Andrew DeMaria
859d08fc02
Bump version
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Andrew DeMaria
8db4ec12e1
Add sha256sums and gpg sign outside of maven process
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
tesshucom
767b39ed5b
Split SearchService
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
5 years ago
Andrew DeMaria
7c7ac3e591
Update dependency check
5 years ago
Peter Marheine
d42af4575f
Add some @Nullable annotations
...
Making it easier to tell where API contracts allow nulls, where it's
otherwise unclear without reading the implementation.
6 years ago
Andrew DeMaria
8be0746bd4
Bump to 10.4.0 SNAPSHOT
6 years ago
Andrew DeMaria
df352d8cb0
Fix #611 Add support for Java 9 and greater
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
tesshucom
f54e72026f
version upgrade of spring-boot-dependencies,spring-boot-maven-plugin
...
- Safety version for CVE-2019-3795
- Match the new jetty ecj version because the version of ecj used by
tomcat and jetty is different.
6 years ago
tesshucom
131713aaf4
With Jetty
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
tesshucom
4cd9e9deac
revert cling-core, cling-support, seamless-util and configuration
6 years ago
François-Xavier Thomas
3f4a49c95a
Fix dependency error with org.eclipse.jetty.jetty
...
This is only used by reflection, and should be provided by the servlet
container (Tomcat or Jetty).
6 years ago
François-Xavier Thomas
bcc5f8d7a6
Fix StringIndexOutOfBounds errors thrown by DWR/YUI
6 years ago
Andrew DeMaria
8a1f36c792
Revert change to DWR fixes #923
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jvoisin
0a47c6e461
Bump java-jwt
...
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
jvoisin
4e2b435abf
Bump cglib version
...
Signed-off-by: jvoisin <julien.voisin@dustri.org>
6 years ago
Andrew DeMaria
faedfd8a62
Bump version to 10.3.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
a16b89e0ac
Bump to version 10.2.0-RELEASE
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Frank de Lange
8127b4f7fa
Fix #860 (external database performance) by using connection pooling … ( #864 )
...
* Fix #860 (external database performance) by using connection pooling (using commons-dbcp2)
6 years ago
randomnicode
9d33ec255b
Declare used and remove unused dependencies
6 years ago
randomnicode
86e58cea3a
Update dependencies in airsonic-main
6 years ago
randomnicode
51f17675d5
Update plugins
6 years ago
Andrew DeMaria
5202845373
Bump version of guava to deal with CVE-2018-10237
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
8c6ddb1aba
Dependency tweaks and remove extraneous code
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Rémi Cocula
6b4874f33c
archetype code for rest api integration tests
6 years ago
Andrew DeMaria
377f68543d
Added profile to make running within a ide easier
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Michael Sabin
48c3286766
Allow building without Git
...
If Maven cannot find the git executable
the build fails.
Signed-off-by: Michael Sabin <m35@users.noreply.github.com>
6 years ago
Peter Marheine
8b4037b549
Check reCAPTCHA v2 responses when enabled
...
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Peter Marheine
749342f25e
Remove captcha support
...
It uses reCAPTCHA v1, which hasn't worked since March 2018.
Signed-off-by: Peter Marheine <peter@taricorp.net>
6 years ago
Romain DEP.
c2416a57a8
deps: update jackson to a vuln-free version,
...
bump java-jwt in the process
7 years ago
Rémi Cocula
be91fb08c4
fix issues #638 and #574
7 years ago
Andrew DeMaria
caae31452e
Bump to 10.2.0 snapshot
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
535d5d06cb
Release 10.1.1
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
5e47bc500e
Fix maven profile mixup with sign/tomcat-embed
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Robert Sprunk
756d178978
Upgrade jaudiotagger to 2.2.5 supporting Java 9
...
Signed-off-by: Robert Sprunk <github@sprunk.me>
7 years ago
Andrew DeMaria
78006946ea
Bump 10.2.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
e04cda4293
Release 10.1.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
143cc5a40c
Added gpg sign profile
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
438461933d
Dep Check Plugin and update vuln dependencies
...
Detail
------
Add a dependency check plugin to find reported issues with dependencies
we use.
From adding this, there were quite a few false positives which are
documented in airsonic-main/cve-suppressed.xml. The applicable
vulnerabilities are as follows:
```
commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2,
cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031,
CVE-2014-0050, CVE-2013-0248
castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1,
cpe:/a:castor_project:castor:1.3.1,
org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004
tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617
```
CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content
from any multipart uploads so doesn't apply.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
05291ce100
Intellij: suppress maven pom error
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Rémi Cocula
c09acbc65d
Introduction of a new kind of jukebox player based on the javasound api.
7 years ago
Andrew DeMaria
ec68a8e7de
Bump version to 10.1.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
00a5cf2907
Release 10.0.1
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
e8e229cf8b
Move jdbc dependencies into the default war
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
7d4ca2ffe2
Prep work for spring boot test
...
- Added enforcer plugin
- Fix some version conflicts
- Moved custom initializer to spring.factories
- Bump spring boot version
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
e03b85ba6f
Fixed regression in password reset
...
Caused by e3e9056548
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
361d77ed61
Update version
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
e4a96925fd
Release 10.0.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
316b06a2c9
Updated version to 10.0.0
...
This was discussed in a dev irc meeting (https://gist.github.com/muff1nman/570a3021f5d98453333090bb933a3865 ).
It keeps our versioning different than parent fork versions.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
7c32fea2a5
Added profile to embed additional jdbc drivers
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago
Andrew DeMaria
d5321f9263
Updated version service to use github releases
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 years ago