leetcrypt dc23e0b44e fix(client): prevent path traversal on file receive ... The Python client saved an incoming transfer under the offerer-controlled `name` field verbatim, so a peer could supply `../../…` or an absolute path and write a file anywhere the user can (arbitrary write → RCE). Reduce the name to a bare basename before joining it to the download dir, matching the Rust client's existing behaviour. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-06-04 22:55:50 -07:00
..
agent	feat(sbx,ui): VM snapshot save/load + collapsible clustered help menu	2026-06-02 23:03:00 -07:00
client	fix(client): prevent path traversal on file receive	2026-06-04 22:55:50 -07:00
server	feat(hh): /pw command, RAM-only direnv autostart, robust lets-hack; coven→clergy	2026-05-31 22:29:17 -07:00
__init__.py	fix(security): comprehensive security hardening — TLS, HMAC WS auth, rate limiting, IP leak prevention	2026-05-25 20:30:40 -07:00