AstrBot

v4.24.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 22d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent ai llm chatgpt discord docker

+8 more

gemini llama mcp openai python qq qqbot telegram

Affected surfaces

auth rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 13d

The release fixes a Jinja2 SSTI injection vulnerability in T2I template content and strengthens Dashboard login security by migrating password storage from MD5 to PBKDF2.

Why it matters: Patch immediately; the fix resolves CVE‑level SSTI (CVSS ≥ 7) and removes insecure MD5 password storage, requiring all accounts to upgrade credentials.

Summary

AI summary

Fixed Jinja2 SSTI injection vulnerability in T2I template content.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Dashboard login passwords now generated randomly and stored with PBKDF2; MD5 compatibility preserved for upgrade. Dashboard login passwords now generated randomly and stored with PBKDF2; MD5 compatibility preserved for upgrade. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Security	Medium	Strengthened Dashboard login and password security with PBKDF2 storage. Strengthened Dashboard login and password security with PBKDF2 storage. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Added plugin changelogs and update system for version tracking. Added plugin changelogs and update system for version tracking. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Enabled CUA idle timeout configuration in Dashboard with session expiration. Enabled CUA idle timeout configuration in Dashboard with session expiration. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Added internationalization enhancements to plugin pages and Dashboard copy. Added internationalization enhancements to plugin pages and Dashboard copy. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Introduced WebUI config `disable_metrics` to disable metrics collection. Introduced WebUI config `disable_metrics` to disable metrics collection. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Added persisted console auto-scroll preference across sessions. Added persisted console auto-scroll preference across sessions. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Added visual separator between thinking content and final response. Added visual separator between thinking content and final response. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Enhanced internationalization of plugin pages, extension views, and Dashboard copy to follow current language. Enhanced internationalization of plugin pages, extension views, and Dashboard copy to follow current language. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Performance
Performance	Medium	Optimized Gemini Provider to use managed httpx client. Optimized Gemini Provider to use managed httpx client. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Enhanced Windows updater zip-root normalization and Python tool encoding. Enhanced Windows updater zip-root normalization and Python tool encoding. Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Low	Gemini Provider now uses a managed httpx client for HTTP requests. Gemini Provider now uses a managed httpx client for HTTP requests. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Deprecation	High	Deprecated legacy MD5 password storage; users must upgrade to PBKDF2 during security migration. Deprecated legacy MD5 password storage; users must upgrade to PBKDF2 during security migration. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Deprecation	Medium	Removed legacy MD5 password storage, requiring security upgrade. Removed legacy MD5 password storage, requiring security upgrade. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix
Bugfix	Medium	Resolved knowledge base retrieval issue for blank prompts. Resolved knowledge base retrieval issue for blank prompts. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Prevented loss of folder parent relationships on rename operations. Prevented loss of folder parent relationships on rename operations. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Added missing `websearch_firecrawl_key` to default config and hid Baidu keys when disabled. Added missing `websearch_firecrawl_key` to default config and hid Baidu keys when disabled. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixed contributor image limits, API Key examples, plugin size-limit docs, README badges, and multiple development guide issues. Fixed contributor image limits, API Key examples, plugin size-limit docs, README badges, and multiple development guide issues. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixed SSTI injection vulnerability in T2I template validation. Fixed SSTI injection vulnerability in T2I template validation. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixed Discord command quota handling preventing platform startup. Fixed Discord command quota handling preventing platform startup. Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Corrected asset filename errors in GitHub fallback download URLs. Corrected asset filename errors in GitHub fallback download URLs. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor
Refactor	Medium	Improved plugin installation, backup restore with self-healing logic. Improved plugin installation, backup restore with self-healing logic. Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Medium	Optimized CUA file uploads using native file interfaces. Optimized CUA file uploads using native file interfaces. Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Low	CUA file uploads now use native file interfaces instead of custom handling. CUA file uploads now use native file interfaces instead of custom handling. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—

Full changelog

更新日志(简体中文)
Changelog(English)

