Issue:
Due to a design descion taken in pre 0.8 times get_file() doesn't download a file anymore but returns a download URL containg the full API call incl. bot token. This is not a problem as long the URL is only used to download the file and not exposed.
Unfortunatly logging was extended in V1.2x release to log also file URLs, therefore bot token is visible logs/BASHBOT.log if the bot receives a file, e.g. in a private chat.
Solution:
Logging is changed in Version 1.40 to obfuscate the token. In addtion the internal API will be changed in the next release to no more return full API call from get_file().
Keep your old logfiles in a save place or delete them.
Bot token may exposed in BASHBOT.log
Issue: Due to a design descion taken in pre 0.8 times
get_file()
doesn't download a file anymore but returns a download URL containg the full API call incl. bot token. This is not a problem as long the URL is only used to download the file and not exposed.Unfortunatly logging was extended in V1.2x release to log also file URLs, therefore bot token is visible
logs/BASHBOT.log
if the bot receives a file, e.g. in a private chat.Solution:
Logging is changed in Version 1.40 to obfuscate the token. In addtion the internal API will be changed in the next release to no more return full API call from
get_file()
.Keep your old logfiles in a save place or delete them.