f78b108939
Optionally parse podcast episode duration in seconds to [hh:]mm:ss
7 vuotta sitten
8b4037b549
Check reCAPTCHA v2 responses when enabled
...
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
1b833003fb
Bring back an optional reCAPTCHA v2
...
Only showing it in the recovery view, not yet validating the result.
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
a928b9ee3f
Add settings for CAPTCHA in account recovery.
...
Allowing users to enable it and specify the site and secret key to use
with reCAPTCHA.
The old hard-coded keys were insecure; the secret key must not be
distributed publicly. The current defaults are the test keys provided at
https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha-v2-what-should-i-do
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
749342f25e
Remove captcha support
...
It uses reCAPTCHA v1, which hasn't worked since March 2018.
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
5281d9ab6e
Fix for false positive node vuln
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 vuotta sitten
caa1dac3a2
Use dark media player theme on groove theme ( #777 )
7 vuotta sitten
ae7f35a9cd
Don't use HTTPS for scrobbling
...
Turns out HTTPS isn't supported for the old API that we're using, so go
back to using plain HTTP.
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
69e2ba0825
Use HTTPS and java.net.URI for scrobbling
...
HTTPS will help prevent eavesdropping on the auth token, and using URI
will ensure unusual characters (like spaces, accidental or otherwise)
are escaped correctly.
Fixes #588
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
cfdedea452
Suppress CVE-2018-13684 for dependency-check
...
False positive matching ant-zip against a CVE for ZIP, an Ethereum
token.
Signed-off-by: Peter Marheine <peter@taricorp.net>
7 vuotta sitten
e3ea7beb96
Fix #764
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 vuotta sitten
8d3c0ec9a0
Updates
...
- Update Spring boot Version
- Update dependency check version
- Exclude irrelevant nodejs cve
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 vuotta sitten
3e1ea6f913
Fix #749 Ensure transcode settings are protected
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 vuotta sitten
431c98b496
Exclude cve CVE-2018-1115
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
7 vuotta sitten
6a44c5c815
Handle player id as an Integer instead of String
8 vuotta sitten
b3f432a545
Issue #164 : Add tests for reading MusicBrainz release tags
8 vuotta sitten
c76a92746d
Issue #164 : Show link to MusicBrainz release on album pages
8 vuotta sitten
30ffc9560b
Fix wrong case
8 vuotta sitten
5cca85f516
Ignore irrelevant CVE
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
070df25f45
catch exceptions ClientAbortException display a short message and return, to avoid the massive useless traceback in log
...
Signed-off-by: Bonome <bonome@tak.blue>
8 vuotta sitten
b259f32bc4
Fix themes using dark background with me_js
8 vuotta sitten
d1e190af0c
Remove margin of media_control bar
8 vuotta sitten
159d5f67fa
Fix #596
8 vuotta sitten
6204409c5e
New add_album to play queue
8 vuotta sitten
c2416a57a8
deps: update jackson to a vuln-free version,
...
bump java-jwt in the process
8 vuotta sitten
be91fb08c4
fix issues #638 and #574
8 vuotta sitten
d8eac74cb6
Reverted a93a18a and properly re-encoded with 'native2ascii -encoding UTF-8'
8 vuotta sitten
caae31452e
Bump to 10.2.0 snapshot
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
dbd2a738eb
Made it easier to see current playing song for dark themes
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
a93a18a055
Fixed elipse in english translation
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
b0aff38caf
Fix #658 again: content type for unscaled images set based on jaudiotagger output
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
11ec30cd9f
Revert "Fix #658 content type for full size cover arts"
...
This reverts commit 18b16eb859
8 vuotta sitten
18b16eb859
Fix #658 content type for full size cover arts
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
535d5d06cb
Release 10.1.1
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
429fa1fb92
Fixed botched up css (Substandard) ( #652 )
...
Signed-off-by:Manuel Müller <manuel.mueller@geekinbusiness.de>
8 vuotta sitten
524d8da190
suppressed vulnerabiltiy warning in build, for Postgres JDBC-Driver,
...
since it's a vulnerability in Postgre itself
Signed-off-by:Manuel Müller <manuel.mueller@geekinbusiness.de>
8 vuotta sitten
dcf41ce9e0
Issue 617
...
Restores optimization in AlbumUpnpProcessor and instead re-implements
default behavior in RecentAlbumUpnpProcessor subclass.
8 vuotta sitten
766fec1bf8
escaped &s
8 vuotta sitten
b4ef434c08
Issue 617
...
Removes an incorrect override in AlbumUpnpProcessor which was preventing
RecentAlbumUpnpProcessor from behaving correctly.
Also adds a correct getAllItemsSize() implementation for
RecentAlbumUpnpProcessor.
8 vuotta sitten
5a04a8b42b
Reverting apostrophes and double quotes
8 vuotta sitten
5e47bc500e
Fix maven profile mixup with sign/tomcat-embed
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
3c95553dc5
Language rework
8 vuotta sitten
756d178978
Upgrade jaudiotagger to 2.2.5 supporting Java 9
...
Signed-off-by: Robert Sprunk <github@sprunk.me>
8 vuotta sitten
ab33bf2cee
Add show-all button on artist listing page
8 vuotta sitten
78006946ea
Bump 10.2.0-SNAPSHOT
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
e04cda4293
Release 10.1.0
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
143cc5a40c
Added gpg sign profile
...
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
c7789533a0
Don't require csrf for search endpoint
...
Reasoning:
- It doesn't change state and is not a sensitive endpoint
- It really should be changed to GET but that is a bit more intrusive
change that can be done at another time
- The search csrf token is stored on the top.jsp page for a long time.
If the user keeps this tab open for a while it is possible the csrf
token will change on their session with other requests going on such
that the search csrf token becomes wrong/stale.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
438461933d
Dep Check Plugin and update vuln dependencies
...
Detail
------
Add a dependency check plugin to find reported issues with dependencies
we use.
From adding this, there were quite a few false positives which are
documented in airsonic-main/cve-suppressed.xml. The applicable
vulnerabilities are as follows:
```
commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2,
cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031,
CVE-2014-0050, CVE-2013-0248
castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1,
cpe:/a:castor_project:castor:1.3.1,
org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004
tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617
```
CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content
from any multipart uploads so doesn't apply.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
8 vuotta sitten
a2a6591d36
Add "opus" and "mka" extension to default
...
This add 2 more extensions to the default scanned audio files. see #603 for more details
8 vuotta sitten
Carlos Galindo
Peter Marheine
Andrew DeMaria
François-Xavier Thomas
snw35
jo
Bonome
Romain DEP.
Rémi Cocula
Starkad
Allen Petersen
Allan Nordhøy
Robert Sprunk
Shen-Ta Hsieh
Jonas L