mauriceboe 33d8953554 fix(security): harden Google Maps URL resolver against SSRF ...

- Replace substring check with strict hostname validation (goo.gl, maps.app.goo.gl)
- Add checkSsrf() guard with bypass=true to block private/internal IPs unconditionally
- Prevents crafted URLs like https://evil.com/?foo=goo.gl from triggering server-side fetches

2026-04-04 23:47:46 +02:00

..

public

fix: always fetch fresh photo URLs for map markers instead of using stored HTTP URLs

2026-04-01 19:48:58 +02:00

scripts

feat: add encryption key migration script and document it in README

2026-04-01 09:35:32 +02:00

src

fix(security): harden Google Maps URL resolver against SSRF

2026-04-04 23:47:46 +02:00

tests

refactor(mcp): replace direct DB access with service layer calls

2026-04-04 18:12:53 +02:00

.env.example

docs(oidc): fix OIDC_SCOPE default and clarify override behavior, skip CI for docs-only pushes, remove stale audit files

2026-04-04 14:48:11 +02:00

package-lock.json

feat(todo): add To-Do list feature with 3-column layout

2026-04-04 16:58:24 +02:00

package.json

chore: bump version to 2.8.4 [skip ci]

2026-04-04 13:20:50 +00:00

reset-admin.js

Stabilize core: better-sqlite3, versioned migrations, graceful shutdown

2026-03-22 17:52:24 +01:00

tsconfig.json

some fixes

2026-03-30 06:59:24 +02:00

vitest.config.ts

refactor(mcp): replace direct DB access with service layer calls

2026-04-04 18:12:53 +02:00