61c842923a
Generate new passwords in a secure way
...
Previously, lost passwords were generated via
org.apache.commons.lang.RandomStringUtils,
which is using java.util.Random internally.
This PRNG is has a 48-bit seed, that can easily be bruteforced
if an attacker is able to get the PRNG's output, for example
but resetting their own account multiple times,
leading to trivial privileges escalation attacks.
This commit makes use of java.security.SecureRandom
instead.
6 years ago
54e1237320
Exclude new spring 5.0.5 cve
6 years ago
8a1f36c792
Revert change to DWR fixes #923
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
45ef973627
Fix a javascript null-deref
...
This commit should fix the following javascript crash that
may occur if the localstorage isn't available/supported by the browser:
```
more.view:140 Uncaught TypeError: Cannot read property 'playCountValue' of null
at loadShuffleForm (more.view:140)
at HTMLDocument.<anonymous> (more.view:181)
at n (jquery-1.7.1.min.js:2)
at Object.fireWith (jquery-1.7.1.min.js:2)
at Function.ready (jquery-1.7.1.min.js:2)
at HTMLDocument.B (jquery-1.7.1.min.js:2)
```
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
0a47c6e461
Bump java-jwt
...
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
4e2b435abf
Bump cglib version
...
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
4de26ac319
Remove pngfix
...
pngfix.js is used for compatibility's reason
with IE 5 and 6. I think that now that we're in 2019,
we can get rid of it.
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
0d78c30d06
Change a couple more log entries to debug
6 years ago
2c1b5205e8
Write new db maintenance logs as 'debug' instead of 'info'
6 years ago
7510b04efc
Make checkpoint() method void (return value is not used)
6 years ago
8c46d39569
Do not log message about hsqldb-defrag migration on each launch
...
The FILES DEFRAG / FILES LOG SIZE properties are kept when upgrading to
2.x; it's enough that they were set once on 1.8. For new installations
the migration will still run with the correct SQL statements.
6 years ago
b753e48632
Log more information when running the 'cleanup db' action
6 years ago
76e8abd219
Move HSQLDB checkpoint/shutdown to a bean specific to the legacy profile
6 years ago
b88bdb37c9
Properly shutdown embedded HSQLDB database on exit
6 years ago
54e444b03c
Make CHECKPOINT / DEFRAG syntax work for both HSQLDB 1 & 2
6 years ago
c79c02d449
Updated CHECKPOINT / DEFRAG syntax for HSQLDB 2.
...
Signed-off-by: Iwao AVE! <harawata@gmail.com>
6 years ago
c0f3606091
Force database checkpoints on 'Clean-up' and 'Scan' actions
...
This will only affect the (embedded/legacy) HSQLDB driver. Even though
cff97ea9
6 years ago
1a88f46c18
CVE-2018-20222 Prevent xxe during parse
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
faedfd8a62
Bump version to 10.3.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
a16b89e0ac
Bump to version 10.2.0-RELEASE
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
3e6d224550
#1 CVE-2018-1000840
...
stax-api-1.0.1.jar
stax-api-1.0-2.jar
6 years ago
6023d4c0bc
fix #748
6 years ago
7327353704
Pull translations from transifex
6 years ago
8127b4f7fa
Fix #860 (external database performance) by using connection pooling … ( #864 )
...
* Fix #860 (external database performance) by using connection pooling (using commons-dbcp2)
6 years ago
d6ba6de7e1
Run a first defrag before enabling auto defrag on HSQLDB
6 years ago
21eff917b6
PlayQueue: Fix broken keyboard shortcuts
...
Using the "space" key to resume playback, as well as +/- to
increase/decrease volume, were not working properly.
6 years ago
ac0e29bf9c
Remove unused import
6 years ago
61c0c0d758
Fix import style error
6 years ago
ee4cb71052
Ignore CVE-2018-8088 related to slf4j ext
6 years ago
cff97ea9be
Fix #778 : Defragment embedded HSQLDB database more frequently
6 years ago
ac453883fc
jukebox code quality and unit tests
6 years ago
94f4a85bb7
Suppress CVE-2018-8088
6 years ago
f2339e0942
Change zip to java.util
6 years ago
9d33ec255b
Declare used and remove unused dependencies
6 years ago
86e58cea3a
Update dependencies in airsonic-main
6 years ago
77ca475fbe
Add additional suppression
6 years ago
f3cc48f8cb
Suppress vulnerabilities file
6 years ago
51f17675d5
Update plugins
6 years ago
fb18862db4
Fix extraneous closing tag
6 years ago
af93f1eed1
Correct corrupted downloaded zip
...
Prevent the zipping of twice the same file (resulting in an error and a corrupted zip on Linux) when the cover is embedded in tags
6 years ago
16b22f3501
- Correct test for use not a hardcoded value but the referenced value. The first in select on multi value didn't ordered is not assured.
6 years ago
fec8f0ba95
Update favicons in webapp
6 years ago
5202845373
Bump version of guava to deal with CVE-2018-10237
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
df5f6f2aaf
Display folders as a list in Settings->Users and include the path.
6 years ago
e72147b76b
Update languages from tx
6 years ago
607f4c8720
Clean source i18n file
6 years ago
75410aaea2
Update translation files
6 years ago
8c6ddb1aba
Dependency tweaks and remove extraneous code
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
6b4874f33c
archetype code for rest api integration tests
6 years ago
f8686d9638
Tweaked logging around servlet container and added warning about jetty
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jvoisin
Andrew DeMaria
François-Xavier Thomas
Iwao AVE!
tesshu
jo
Frank de Lange
Rémi Cocula
randomnicode
Benz0X
Michel Néron
Arne Schlüter
Shawn Bruce