Maurice 460694e335 Re-check SSRF on every redirect hop when resolving short links ...

Replace the one-shot checkSsrf + fetch(redirect:'follow') in the maps and place short-link resolvers with safeFetchFollow, which follows redirects manually and re-runs checkSsrf against the DNS-pinned IP of each hop (max 5). A redirect to an internal/loopback address is now blocked even when the initial URL is public, while legitimate cross-host redirects (goo.gl -> maps.google.com) still resolve.

2026-05-31 15:52:13 +02:00

..

db

chore(db): log swallowed errors in addon-disable migration + guard against destructive migrations

2026-05-31 15:50:02 +02:00

mcp

Finish the NestJS migration — drop the legacy Express app

2026-05-31 13:29:22 +02:00

middleware

security: close SEC-H4/H6 gaps from second-pass review

2026-04-20 21:35:30 +02:00

nest

Finish the NestJS migration — drop the legacy Express app

2026-05-31 13:29:22 +02:00

services

Re-check SSRF on every redirect hop when resolving short links

2026-05-31 15:52:13 +02:00

systemNotices

feat(system-notices): replace expiresAt with [minVersion, maxVersion) version gate

2026-04-17 20:03:23 +02:00

utils

Re-check SSRF on every redirect hop when resolving short links

2026-05-31 15:52:13 +02:00

scheduler.test.ts

Bug fixes - April 27th 2026 (#907)

2026-04-28 05:17:20 +02:00

shared-contract.test.ts

Phase 0 — NestJS + Zod foundation harness (F1–F8) (#1050)

2026-05-25 14:29:30 +02:00