c89ff8b551
- Add URL validation on Immich URL save to prevent SSRF attacks (blocks private IPs, metadata endpoints, non-HTTP protocols) - Remove userId query parameter from asset proxy endpoints to prevent any authenticated user from accessing another user's Immich API key and photo library - Add asset ID validation (alphanumeric only) to prevent path traversal in proxied Immich API URLs - Update AUDIT_FINDINGS.md with Immich and admin route findings https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8