Release v1.1.24 · voyvodka/LumaSync-Site

CSP img-src tightened to 'self' data: — removed the https: scheme wildcard; the site loads no external images (verified by repo-wide scan), so arbitrary-origin image loads are no longer permitted.
rel="noopener noreferrer" on external outbound links — GitHub links in CompareCTA, Footer outbound links, and repo/license links on /changelog/ and /license/ now carry both hints; defense-in-depth (no target="_blank" exists site-wide) plus Referer-leak prevention.

Full details in CHANGELOG.md.

Provide feedback