Files
jarvis/api
myron 6b6b6fcc3b Security fixes: SSL verification, SQL injection, auth bypass, hash_equals
- Enable CURLOPT_SSL_VERIFYPEER on Groq and Claude API calls (MITM fix)
- Parameterize agent_commands IN clause to prevent SQL injection
- Add session/IP check for list/status/myip endpoints (auth bypass fix)
- Use hash_equals() for registration key comparison (timing attack fix)
2026-05-25 13:46:11 +00:00
..