tl;dr: Custom logo uploads are now fixed. If you have 9+ stars, head to workshop settings where you can upload. Read on for technical details if you're curious, as well as an opportunity to earn free stars.
Until today, the way custom logo uploads worked is that you had to upload them to Imgur, then share the Imgur URL with the game. At that point, the game server would then download the logo from Imgur, save it on the game server, and associate it with your bot. The main reason for this convoluted workflow was security. Allowing file uploads to a server comes with a lot of potential problems, as outlined in this article about Unrestricted File Upload. Steps must be taken to ensure that what gets uploaded doesn't result in a malicious actor being able to do something they shouldn't be able to do. To get the benefit of a major platform's built-in security mechanisms instead of rollling my own, I made the decision back in April 2011 when I added profile photos[*] to outsource upload security to Imgur. This was a bit of a hack, but it worked for awhile.
Fast forward to 2023. For some reason, last year Imgur blocked the game server, so the "game server would then download the logo from Imgur" step described above stopped working. In researching this, my best guess is that this is related to policy changes by Imgur in the kinds of content they allow on their platform. As a result of that announcement, people started building scrapers to save the Imgur content that was soon going to be deleted. And in response to this, Imgur seems to have wholesale blocked entire VPS providers (like Linode, which is what I use) which people would use to host the scrapers. In other words, our tiny use case of downloading a few kilobytes a ~week got mixed into the bigger problem.
To fix this, I decided to make the jump and finally allow direct file uploads for the first time ever in the game's existence. I've put in protections to make this safe, but web security is notoriously tricky, so here is where the bug bounty comes in. Please try to discover vulnerabilities. In accordance with the game's responsible disclosure policy, I will award stars to reporters based on issue severity. If you're reading this and happen to be someone very knowledgable of pentesting but that doesn't have access to a bot with 9+ stars for testing, bmail me your credentials or LinkedIn or something and I'll temp some of my stars to you. And of course, if you do discover a problem, please don't take advantage of it or cause problems for other players. I hope no one finds anything, but I (and I'm sure others) will be very grateful if you do. Happy hunting!
[*] You might notice that bot/clan profile photos still go through an Imgur workflow. It's always been slightly different than the custom logo workflow though in that the file doesn't get downloaded to the game server, it gets read live from Imgur everytime you visit a bot/clan profile (well, not counting browser caching). I did logos differently because there'd be potentially many of them rendering on a single page and I didn't want that many requests from players going to Imgur in case it led to problems. Whether that was a real issue to be worried about or not is unclear, but that's why it is the way it is. Now that custom logo direct uploads are supported, I plan to eventually do the same with bot/clan profile photos, but that will be more work because I'll need to do a one-time download of a bunch of all the existing Imgur files the game points at, so it's low priority.