- Trust the Forge reverse proxy and force https URLs in production so
generated absolute URLs match the actual TLS termination.
- Reject Nostr profile photo URLs that aren't http(s) or that resolve to
loopback / private (RFC1918) addresses to close an SSRF vector in
FetchNostrProfileJob.
- Tighten image upload validation across meetup, course, and lecturer
create/edit components: explicit mimes whitelist (jpeg, png, webp),
max 5 MiB, and dimension cap of 4000x4000.
- Replace the silent "skip if exists" branch in LnurlAuthController with
updateOrCreate so concurrent callers cannot race on the k1 record.
- Validate github_data on Meetup edit, decoding the JSON, and keep only
the whitelisted keys (top, left, state) with strict type coercion to
prevent storing arbitrary attacker-controlled JSON.
🛠️ Add “Keine” placeholder option to community select
✏️ Translate community values (“bitcoin”, “einundzwanzig”) on landing page
🌍 Update German locale strings for community names
- Split `from` and `to` fields in courses into `fromDate`, `fromTime`, `toDate`, and `toTime` for improved flexibility.
- Refactored meetups to use `startDate` and `startTime` instead of `start`.
- Enhanced validation to handle new date and time fields.
- Applied user-specific timezone conversions for event dates and times.
- Updated views to utilize new date and time pickers for consistent scheduling.
- Added `#[SeoDataAttribute]` annotations to Livewire components for SEO management.
- Extended translations in English, Spanish, and German for better localization support.
Claude