hermes-agent/plugins/platforms
zapabob 500c2b1e46 fix(security): close SSRF redirect-guard bypass across all httpx download hooks
Inside httpx AsyncClient response event hooks, response.next_request is
often None even for a genuine redirect, so guards keyed on
`if response.is_redirect and response.next_request` silently never fire.
A public URL that 302s to http://169.254.169.254/ was followed anyway,
defeating the pre-flight is_safe_url() check.

Resolve the redirect target from the Location header (via urljoin, so
relative Locations work too), falling back to next_request only when no
Location is present. Extracted as tools.url_safety.redirect_target_from_response
and wired into every SSRF redirect guard:

  - gateway/platforms/base.py  (shared image + audio download for all platforms)
  - tools/vision_tools.py       (two download hooks)
  - plugins/platforms/slack/adapter.py

Original fix by @zapabob (PR #35940), which targeted the since-refactored
gateway/platforms/slack.py; reconstructed onto the current shared sites and
widened to the whole bug class.
2026-07-01 01:18:53 -07:00
..
dingtalk fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
discord fix(discord): auto-thread failure must not silently fall back to inline reply 2026-07-01 00:12:17 -07:00
email fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
feishu fix(anthropic+feishu): model-gate max_tokens fallback; wire Feishu channel_prompt 2026-06-30 17:20:41 -07:00
google_chat fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
homeassistant fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
irc fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
line fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
matrix fix(gateway): stop Matrix upload fallback from leaking host path 2026-06-30 03:24:36 -07:00
mattermost fix(matrix,mattermost): invite auth check + API path traversal guard 2026-06-28 20:47:33 -07:00
ntfy fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
photon revert(windows): roll back terminal-popup PRs #53791 #53810 #53829 (#53853) 2026-06-27 15:59:00 -07:00
raft revert(windows): roll back terminal-popup PRs #53791 #53810 #53829 (#53853) 2026-06-27 15:59:00 -07:00
simplex fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
slack fix(security): close SSRF redirect-guard bypass across all httpx download hooks 2026-07-01 01:18:53 -07:00
sms fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
teams fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
telegram fix(telegram): normalize thread id in group gating via shared helper 2026-07-01 00:11:46 -07:00
wecom fix(security): cap WeCom callback body size before pre-auth XML parse (#54615) 2026-06-28 22:35:43 -07:00
whatsapp fix(profile): resolve WhatsApp media-path cache roots per-call 2026-06-30 15:30:06 -07:00