Files
hermes-webui/api
nesquena-hermes 68a6099eaf fix(security #3234): harden /api/media deny-list (Codex review)
- Add state.db-wal / state.db-shm (SQLite sidecars carry the same data as state.db)
- Add google_token.json / google_client_secret.json (OAuth creds)
- Scope filename-based denies to files under HERMES_HOME / STATE_DIR so a
  legitimate workspace or /tmp media artifact named settings.json / config.yaml
  is not wrongly blocked.
Dir-based denies (state subdirs) remain unconditional.
2026-05-31 02:39:46 +00:00
..
2026-05-28 13:38:50 -04:00
2026-04-29 19:54:07 -07:00
2026-05-25 00:14:38 +00:00
2026-05-28 17:47:33 +00:00
2026-05-30 11:25:33 +02:00
2026-05-28 08:33:50 -04:00