AstrBot

• 更新日志(简体中文)
• Changelog(English)

What's Changed

优化

• 强化 Dashboard 登录与密码安全：首次启动生成强随机初始密码，密码存储升级为 PBKDF2，保留旧版 MD5 兼容升级流程，并在需要时引导用户完成安全升级。（#7338）
• 增强插件页面国际化能力，插件页面、扩展页和相关 Dashboard 文案可更好地按当前语言展示。（#7998）
• 新增 WebUI 指标开关配置 disable_metrics，可在 Dashboard 中关闭指标统计。（#7946）
• 新增控制台自动滚动开关持久化，刷新页面后保留用户选择。（#8024）
• 新增思考内容与最终回复之间的视觉分隔，提升消息阅读体验。（#8059）
• 优化插件安装、备份恢复与路径冲突处理，增加自愈逻辑并减少临时目录残留和错误追踪误报。（#7737, #8148）
• 优化 Windows 更新器 zip 根目录归一化与 Python 工具编码处理，提升 Windows 环境兼容性。（#8019）
• 优化 CUA 文件上传逻辑，改用原生文件接口处理上传。（#8069）
• 优化 CUA 空闲沙盒会话过期能力，并在 Dashboard 暴露 CUA idle timeout 配置。（#8074, #8075）
• 优化 Gemini Provider，使其使用受管理的 httpx client。（#8112）
• 优化 Dashboard 移动端布局、控制台日志级别对齐，以及列表项操作按钮显示逻辑。（#7988, #8081）

修复

• 修复知识库在空 prompt 下仍触发检索的问题。（#8073）
• 修复 Discord 命令同步达到配额时会影响平台启动的问题。（#8061）
• 修复 GitHub fallback 下载 URL 中资源文件名错误的问题。（#8046）
• 修复文件夹重命名后父级关系丢失的问题。（#7974）
• 修复配置缺失 websearch_firecrawl_key，以及百度搜索关闭时仍显示 key 字段的问题。（#8012, #7992）
• 修复 T2I 模板内容未校验可能导致 Jinja2 SSTI 注入的问题。（#8077）
• 修复贡献者图片数量上限、API Key 文档示例、插件发布 16MB 限制说明、README 徽章和多处插件开发文档错误。（#8000, #7977, #8108, #8079, #7979, #8001, #8129, #8166）

What's Changed (EN)

New Features

• Added plugin changelogs and a plugin update system, allowing plugin detail pages to show version update information and supporting a more complete plugin update flow.
• Enhanced plugin page internationalization so plugin pages, extension views, and related Dashboard copy can better follow the current language. (#7998)
• Added the disable_metrics WebUI config option to disable metrics collection from the Dashboard. (#7946)
• Added persisted console auto-scroll preference. (#8024)
• Added a visual separator between thinking content and the final response. (#8059)
• Added idle expiration for CUA sandbox sessions and exposed the CUA idle timeout setting in the Dashboard. (#8074, #8075)

Improvements

• Strengthened Dashboard authentication and password security: initial passwords are generated randomly, password storage is upgraded to PBKDF2, legacy MD5 compatibility is preserved for upgrades, and users are guided through security upgrades when required. (#7338)
• Improved plugin installation, backup restore, and path-conflict handling with self-healing behavior and fewer temporary-directory leftovers or false error reports. (#7737, #8148)
• Improved Windows updater zip-root normalization and Python tool encoding handling for better Windows compatibility. (#8019)
• Improved CUA uploads by using native file interfaces. (#8069)
• Improved the Gemini Provider to use a managed httpx client. (#8112)
• Improved Dashboard mobile layout, console log-level alignment, and list-item action-button visibility. (#7988, #8081)

Bug Fixes

• Fixed missing validation for T2I template content that could allow Jinja2 SSTI injection. (#8077)
• Fixed knowledge base retrieval being triggered for blank prompts. (#8073)
• Fixed Discord startup being interrupted by command quota handling. (#8061)
• Fixed incorrect asset filenames in GitHub fallback download URLs. (#8046)
• Fixed folder parent relationships being lost on rename. (#7974)
• Fixed missing websearch_firecrawl_key in the default config and hidden Baidu web-search keys when disabled. (#8012, #7992)
• Fixed contributor image limits, API Key examples, plugin publishing size-limit docs, README badges, and multiple plugin development guide issues. (#8000, #7977, #8108, #8079, #7979, #8001, #8129, #8166)