Affected Versions: > 0.2.0 and < 1.0.0 Patched Versions: >= 1.0.0 Description: The library stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location. As a result, anyone with access to the container or host filesystem could retrieve sensitive data in plaintext by accessing the .db file. Impact: Unauthorized access to API keys and other confidential data if the SQLite database file was exposed. Fixed in Version 1.0.0: – Database is fully encrypted – Database location is configurable – API keys can be set via environment variables (this capability existed in earlier…Read More
Local Deep Research’s API keys are stored in plain text
