1.0.1 hardening release Adds element-level validation that restricts the LSCache Purger purge_host field to http:// and https:// schemes. Drupal's url element type otherwise accepts any scheme PHP's filter_var recognises (file, ftp, ldap, gopher, etc.). The HTTP purger only makes sense over http or https; other schemes would have failed at runtime anyway, but the new validator surfaces an immediate error and closes a (very narrow) avenue for an admin with the 'administer lscache' permission to use the form to probe internal endpoints. Operator-facing only; permission-gated. No security advisory associated as no exploitable vulnerability was identified. Defence in depth from the 1.0.0 pre-stable security review.