MightyPork
/
airsonic-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
My fork of airsonic with experimental fixes and improvements. See branch "custom"
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
990 Commits
2 Branches
0 Tags
85 MiB
Tag: Branch: Tree: 310156f891
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '310156f891'
${ noResults }
airsonic-custom/airsonic-main/pom.xml

656 lines
22 KiB
Raw Normal View History Unescape

First commit
9 years ago
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<artifactId>airsonic-main</artifactId>
First commit
9 years ago
<packaging>war</packaging>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<name>Airsonic Main</name>
First commit
9 years ago
<parent>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<groupId>org.airsonic.player</groupId>
<artifactId>airsonic</artifactId>
Bump to 10.4.0 SNAPSHOT
6 years ago
<version>10.4.0-SNAPSHOT</version>
First commit
9 years ago
</parent>
Lack of version number for metrics. Signed-off-by: Rémi Cocula <rcocula@gmail.com>
8 years ago
<properties>
Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<chameleon.version>1.2.1-RELEASE</chameleon.version>
Added profile to make running within a ide easier Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<tomcat.server.scope>provided</tomcat.server.scope>
Lack of version number for metrics. Signed-off-by: Rémi Cocula <rcocula@gmail.com>
8 years ago
</properties>
First commit
9 years ago
<dependencies>
<dependency>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<groupId>org.airsonic.player</groupId>
Rename subsonic api module Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<artifactId>subsonic-rest-api</artifactId>
First commit
9 years ago
<version>${project.version}</version>
</dependency>
<dependency>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<groupId>org.airsonic.player</groupId>
<artifactId>airsonic-sonos-api</artifactId>
First commit
9 years ago
<version>${project.version}</version>
</dependency>
Introduction of a new kind of jukebox player based on the javasound api.
7 years ago
<!-- Java Audio Player and needed dependencies
-->
<dependency>
<groupId>com.github.biconou</groupId>
<artifactId>AudioPlayer</artifactId>
fix issues #638 and #574
7 years ago
<version>0.2.5</version>
Introduction of a new kind of jukebox player based on the javasound api.
7 years ago
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</exclusion>
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- -->
WIP Spring Boot
8 years ago
<!-- Metrics
Metrics is a cool framework used here
to compute musures and statistics during automated testing
-->
MediaScannerService unit test and test media library (cherry picked from commit c2b17f0) Signed-off-by: Rémi Cocula <rcocula@gmail.com>
8 years ago
<dependency>
<groupId>io.dropwizard.metrics</groupId>
<artifactId>metrics-core</artifactId>
</dependency>
WIP Spring Boot
8 years ago
<!-- END Metrics -->
MediaScannerService unit test and test media library (cherry picked from commit c2b17f0) Signed-off-by: Rémi Cocula <rcocula@gmail.com>
8 years ago
WIP Spring Boot
8 years ago
<!-- Spring -->
First commit
9 years ago
<dependency>
Intoduce SpringBoot
8 years ago
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
First commit
9 years ago
</dependency>
<dependency>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>2.3.3</version>
Intoduce SpringBoot
8 years ago
<scope>provided</scope>
Added missing dependencies Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
9 years ago
</dependency>
<dependency>
Intoduce SpringBoot
8 years ago
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
Added missing dependencies Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
9 years ago
</dependency>
<dependency>
Intoduce SpringBoot
8 years ago
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
Added missing dependencies Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
9 years ago
</dependency>
archetype code for rest api integration tests
6 years ago
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
First commit
9 years ago
<dependency>
Migrate from acegisecurity to spring security Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<groupId>org.springframework.security</groupId>
Intoduce SpringBoot
8 years ago
<artifactId>spring-security-ldap</artifactId>
Migrate from acegisecurity to spring security Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</dependency>
Lock Down unsecured urls Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
Bump java-jwt Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
<version>3.8.0</version>
Lock Down unsecured urls Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</dependency>
Reimplement ldap Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
Spring Boot : make login form work again.
