Andrew DeMaria
35eaae39db
Bump snapshot version
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Andrew DeMaria
cb63a5cb88
Add jxr plugin for pmd refs
5 years ago
Andrew DeMaria
ef22d6d8ed
Remove optional jetty runtime
...
- Simplifies pom making future upgrades easier
- Fixes tests picking up jetty runtime
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Evan Harris
29c1b5dbca
Enabled PMD checking for jsp files
...
2 rulesets are included.
5 years ago
jvoisin
82fa09d198
Bump jwt
5 years ago
Andrew DeMaria
431b42bfb3
Ensure commons logging is excluded ( #1274 )
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Kessiler Rodrigues
4b3890f6ec
Replace custom circular buffer with Apache commons(CircularFifoQueue)
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
jvoisin
85e0e08d9a
Remove radeox
...
Radeox is a rendering engine for an unspecified markup.
Its [website](http://radeox.org/ ) is dead, the website
of its [authors](http://www.codehaus.org/ ) is dead too,
its [last commit](https://github.com/codehaus/radeox ) was 13 years ago.
It's only used for the welcome and login messages,
as well as comments from users. If we want to have some markup parsing,
we should use something maintained with autoescaping guarantees,
instead of a piece of zombie code prone to $DEITY knows what injections.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
jvoisin
9cbcc94b58
Bump ehcache
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
tesshucom
5c3c558923
Update Lucene from 3.0.3 to the current version 8.2.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Shen-Ta Hsieh
394dfa1ce7
upgrade jackson-databind and commons-beanutils for CVEs
...
Signed-off-by: Shen-Ta Hsieh <ibmibmibm.tw@gmail.com>
5 years ago
Andrew DeMaria
e7bd5da6fa
Precompile jsp
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Andrew DeMaria
859d08fc02
Bump version
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Andrew DeMaria
8db4ec12e1
Add sha256sums and gpg sign outside of maven process
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
tesshucom
767b39ed5b
Split SearchService
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Andrew DeMaria
7c7ac3e591
Update dependency check
6 years ago
Peter Marheine
d42af4575f
Add some @Nullable annotations
...
Making it easier to tell where API contracts allow nulls, where it's
otherwise unclear without reading the implementation.
6 years ago
Andrew DeMaria
8be0746bd4
Bump to 10.4.0 SNAPSHOT
6 years ago
Andrew DeMaria
df352d8cb0
Fix #611 Add support for Java 9 and greater
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
tesshucom
f54e72026f
version upgrade of spring-boot-dependencies,spring-boot-maven-plugin
...
- Safety version for CVE-2019-3795
- Match the new jetty ecj version because the version of ecj used by
tomcat and jetty is different.
6 years ago
tesshucom
131713aaf4
With Jetty
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
tesshucom
4cd9e9deac
revert cling-core, cling-support, seamless-util and configuration
6 years ago
François-Xavier Thomas
3f4a49c95a
Fix dependency error with org.eclipse.jetty.jetty
...
This is only used by reflection, and should be provided by the servlet
container (Tomcat or Jetty).
6 years ago
François-Xavier Thomas
bcc5f8d7a6
Fix StringIndexOutOfBounds errors thrown by DWR/YUI
6 years ago
Andrew DeMaria
8a1f36c792
Revert change to DWR fixes #923
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jvoisin
0a47c6e461
Bump java-jwt
...
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
jvoisin
4e2b435abf
Bump cglib version
...
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
Andrew DeMaria
faedfd8a62
Bump version to 10.3.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
a16b89e0ac
Bump to version 10.2.0-RELEASE
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Frank de Lange
8127b4f7fa
Fix #860 (external database performance) by using connection pooling … ( #864 )
...
* Fix #860 (external database performance) by using connection pooling (using commons-dbcp2)
6 years ago
randomnicode
9d33ec255b
Declare used and remove unused dependencies
6 years ago
randomnicode
86e58cea3a
Update dependencies in airsonic-main
6 years ago
randomnicode
51f17675d5
Update plugins
6 years ago
Andrew DeMaria
5202845373
Bump version of guava to deal with CVE-2018-10237
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
8c6ddb1aba
Dependency tweaks and remove extraneous code
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Rémi Cocula
6b4874f33c
archetype code for rest api integration tests
6 years ago
Andrew DeMaria
377f68543d
Added profile to make running within a ide easier
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Michael Sabin
48c3286766
Allow building without Git
...
If Maven cannot find the git executable
the build fails.
Signed-off-by: Michael Sabin <m35@users.noreply.github.com>
6 years ago
Peter Marheine
8b4037b549
Check reCAPTCHA v2 responses when enabled
...
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Peter Marheine
749342f25e
Remove captcha support
...
It uses reCAPTCHA v1, which hasn't worked since March 2018.
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Romain DEP.
c2416a57a8
deps: update jackson to a vuln-free version,
...
bump java-jwt in the process
7 years ago
Rémi Cocula
be91fb08c4
fix issues #638 and #574
7 years ago
Andrew DeMaria
caae31452e
Bump to 10.2.0 snapshot
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
535d5d06cb
Release 10.1.1
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
5e47bc500e
Fix maven profile mixup with sign/tomcat-embed
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Robert Sprunk
756d178978
Upgrade jaudiotagger to 2.2.5 supporting Java 9
...
Signed-off-by: Robert Sprunk <github@sprunk.me>
7 years ago
Andrew DeMaria
78006946ea
Bump 10.2.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
e04cda4293
Release 10.1.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
143cc5a40c
Added gpg sign profile
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
438461933d
Dep Check Plugin and update vuln dependencies
...
Detail
------
Add a dependency check plugin to find reported issues with dependencies
we use.
From adding this, there were quite a few false positives which are
documented in airsonic-main/cve-suppressed.xml. The applicable
vulnerabilities are as follows:
```
commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2,
cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031,
CVE-2014-0050, CVE-2013-0248
castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1,
cpe:/a:castor_project:castor:1.3.1,
org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004
tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617
```
CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content
from any multipart uploads so doesn't apply.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago