Andrew DeMaria
b407231132
Update changelog for 10.3.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
6fbed41b7b
Add date for version release
6 years ago
Andrew DeMaria
8be0746bd4
Bump to 10.4.0 SNAPSHOT
6 years ago
Andrew DeMaria
7203d4ba6b
One more changelog update
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
53142c8702
Merge remote-tracking branch 'origin/pr/1062'
6 years ago
Andrew DeMaria
f1831820f4
Update docker base image
6 years ago
Andrew DeMaria
493a53b418
Merge remote-tracking branch 'origin/pr/930'
6 years ago
Andrew DeMaria
6729838030
Changelog updates for 10.3.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
bec5cec4a2
Merge remote-tracking branch 'origin/pr/930'
6 years ago
jvoisin
1090348b0e
Use the version number in jquery-ui's css path
6 years ago
Andrew DeMaria
0a1164966d
Merge remote-tracking branch 'origin/pr/1032'
6 years ago
Andrew DeMaria
cdd307d86f
Merge remote-tracking branch 'origin/pr/1042'
6 years ago
Andrew DeMaria
1e89890223
Merge remote-tracking branch 'origin/pr/1038'
6 years ago
jvoisin
33bf68aaa5
Add a password settings testcase ( #1058 )
...
* Add a simple testcase
This commit was done to understand how JUnit
and its friends are working. Expect more useful tests
in the future ;)
* Factorise a bit the tests
6 years ago
Jonas L
27ee009b69
[ci skip] Better readability in .gitlab-ci.yml
6 years ago
jvoisin
ce7671bf5e
Add the required keyword to some forms
...
This should improve a bit the accessibility.
6 years ago
jvoisin
6d294a770b
Replace the usage of prototypejs with jquery in changeCoverArt.jsp
...
This change was successfully tested on Chromium and Firefox.
6 years ago
jvoisin
bf5f8cb713
Factorize scripts-2.0.js into utils.js
...
No need to include two different and super-small javascript "utils" files.
6 years ago
jvoisin
f3b2c2ea7a
Add a missing taglib to homePager.jsp
...
The missing taglib is confusing coverity a bit,
and I think that it's a good practise to add it
anyway.
6 years ago
jvoisin
3cfe2b31a1
Move some cast-related inline js to an external file
...
There is no point in having such a massive
blob of javascript inline in the page.
6 years ago
Andrew DeMaria
7b628ed8dd
Merge remote-tracking branch 'origin/pr/1056'
6 years ago
jvoisin
58daacd9ab
Jetty is only used by developers, and never in production
...
So we're free to completely ignore CVE against it.
6 years ago
Jonas L
2c3ba680d8
[ci skip] Add Java version in issue template
6 years ago
jvoisin
ab03526620
Fix two NULL-deref
6 years ago
François-Xavier Thomas
f57ad3f27b
Fix typo in anonymous user name ( #663 )
6 years ago
Andrew DeMaria
ac0a722a10
Merge remote-tracking branch 'airsonic/pr/990'
6 years ago
Andrew DeMaria
b51cdc1c5c
Merge remote-tracking branch 'airsonic/pr/1028'
6 years ago
Andrew DeMaria
4537495baf
Merge remote-tracking branch 'airsonic/pr/1012'
6 years ago
Andrew DeMaria
3cdecb87f4
Merge remote-tracking branch 'airsonic/pr/1037'
6 years ago
François-Xavier Thomas
8a90d9f77b
Add system properties for persisting the 'remember me' key
...
This adds the 'airsonic.rememberMeKey' system property (can be set from
command-line with `-Dairsonic.rememberMeKey=<value>`) as well as a
'RememberMeKey' setting in airsonic.properties, so that the key used for
generating 'remember me' tokens can be persisted across server restarts.
It also adds a default, insecure key in case we are running in
development mode with the 'airsonic.development' property set.
6 years ago
jvoisin
3ee6fefe11
Bump jQuery/jquery-ui to the latest versions
...
I bumped it first to 2.X with jQuery migrate, played around but didn't manage
to trigger any warning. So I bumped it again to the latest available version,
jQuery 3.4.0, which isn't triggering useful warnings either.
6 years ago
jvoisin
b663a2fb90
Fix a stored XSS
6 years ago
jvoisin
348c698e35
Remove the /db page
...
This page wasn't linked anywhere, and was
allowing an administrator to issue arbitrary sql
comments, and was vulnerable to reflected XSS.
We should get rid of it. If you really want to issue
SQL commands, just ssh to your instance and do it from here.
6 years ago
jvoisin
d3970a5c62
Fix various minor issues found by LGTM
...
- Unnecessary boxing
- Integer overflow
- Path traversal via zip
- Dangerous synchronization pattern
6 years ago
Andrew DeMaria
a911ebab80
Merge remote-tracking branch 'origin/pr/1027'
6 years ago
Andrew DeMaria
df352d8cb0
Fix #611 Add support for Java 9 and greater
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
2162250101
Revert "Minor frameset-related factorization"
...
This reverts commit e69287cfe6
.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
jvoisin
925ecdaa03
Add a gitlab-ci file
6 years ago
jvoisin
3d54ef1afb
Mark the player cookie httpOnly
...
It doesn't improve much security-wise,
but it's a good practise anyway.
6 years ago
jvoisin
8f608485cb
Fix a typo
6 years ago
jvoisin
8123716d52
Remove unused loggers
6 years ago
jvoisin
4a06823057
Balance some synchronized
...
Balance synchronized used on getters and not setters
as well as the other way around.
6 years ago
jvoisin
d2f40b710b
Fix a possible stacktrace on RandomPlayQueue
6 years ago
Andrew DeMaria
a14c8549fa
Merge remote-tracking branch 'origin/pr/963'
6 years ago
Andrew DeMaria
a3e59e9724
Fix file encoding
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
e5c36d9854
Fix variable name
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
Andrew DeMaria
d8a5d1afad
Merge remote-tracking branch 'origin/pr/1034'
6 years ago
Andrew DeMaria
afc2f58ac5
Merge remote-tracking branch 'origin/pr/1036'
6 years ago
Andrew DeMaria
ab07462530
Update tomcat to 8.5.40
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
6 years ago
François-Xavier Thomas
820a4faec2
Avoid logging sensitive URL parameters in the Subsonic API
...
In case of exceptions, Airsonic logs the full URL that triggered it
since 417583cc
, including possibly sensitive query parameters such as
the authentication password/tokens passed to the Subsonic API.
This replaces the value set for this parameter in the URL by the
"<hidden>" string.
6 years ago