8 years ago
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
WIP Spring Boot
8 years ago
<!-- END Spring -->
Migrate from acegisecurity to spring security Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
WIP Spring Boot
8 years ago
<!-- taglibs -->
<dependency>
General fixups - Fixed tomcat deployment - Removed web.xml - Migrated to servlet api 3 - Added back in logging error resolver - Fixed error jsp page not working - Fixed login path when deployed to tomcat - Cleanup custom liquibase precondition class - Made the hsql index check more robust Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<groupId>org.apache.taglibs</groupId>
<artifactId>taglibs-standard-impl</artifactId>
<version>1.2.5</version>
WIP Spring Boot
8 years ago
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>string</artifactId>
<version>1.1.0</version>
General fixups - Fixed tomcat deployment - Removed web.xml - Migrated to servlet api 3 - Added back in logging error resolver - Fixed error jsp page not working - Fixed login path when deployed to tomcat - Cleanup custom liquibase precondition class - Made the hsql index check more robust Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<scope>runtime</scope>
WIP Spring Boot
8 years ago
</dependency>
<!-- END taglibs -->
Fix libresonic-booter crash with Spring 3
8 years ago
First commit
9 years ago
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-core</artifactId>
<version>3.0.3</version>
</dependency>
Declare used and remove unused dependencies
6 years ago
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
First commit
9 years ago
<scope>runtime</scope>
</dependency>
Fix #860 (external database performance) by using connection pooling … (#864) * Fix #860 (external database performance) by using connection pooling (using commons-dbcp2)
6 years ago
<!-- connection pool manager, fixes #860 (external database performance) -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
<version>2.5.0</version>
<scope>runtime</scope>
<!-- this wants to pull in commons-logging v1.2 which conflicts with other dependencies -->
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
First commit
9 years ago
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<version>1.3.3</version>
First commit
9 years ago
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<version>2.6</version>
First commit
9 years ago
</dependency>
Convert to liquibase from handrolled migration tool Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
First commit
9 years ago
<dependency>
<groupId>com.google.guava</groupId>
Back ported last.fm coverart service from Subsonic 6.0_beta1 None of this code is mine, I just integrated it.
8 years ago
<artifactId>guava</artifactId>
First commit
9 years ago
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.7</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>radeox</groupId>
<artifactId>radeox</artifactId>
<version>1.0-b2</version>
</dependency>
<dependency>
<groupId>org.directwebremoting</groupId>
<artifactId>dwr</artifactId>
Revert change to DWR fixes #923 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<version>3.0.rc1</version>
First commit
9 years ago
</dependency>
<!--Needed by dwr-->
<dependency>
<groupId>com.yahoo.platform.yui</groupId>
<artifactId>yuicompressor</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>2.4.8</version>
First commit
9 years ago
<scope>runtime</scope>
Fix StringIndexOutOfBounds errors thrown by DWR/YUI
6 years ago
<!-- Necessary to avoid StringIndexOutOfBoundsException when running as a JAR -->
<!-- See: https://github.com/yui/yuicompressor/issues/161 -->
<!-- See also: https://stackoverflow.com/questions/8429095 -->
<exclusions>
<exclusion>
<artifactId>js</artifactId>
<groupId>rhino</groupId>
</exclusion>
</exclusions>
First commit
9 years ago
</dependency>
<dependency>
Bump jaudio tagger version Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<groupId>net.jthink</groupId>
First commit
9 years ago
<artifactId>jaudiotagger</artifactId>
