[MEDIUM] Kirby .dev domains and some reverse proxy setups were treated as local

PKSA-wxk6-8g5k-kq8b CVE-2020-26253 GHSA-2ccx-2gf3-8xvv

Affected version: <2.5.14

Reported by:
GitHub

[MEDIUM] Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

PKSA-68c1-zbdg-v43v CVE-2020-26255 GHSA-g3h8-cg9x-47qw

Affected version: <2.5.14

Reported by:
GitHub