00
2026-06-16 09:34:10 +03:00
2026-05-26 15:28:03 +03:00
2026-06-01 16:34:07 +03:00
2026-06-10 16:38:06 +03:00
2026-06-19 14:59:05 +03:00
2026-06-29 17:15:25 +03:00
2026-05-20 14:31:37 +03:00
2026-06-29 17:15:25 +03:00
2026-05-20 23:54:53 +03:00
2026-05-14 11:20:17 +03:00