Upgrade jaudiotagger to 2.2.5 supporting Java 9 Signed-off-by: Robert Sprunk <github@sprunk.me>
7 years ago
<version>2.2.5</version>
First commit
9 years ago
</dependency>
<dependency>
Update dependencies in airsonic-main
6 years ago
<groupId>org.jfree</groupId>
First commit
9 years ago
<artifactId>jfreechart</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>1.5.0</version>
First commit
9 years ago
<exclusions>
<exclusion>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</exclusion>
<exclusion>
<groupId>gnujaxp</groupId>
<artifactId>gnujaxp</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Update dependencies in airsonic-main
6 years ago
<groupId>org.jdom</groupId>
First commit
9 years ago
<artifactId>jdom</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>2.0.2</version>
First commit
9 years ago
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-core</artifactId>
<version>2.5.0</version>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>org.eclipse.persistence.moxy</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>2.7.3</version>
First commit
9 years ago
</dependency>
General fixups - Fixed tomcat deployment - Removed web.xml - Migrated to servlet api 3 - Added back in logging error resolver - Fixed error jsp page not working - Fixed login path when deployed to tomcat - Cleanup custom liquibase precondition class - Made the hsql index check more robust Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<scope>runtime</scope>
</dependency>
Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<dependency>
<groupId>stax</groupId>
<artifactId>stax-api</artifactId>
<version>1.0.1</version>
</dependency>
mail password via SMTP Signed-off-by: Bernardus Jansen <bernardus@bajansen.nl>
9 years ago
<dependency>
<groupId>javax.mail</groupId>
<artifactId>javax.mail-api</artifactId>
</dependency>
First commit
9 years ago
<dependency>
<groupId>com.hoodcomputing</groupId>
<artifactId>natpmp</artifactId>
<version>0.1</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
Removed synchronized from dao layer and replaced with transactions Also improved tests to be more spring like Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
First commit
9 years ago
<scope>test</scope>
</dependency>
Dependency tweaks and remove extraneous code Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
With Jetty Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<scope>test</scope>
Dependency tweaks and remove extraneous code Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
</dependency>
First commit
9 years ago
Disable URL redirection (for now) Signed-off-by: Chetan Sarva <chetan@pixelcop.net>
9 years ago
<!-- UPNP / DLNA -->
First commit
9 years ago
<dependency>
<groupId>org.fourthline.cling</groupId>
<artifactId>cling-core</artifactId>
revert cling-core, cling-support, seamless-util and configuration
6 years ago
<version>2.0.1</version>
First commit
9 years ago
</dependency>
<dependency>
<groupId>org.fourthline.cling</groupId>
<artifactId>cling-support</artifactId>
revert cling-core, cling-support, seamless-util and configuration
6 years ago
<version>2.0.1</version>
First commit
9 years ago
</dependency>
<dependency>
<groupId>org.seamless</groupId>
<artifactId>seamless-util</artifactId>
revert cling-core, cling-support, seamless-util and configuration
6 years ago
<version>1.1.0</version>
First commit
9 years ago
</dependency>
<dependency>
<groupId>de.u-mass</groupId>
<artifactId>lastfm-java</artifactId>
<version>0.1.2</version>
</dependency>
Check reCAPTCHA v2 responses when enabled Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
<dependency>
<groupId>de.triology.recaptchav2-java</groupId>
<artifactId>recaptchav2-java</artifactId>
<version>1.0.2</version>
</dependency>
Disable URL redirection (for now) Signed-off-by: Chetan Sarva <chetan@pixelcop.net>
9 years ago
<!-- SONOS API / WSDL SUPPORT -->
First commit
9 years ago
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
<exclusions>
<exclusion>
Introduction of a new kind of jukebox player based on the javasound api.
