Andrew DeMaria
5202845373
Bump version of guava to deal with CVE-2018-10237
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jamescochran
ffd8446016
Fix small spelling error ( #824 )
...
`ubiquitious` to `ubiquitous`
6 years ago
jamescochran
c6130e94a0
Fix small mispelling ( #823 )
...
improvments to improvements
6 years ago
Andrew DeMaria
8c4b2aa1fb
Merge remote-tracking branch 'origin/pr/808'
6 years ago
Andrew DeMaria
8c6ddb1aba
Dependency tweaks and remove extraneous code
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
cd05af87dc
Merge remote-tracking branch 'origin/pr/807'
6 years ago
Rémi Cocula
6b4874f33c
archetype code for rest api integration tests
6 years ago
Andrew DeMaria
5fd50d4ec2
Merge remote-tracking branch 'origin/pr/813'
6 years ago
Andrew DeMaria
f8686d9638
Tweaked logging around servlet container and added warning about jetty
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
afb0fb1d27
Merge remote-tracking branch 'origin/pr/814'
6 years ago
Andrew DeMaria
3288a75c3e
Merge remote-tracking branch 'origin/pr/811'
6 years ago
Andrew DeMaria
f8161f5184
White list jars that are scanned for tlds to prevent spurious logs
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
377f68543d
Added profile to make running within a ide easier
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
609ca71307
Skip another irrelevant CVE
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Carlos Galindo
f6b248495c
Fixed github link opening in frame and not loading
6 years ago
Andrew DeMaria
004b8bba37
Added docker based integration testing
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
685f4fa7e5
Merge remote-tracking branch 'origin/pr/801'
6 years ago
Andrew DeMaria
d257800e1d
Merge remote-tracking branch 'origin/pr/802'
6 years ago
Andrew DeMaria
8e1470a45a
Dependency updates
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
8876f5866b
Update stale.yml
6 years ago
Michael Sabin
48c3286766
Allow building without Git
...
If Maven cannot find the git executable
the build fails.
Signed-off-by: Michael Sabin <m35@users.noreply.github.com>
6 years ago
Michael Sabin
32ed46e55e
Fix test failure on Windows
...
Media directories are added to the test database
with the string essentially generated by this code:
new File(MusicFolderTestData.resolveMusicFolderPath()).getPath()
The directories are then queried by the string generated
by this code:
MusicFolderTestData.resolveMusicFolderPath()
On Windows the strings are not identical.
MusicFolderTestData.resolveMusicFolderPath()
is prefixed by an extra slash that is removed
when wrapped by a File()
Signed-off-by: Michael Sabin <m35@users.noreply.github.com>
6 years ago
Andrew DeMaria
995d1fa667
Remove potential cast exception
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
30b767955e
Merge remote-tracking branch 'origin/pr/790'
6 years ago
WillyPillow
84144f287a
Add option to disable seeking on transcodes. (Mitigates #548 & #723 )
...
As per #548 , #723 , and tsquillario/Jamstash#131 , the current method of
estimating `Content-Length` creates various problems.
However, if headers such as `Accept-Ranges` is omitted, clients will only
use the first connection, which is `Transfer-Encoding: chunked`, and no
`Content-Length` is necessary.
Doing this has the side effect that (at least on the web player) seeking
to a specific time is no longer possible, thus this was made an opt-in
option.
Signed-off-by: WillyPillow <wp@nerde.pw>
6 years ago
Carlos Galindo
f78b108939
Optionally parse podcast episode duration in seconds to [hh:]mm:ss
6 years ago
Andrew DeMaria
8ba0bc88f0
Fix maven version
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
c56416a9ca
Merge remote-tracking branch 'origin/pr/774'
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
85bf4b268d
Change mirror
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Peter Marheine
8b4037b549
Check reCAPTCHA v2 responses when enabled
...
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Peter Marheine
1b833003fb
Bring back an optional reCAPTCHA v2
...
Only showing it in the recovery view, not yet validating the result.
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Peter Marheine
a928b9ee3f
Add settings for CAPTCHA in account recovery.
...
Allowing users to enable it and specify the site and secret key to use
with reCAPTCHA.
The old hard-coded keys were insecure; the secret key must not be
distributed publicly. The current defaults are the test keys provided at
https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha-v2-what-should-i-do
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Peter Marheine
749342f25e
Remove captcha support
...
It uses reCAPTCHA v1, which hasn't worked since March 2018.
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Andrew DeMaria
b6a9b32b1c
Merge remote-tracking branch 'airsonic/pr/775'
6 years ago
Andrew DeMaria
c2c14b0dbe
Update dependency check
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
5281d9ab6e
Fix for false positive node vuln
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
François-Xavier Thomas
caa1dac3a2
Use dark media player theme on groove theme ( #777 )
6 years ago
Peter Marheine
ae7f35a9cd
Don't use HTTPS for scrobbling
...
Turns out HTTPS isn't supported for the old API that we're using, so go
back to using plain HTTP.
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Andrew DeMaria
f6905dec1b
Merge remote-tracking branch 'airsonic/pr/767'
6 years ago
jo
8735810215
Move github files to .github folder
6 years ago
Arne Schlüter
237a05d272
Add v10.1.2 to changelog ( #771 )
6 years ago
Peter Marheine
69e2ba0825
Use HTTPS and java.net.URI for scrobbling
...
HTTPS will help prevent eavesdropping on the auth token, and using URI
will ensure unusual characters (like spaces, accidental or otherwise)
are escaped correctly.
Fixes #588
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Peter Marheine
cfdedea452
Suppress CVE-2018-13684 for dependency-check
...
False positive matching ant-zip against a CVE for ZIP, an Ethereum
token.
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
jo
467d9420b7
Extends time before issue close (stalebot)
6 years ago
jo
74a13fc615
Add stale bot
6 years ago
Andrew DeMaria
e3ea7beb96
Fix #764
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
8d3c0ec9a0
Updates
...
- Update Spring boot Version
- Update dependency check version
- Exclude irrelevant nodejs cve
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew Rabert
83ef76a098
Add Docker health check
...
Signed-off-by: Andrew Rabert <ar@nullsum.net>
7 years ago
Andrew DeMaria
3e1ea6f913
Fix #749 Ensure transcode settings are protected
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
431c98b496
Exclude cve CVE-2018-1115
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago