GT AI OS Community Edition v2.0.33

Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

apps/control-panel-backend/app/core/email.py

@@ -0,0 +1,29 @@
+"""
+Email Service for GT 2.0
+
+SMTP integration using Brevo (formerly Sendinblue) for transactional emails.
+
+Supported email types:
+- Budget alert emails (FR #257)
+"""
+
+import os
+import smtplib
+from email.mime.text import MIMEText
+from typing import Optional, List
+import structlog
+
+logger = structlog.get_logger()
+
+
+def get_smtp_config() -> dict:
+    """Get SMTP configuration from environment"""
+    return {
+        'host': os.getenv('SMTP_HOST', 'smtp-relay.brevo.com'),
+        'port': int(os.getenv('SMTP_PORT', '587')),
+        'username': os.getenv('SMTP_USERNAME'),  # Brevo SMTP username (usually your email)
+        'password': os.getenv('SMTP_PASSWORD'),  # Brevo SMTP password (from SMTP settings)
+        'from_email': os.getenv('SMTP_FROM_EMAIL', 'noreply@gt2.com'),
+        'from_name': os.getenv('SMTP_FROM_NAME', 'GT 2.0 Platform'),
+        'use_tls': os.getenv('SMTP_USE_TLS', 'true').lower() == 'true'
+    }