7 years ago
<groupId>org.springframework</groupId>
First commit
9 years ago
<artifactId>spring-web</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
Clean up dependencies
8 years ago
<artifactId>cxf-core</artifactId>
First commit
9 years ago
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
Clean up dependencies
8 years ago
<artifactId>cxf-rt-frontend-jaxws</artifactId>
First commit
9 years ago
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
Clean up dependencies
8 years ago
<artifactId>cxf-rt-bindings-soap</artifactId>
First commit
9 years ago
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
Clean up dependencies
8 years ago
<artifactId>cxf-rt-databinding-jaxb</artifactId>
First commit
9 years ago
<version>${cxf.version}</version>
</dependency>
Migrate from Properties to Commons-Configuration - Added loading of properties file before database initialization Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-configuration2</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>2.4</version>
Reduce logging during tests to make travis happy Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Fixes liquibase not using slf4j -->
<dependency>
<groupId>com.mattbertolini</groupId>
<artifactId>liquibase-slf4j</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>2.0.0</version>
Reduce logging during tests to make travis happy Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<scope>runtime</scope>
Migrate from Properties to Commons-Configuration - Added loading of properties file before database initialization Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<!-- commons-configuration2 requires during runtime -->
<scope>runtime</scope>
</dependency>
Convert to liquibase from handrolled migration tool Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
</dependency>
Use more intelligent version parsing Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-artifact</artifactId>
Update dependencies in airsonic-main
6 years ago
<version>3.6.0</version>
Use more intelligent version parsing Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</dependency>
Added UI for Database settings Also cleanup some documentation *Database Settings have been renamed and will require manually fixing from 6.2beta1* database.varchar.maxlength -> DatabaseMysqlMaxlength database.config.type -> DatabaseConfigType database.config.embed.driver -> DatabasigEmbedDriver database.config.embed.url -> DatabaseConfigEmbedUrl database.config.embed.username -> DatabasigEmbedUsername database.config.embed.password -> DatabasigEmbedPassword database.config.jndi.name -> DatabaseConfigJNDIName database.usertable.quote -> DatabaseUsertableQuote Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
Improve Playlist Handling - Use external library chamelon (lizzy) - Adds the ability to specify playlist export format - Fixes some deficiences with playlist handling Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>com.github.muff1nman.chameleon</groupId>
<artifactId>core</artifactId>
<version>${chameleon.version}</version>
</dependency>
<dependency>
<groupId>com.github.muff1nman.chameleon</groupId>
<artifactId>playlist-xspf</artifactId>
<version>${chameleon.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.github.muff1nman.chameleon</groupId>
<artifactId>playlist-all</artifactId>
<version>${chameleon.version}</version>
<scope>runtime</scope>
</dependency>
Added UI for Database settings Also cleanup some documentation *Database Settings have been renamed and will require manually fixing from 6.2beta1* database.varchar.maxlength -> DatabaseMysqlMaxlength database.config.type -> DatabaseConfigType database.config.embed.driver -> DatabasigEmbedDriver database.config.embed.url -> DatabaseConfigEmbedUrl database.config.embed.username -> DatabasigEmbedUsername database.config.embed.password -> DatabasigEmbedPassword database.config.jndi.name -> DatabaseConfigJNDIName database.usertable.quote -> DatabaseUsertableQuote Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</dependency>
Consolidate Logging - Use sl4fj as a backend to org.libresonic.Logger - Output the same logs to libresonic.log as the console - Use spring-boot logging constructs - Turn down logging to error for non-libresonic classes info for libresonic classes and liquibase (perhaps change this in the future, but might be helpful for folks migrating their databases). Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<!-- Embedded tomcat -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
Added profile to make running within a ide easier Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<scope>${tomcat.server.scope}</scope>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
Added profile to make running within a ide easier Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<scope>${tomcat.server.scope}</scope>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</dependency>
<!-- Embedded Jetty -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>apache-jsp</artifactId>
<scope>provided</scope>
</dependency>
Fix dependency error with org.eclipse.jetty.jetty This is only used by reflection, and should be provided by the servlet container (Tomcat or Jetty).
6 years ago
<!-- Provided by the servlet container, but found by dependency:analyze even if used via reflection -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-io</artifactId>
<scope>provided</scope>
</dependency>
Bump jaudio tagger version Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
Updated version service to use github releases Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
</dependency>
Fixed regression in password reset Caused by e3e90565483bb1f92d1e9b5cdec6b67f5d0dfae8 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<scope>runtime</scope>
</dependency>
Fix #611 Add support for Java 9 and greater Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>2.3.2</version>
<scope>runtime</scope>
</dependency>
Move jdbc dependencies into the default war Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.1.4</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.43</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.mariadb.jdbc</groupId>
<artifactId>mariadb-java-client</artifactId>
Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<version>2.1.2</version>
Move jdbc dependencies into the default war Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<scope>runtime</scope>
</dependency>
First commit
9 years ago
</dependencies>
<build>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<finalName>airsonic</finalName>
First commit
9 years ago
<plugins>
Standardize import order and add maven plugin to check Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
Intoduce SpringBoot
8 years ago
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
version upgrade of spring-boot-dependencies,spring-boot-maven-plugin - Safety version for CVE-2019-3795 - Match the new jetty ecj version because the version of ecj used by tomcat and jetty is different.
