Skip to content

security: API hardening and dependency vulnerability reduction (rescan 2026-03-08)#769

Open
lhy8888 wants to merge 6 commits intoveops:masterfrom
lhy8888:codex/sec-python-rescan-20260308
Open

security: API hardening and dependency vulnerability reduction (rescan 2026-03-08)#769
lhy8888 wants to merge 6 commits intoveops:masterfrom
lhy8888:codex/sec-python-rescan-20260308

Conversation

@lhy8888
Copy link

@lhy8888 lhy8888 commented Mar 8, 2026

Summary

This PR applies security fixes identified during a deep rescan:

  • remove shell execution pattern in translation CLI and validate language argument
  • disable legacy weak auth/hash compatibility by default (MD5/SHA1/plaintext fallback)
  • switch deprecated Crypto import path to Cryptodome
  • upgrade vulnerable Python runtime dependencies in requirements.txt and Pipfile

Security scan delta

  • Bandit HIGH: 6 -> 0
  • pip-audit: 30 -> 14

Commits

  • 5f0137d security(api): remove shell injection and disable legacy weak auth hashes by default
  • 68ce5d3 security(deps): upgrade vulnerable Python packages in api runtime

Notes

Remaining 14 vulnerabilities are concentrated in framework-level major upgrades (Flask/Werkzeug/urllib3/flask-cors) and should be handled in a dedicated compatibility PR.

@lhy8888
Copy link
Author

lhy8888 commented Mar 8, 2026

Linked fix for this runtime white-screen bug is included in commit 2dd019c47 on this PR. Closes #770

@lhy8888 lhy8888 mentioned this pull request Mar 8, 2026
Open
@lhy8888
Copy link
Author

lhy8888 commented Mar 8, 2026

Added built-in model bootstrap command in commit 4b7fcfe4a to resolve this deployment issue. Closes #771

@lhy8888 lhy8888 mentioned this pull request Mar 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lhy8888