notify-bridge/RELEASE_NOTES.md

v0.2.2 (2026-04-22)

Patch release — homelab usability fixes on top of v0.2.1. The SSRF hardening introduced in v0.2.1 blocks outbound requests to RFC1918 / link-local hosts, which breaks tracking of Immich / Gitea / etc. running on the same LAN. This release makes the workaround discoverable and enables it by default in the shipped docker-compose.yml.

Bug Fixes

• Default NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS=1 in docker-compose.yml — the shipped compose is intended for homelab use. The flag is now hardcoded in the environment: block (not a ${...} substitution) so it works correctly with Portainer's per-stack env panel, which only does compose-file substitution and not runtime container env. Operators running on a public-facing host can drop the line. (4e23d2b)

Documentation

• Surface NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS hint in SSRF rejection errors — the UnsafeURLError raised by ImmichClient now tells operators how to allow LAN targets, instead of leaving them to dig through source. (58cba88)

---

All Commits

• 4e23d2b — chore(compose): hardcode NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS=1 in compose (alexei.dolgolyov)
• f7d51b2 — Revert "chore(compose): default NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS=1 for homelab" (alexei.dolgolyov)
• 3bb0585 — chore(compose): default NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS=1 for homelab (alexei.dolgolyov)
• 58cba88 — docs(immich-ssrf): surface NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS hint in error (alexei.dolgolyov)