What's Changed

优化

强化 Dashboard 登录与密码安全：首次启动生成强随机初始密码，密码存储升级为 PBKDF2，保留旧版 MD5 兼容升级流程，并在需要时引导用户完成安全升级。（#7338）
增强插件页面国际化能力，插件页面、扩展页和相关 Dashboard 文案可更好地按当前语言展示。（#7998）
新增 WebUI 指标开关配置 disable_metrics，可在 Dashboard 中关闭指标统计。（#7946）
新增控制台自动滚动开关持久化，刷新页面后保留用户选择。（#8024）
新增思考内容与最终回复之间的视觉分隔，提升消息阅读体验。（#8059）
优化插件安装、备份恢复与路径冲突处理，增加自愈逻辑并减少临时目录残留和错误追踪误报。（#7737, #8148）
优化 Windows 更新器 zip 根目录归一化与 Python 工具编码处理，提升 Windows 环境兼容性。（#8019）
优化 CUA 文件上传逻辑，改用原生文件接口处理上传。（#8069）
优化 CUA 空闲沙盒会话过期能力，并在 Dashboard 暴露 CUA idle timeout 配置。（#8074, #8075）
优化 Gemini Provider，使其使用受管理的 httpx client。（#8112）
优化 Dashboard 移动端布局、控制台日志级别对齐，以及列表项操作按钮显示逻辑。（#7988, #8081）

修复

修复知识库在空 prompt 下仍触发检索的问题。（#8073）
修复 Discord 命令同步达到配额时会影响平台启动的问题。（#8061）
修复 GitHub fallback 下载 URL 中资源文件名错误的问题。（#8046）
修复文件夹重命名后父级关系丢失的问题。（#7974）
修复配置缺失 websearch_firecrawl_key，以及百度搜索关闭时仍显示 key 字段的问题。（#8012, #7992）
修复 T2I 模板内容未校验可能导致 Jinja2 SSTI 注入的问题。（#8077）
修复贡献者图片数量上限、API Key 文档示例、插件发布 16MB 限制说明、README 徽章和多处插件开发文档错误。（#8000, #7977, #8108, #8079, #7979, #8001, #8129, #8166）

What's Changed (EN)

New Features

Added plugin changelogs and a plugin update system, allowing plugin detail pages to show version update information and supporting a more complete plugin update flow.
Enhanced plugin page internationalization so plugin pages, extension views, and related Dashboard copy can better follow the current language. (#7998)
Added the disable_metrics WebUI config option to disable metrics collection from the Dashboard. (#7946)
Added persisted console auto-scroll preference. (#8024)
Added a visual separator between thinking content and the final response. (#8059)
Added idle expiration for CUA sandbox sessions and exposed the CUA idle timeout setting in the Dashboard. (#8074, #8075)

Improvements

Strengthened Dashboard authentication and password security: initial passwords are generated randomly, password storage is upgraded to PBKDF2, legacy MD5 compatibility is preserved for upgrades, and users are guided through security upgrades when required. (#7338)
Improved plugin installation, backup restore, and path-conflict handling with self-healing behavior and fewer temporary-directory leftovers or false error reports. (#7737, #8148)
Improved Windows updater zip-root normalization and Python tool encoding handling for better Windows compatibility. (#8019)
Improved CUA uploads by using native file interfaces. (#8069)
Improved the Gemini Provider to use a managed httpx client. (#8112)
Improved Dashboard mobile layout, console log-level alignment, and list-item action-button visibility. (#7988, #8081)

Bug Fixes

Fixed missing validation for T2I template content that could allow Jinja2 SSTI injection. (#8077)
Fixed knowledge base retrieval being triggered for blank prompts. (#8073)
Fixed Discord startup being interrupted by command quota handling. (#8061)
Fixed incorrect asset filenames in GitHub fallback download URLs. (#8046)
Fixed folder parent relationships being lost on rename. (#7974)
Fixed missing websearch_firecrawl_key in the default config and hidden Baidu web-search keys when disabled. (#8012, #7992)
Fixed contributor image limits, API Key examples, plugin publishing size-limit docs, README badges, and multiple plugin development guide issues. (#8000, #7977, #8108, #8079, #7979, #8001, #8129, #8166)

Security Fixes

Fixed Jinja2 SSTI injection vulnerability in T2I template content (PR #8077)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AstrBot

Get notified when new releases ship.

About AstrBot

All releases →