gooneyryan/hermes-webui
1
0
Fork 0
mirror of https://github.com/nesquena/hermes-webui.git synced 2026-05-25 03:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4ee93684640eebc457d2ba4be3fab349617ee753
hermes-webui/docs
T
History
nesquena-hermes 4ee9368464 Opus pre-release follow-ups for PR #1445 
REQUIRED:
- _fully_unquote_path range(3) -> range(10) — defense-in-depth so quadruple-
  encoded .. is rejected by validator instead of slipping through (not
  exploitable but contract violation)
- docs/EXTENSIONS.md trust-model callout moved to top of file with explicit
  'don't enable in untrusted env / don't point at user-writable dir' guidance

NICE-TO-HAVE (taken since Nathan asked for all fixes big and small):
- URL list cap at _MAX_URL_LIST=32 to avoid pathological rendering
- One-shot WARNING log for rejected URLs (silent drop now visible to admin)
- One-shot WARNING log for URL list truncation
- MIME map: ttf (font/ttf), otf (font/otf), wasm (application/wasm)

5 regression tests in tests/test_pr1445_opus_followups.py pin all invariants.
2026-05-02 03:49:40 +00:00
..
images
docs: HERMES.md deep-dive, Why Hermes in README, screenshot layout
2026-04-03 22:03:19 -07:00
pr-assets
fix(ui): restore rail-era app titlebar state (v0.50.226) (#1163)
2026-04-27 11:43:32 -07:00
ui-ux
feat: remove bubble_layout setting end-to-end (#777)
2026-04-20 22:34:45 +00:00
docker.md
v0.50.260: Docker reliability batch - PR #1428 + broader UX/docs improvements + Opus advisor fixes
2026-05-01 23:10:52 +00:00
EXTENSIONS.md
Opus pre-release follow-ups for PR #1445
2026-05-02 03:49:40 +00:00
ISSUES.md
fix(#1195): route sessions to profile dir even when dir doesn't exist yet (#1373)
2026-04-30 23:24:31 +00:00