airsonic-custom

Commit Graph

Author	SHA1	Message	Date
jvoisin	82fa09d198	Bump jwt	5 years ago
Andrew DeMaria	431b42bfb3	Ensure commons logging is excluded (#1274 ) Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
Kessiler Rodrigues	4b3890f6ec	Replace custom circular buffer with Apache commons(CircularFifoQueue) Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
jvoisin	85e0e08d9a	Remove radeox Radeox is a rendering engine for an unspecified markup. Its [website](http://radeox.org/) is dead, the website of its [authors](http://www.codehaus.org/) is dead too, its [last commit](https://github.com/codehaus/radeox) was 13 years ago. It's only used for the welcome and login messages, as well as comments from users. If we want to have some markup parsing, we should use something maintained with autoescaping guarantees, instead of a piece of zombie code prone to $DEITY knows what injections. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
jvoisin	9cbcc94b58	Bump ehcache Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
tesshucom	5c3c558923	Update Lucene from 3.0.3 to the current version 8.2.0 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
Shen-Ta Hsieh	394dfa1ce7	upgrade jackson-databind and commons-beanutils for CVEs Signed-off-by: Shen-Ta Hsieh <ibmibmibm.tw@gmail.com>	5 years ago
Andrew DeMaria	e7bd5da6fa	Precompile jsp Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
Andrew DeMaria	859d08fc02	Bump version Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
Andrew DeMaria	8db4ec12e1	Add sha256sums and gpg sign outside of maven process Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
tesshucom	767b39ed5b	Split SearchService Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	5 years ago
Andrew DeMaria	7c7ac3e591	Update dependency check	5 years ago
Peter Marheine	d42af4575f	Add some @Nullable annotations Making it easier to tell where API contracts allow nulls, where it's otherwise unclear without reading the implementation.	6 years ago
Andrew DeMaria	8be0746bd4	Bump to 10.4.0 SNAPSHOT	6 years ago
Andrew DeMaria	df352d8cb0	Fix #611 Add support for Java 9 and greater Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
tesshucom	f54e72026f	version upgrade of spring-boot-dependencies,spring-boot-maven-plugin - Safety version for CVE-2019-3795 - Match the new jetty ecj version because the version of ecj used by tomcat and jetty is different.	6 years ago
tesshucom	131713aaf4	With Jetty Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
tesshucom	4cd9e9deac	revert cling-core, cling-support, seamless-util and configuration	6 years ago
François-Xavier Thomas	3f4a49c95a	Fix dependency error with org.eclipse.jetty.jetty This is only used by reflection, and should be provided by the servlet container (Tomcat or Jetty).	6 years ago
François-Xavier Thomas	bcc5f8d7a6	Fix StringIndexOutOfBounds errors thrown by DWR/YUI	6 years ago
Andrew DeMaria	8a1f36c792	Revert change to DWR fixes #923 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
jvoisin	0a47c6e461	Bump java-jwt Signed-off-by: jvoisin <julien.voisin@dustri.org>	6 years ago
jvoisin	4e2b435abf	Bump cglib version Signed-off-by: jvoisin <julien.voisin@dustri.org>	6 years ago
Andrew DeMaria	faedfd8a62	Bump version to 10.3.0-SNAPSHOT Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
Andrew DeMaria	a16b89e0ac	Bump to version 10.2.0-RELEASE Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
Frank de Lange	8127b4f7fa	Fix #860 (external database performance) by using connection pooling … (#864 ) * Fix #860 (external database performance) by using connection pooling (using commons-dbcp2)	6 years ago
randomnicode	9d33ec255b	Declare used and remove unused dependencies	6 years ago
randomnicode	86e58cea3a	Update dependencies in airsonic-main	6 years ago
randomnicode	51f17675d5	Update plugins	6 years ago
Andrew DeMaria	5202845373	Bump version of guava to deal with CVE-2018-10237 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
Andrew DeMaria	8c6ddb1aba	Dependency tweaks and remove extraneous code Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
Rémi Cocula	6b4874f33c	archetype code for rest api integration tests	6 years ago
Andrew DeMaria	377f68543d	Added profile to make running within a ide easier Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	6 years ago
Michael Sabin	48c3286766	Allow building without Git If Maven cannot find the git executable the build fails. Signed-off-by: Michael Sabin <m35@users.noreply.github.com>	6 years ago
Peter Marheine	8b4037b549	Check reCAPTCHA v2 responses when enabled Signed-off-by: Peter Marheine <peter@taricorp.net>	6 years ago
Peter Marheine	749342f25e	Remove captcha support It uses reCAPTCHA v1, which hasn't worked since March 2018. Signed-off-by: Peter Marheine <peter@taricorp.net>	6 years ago
Romain DEP.	c2416a57a8	deps: update jackson to a vuln-free version, bump java-jwt in the process	7 years ago
Rémi Cocula	be91fb08c4	fix issues #638 and #574	7 years ago
Andrew DeMaria	caae31452e	Bump to 10.2.0 snapshot Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	535d5d06cb	Release 10.1.1 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	5e47bc500e	Fix maven profile mixup with sign/tomcat-embed Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Robert Sprunk	756d178978	Upgrade jaudiotagger to 2.2.5 supporting Java 9 Signed-off-by: Robert Sprunk <github@sprunk.me>	7 years ago
Andrew DeMaria	78006946ea	Bump 10.2.0-SNAPSHOT Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	e04cda4293	Release 10.1.0 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	143cc5a40c	Added gpg sign profile Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	438461933d	Dep Check Plugin and update vuln dependencies Detail ------ Add a dependency check plugin to find reported issues with dependencies we use. From adding this, there were quite a few false positives which are documented in airsonic-main/cve-suppressed.xml. The applicable vulnerabilities are as follows: ``` commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2, cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031, CVE-2014-0050, CVE-2013-0248 castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1, cpe:/a:castor_project:castor:1.3.1, org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004 tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617 ``` CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content from any multipart uploads so doesn't apply. Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	05291ce100	Intellij: suppress maven pom error Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Rémi Cocula	c09acbc65d	Introduction of a new kind of jukebox player based on the javasound api.	7 years ago
Andrew DeMaria	ec68a8e7de	Bump version to 10.1.0-SNAPSHOT Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago
Andrew DeMaria	00a5cf2907	Release 10.0.1 Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>	7 years ago

1 2

66 Commits (75a280457eeee294ec02e9c8790935844301997b)