6 years ago
<version>1.5.20.RELEASE</version>
Intoduce SpringBoot
8 years ago
<configuration>
Prep work for spring boot test - Added enforcer plugin - Fix some version conflicts - Moved custom initializer to spring.factories - Bump spring boot version Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<mainClass>org.airsonic.player.Application</mainClass>
General fixups - Fixed tomcat deployment - Removed web.xml - Migrated to servlet api 3 - Added back in logging error resolver - Fixed error jsp page not working - Fixed login path when deployed to tomcat - Cleanup custom liquibase precondition class - Made the hsql index check more robust Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<layout>WAR</layout>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<excludeGroupIds>${boot.group.excludes}</excludeGroupIds>
<excludeArtifactIds>${boot.artifact.excludes}</excludeArtifactIds>
Intoduce SpringBoot
8 years ago
</configuration>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
Turn off reuse forks Reusing forks seems to cause problems with the Jenkins build. It adds about 2 minutes additional test time Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<reuseForks>false</reuseForks>
</configuration>
</plugin>
Cleanup pom and remove full profile Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>buildnumber-maven-plugin</artifactId>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>create</goal>
</goals>
</execution>
</executions>
<configuration>
<doCheck>false</doCheck>
<doUpdate>false</doUpdate>
Allow building without Git If Maven cannot find the git executable the build fails. Signed-off-by: Michael Sabin <m35@users.noreply.github.com>
6 years ago
<revisionOnScmFailure>Unversioned</revisionOnScmFailure>
Cleanup pom and remove full profile Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</configuration>
</plugin>
First commit
9 years ago
<plugin>
Set compiler to Java 1.8; updated some maven plugins Signed-off-by: Chetan Sarva <chetan@pixelcop.net>
9 years ago
<groupId>org.apache.maven.plugins</groupId>
First commit
9 years ago
<artifactId>maven-antrun-plugin</artifactId>
<executions>
<execution>
<phase>generate-resources</phase>
<configuration>
<target>
<tstamp/>
Rename libresonic -> airsonic Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<copy file="${basedir}/src/main/resources/org/airsonic/player/i18n/ResourceBundle_en.properties"
tofile="${project.build.directory}/classes/org/airsonic/player/i18n/ResourceBundle.properties"/>
First commit
9 years ago
<echo file="${project.build.directory}/classes/build_number.txt">${buildNumber}</echo>
Intellij: suppress maven pom error Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<!--suppress MavenModelInspection -->
First commit
9 years ago
<echo file="${project.build.directory}/classes/build_date.txt">${DSTAMP}</echo>
<echo file="${project.build.directory}/classes/version.txt">${project.version}</echo>
</target>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
</plugin>
Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
</plugin>
First commit
9 years ago
</plugins>
</build>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
<profiles>
<profile>
<id>tomcat-embed</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<boot.group.excludes>org.eclipse.jetty,org.eclipse.jetty.websocket,org.mortbay.jasper,org.eclipse.jetty.toolchain,org.ow2.asm</boot.group.excludes>
<boot.artifact.excludes>spring-boot-starter-jetty</boot.artifact.excludes>
</properties>
</profile>
<profile>
<id>jetty-embed</id>
<properties>
<boot.group.excludes>org.apache.tomcat.embed</boot.group.excludes>
<boot.artifact.excludes>spring-boot-starter-tomcat</boot.artifact.excludes>
</properties>
</profile>
Added profile to make running within a ide easier Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
<profile>
<id>ide-tomcat-embed</id>
<properties>
<tomcat.server.scope>compile</tomcat.server.scope>
</properties>
</profile>
Jetty and Tomcat spring boot support Spring boot supports both Jetty and Tomcat, however only one is supposed to be used at a time. This is problematic for us, because we would like to have both on the classpath so we can configure them (i.e. org.libresonic.player.boot.TomcatApplication). To remedy this, we mark both as provided, but have two profiles which then tell spring to exclude one or the other from the lib-provided war. These exclude rules are a bit fragile, but can be reproduced by analyzing mvn dependency:tree output. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 years ago
</profiles>
First commit
9 years ago
</project>