Andras Bacsai e1d4b4682e fix: harden TrustHosts middleware and use base_url() for password reset links ... - Fix circular cache dependency in TrustHosts where handle() checked cache before hosts() could populate it, causing host validation to never activate - Validate both Host and X-Forwarded-Host headers against trusted hosts list (X-Forwarded-Host is checked before TrustProxies applies it to the request) - Use base_url() instead of url() for password reset link generation so the URL is derived from server-side config (FQDN / public IP) instead of the request context - Strip port from X-Forwarded-Host before matching (e.g. host:443 → host) - Add tests for host validation, cache population, and reset URL generation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-03-26 18:39:54 +01:00
..
Application	feat: add UUIDs and URLs to webhook notifications	2025-10-10 18:41:46 +02:00
Channels	Fix: Allow test emails to be sent to any email address	2025-12-12 11:12:19 +01:00
Container	feat: add UUIDs and URLs to webhook notifications	2025-10-10 18:41:46 +02:00
Database	feat: add UUIDs and URLs to webhook notifications	2025-10-10 18:41:46 +02:00
Dto	feat(core): You can validate compose files with docker compose config	2025-02-27 11:29:04 +01:00
Internal	feat(notification): add Pushover	2024-12-11 18:13:16 +01:00
ScheduledTask	feat: add UUIDs and URLs to webhook notifications	2025-10-10 18:41:46 +02:00
Server	Fix Traefik email notification with clickable server links	2025-12-02 13:08:40 +01:00
TransactionalEmails	fix: harden TrustHosts middleware and use base_url() for password reset links	2026-03-26 18:39:54 +01:00
CustomEmailNotification.php	fix: Email should be retried with backoff	2024-11-26 10:19:05 +01:00
Notification.php	refactor(notifications): standardize getRecipients method signatures	2025-03-24 17:55:10 +01:00
SslExpirationNotification.php	feat: SSL notification	2025-02-10 21:31:31 +01:00
Test.php	Fix: Allow test emails to be sent to any email address	2025-12-12 11:12:19 +01:00