From 1e14dcd59cd1eae935152025b6bed8cba7e5fd4f Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Fri, 20 Feb 2026 14:07:21 +0000
Subject: [PATCH] fix: Prevent exposure of GotifyToken in JSON response for
 enhanced security

---
 .../internal/services/enhanced_security_notification_service.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/internal/services/enhanced_security_notification_service.go b/backend/internal/services/enhanced_security_notification_service.go
index 660aae61..59e7cd3e 100644
--- a/backend/internal/services/enhanced_security_notification_service.go
+++ b/backend/internal/services/enhanced_security_notification_service.go
@@ -41,7 +41,7 @@ type CompatibilitySettings struct {
 	DiscordWebhookURL        string `json:"discord_webhook_url,omitempty"`
 	SlackWebhookURL          string `json:"slack_webhook_url,omitempty"`
 	GotifyURL                string `json:"gotify_url,omitempty"`
-	GotifyToken              string `json:"gotify_token,omitempty"`
+	GotifyToken              string `json:"-"` // Security: Never expose token in JSON (OWASP A02)
 }
 
 // MigrationMarker represents the migration state stored in settings table.