Skip to content

@lachlan-00 lachlan-00 released this Nov 24, 2019 · 6 commits to master since this release

ampache-4.0.0_all.zip (MD5SUM 0f1f8a3c6b5c9511294a0db6d00efa5e)

Make sure you read over the full changelog and check out Release News to get a handle on some of the new features/changes.

Major update points

  • Drop PHP 5.6 support for 7.1+
  • Resolve CVE-2019-12385 for the SQL Injection
  • Resolve CVE-2019-12386 for the persistent XSS
  • Resolve NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0
  • Default to disk 1 instead of 0 (db updates to handle existing albums)
  • Fix - MySQL8 installation using mysql_native_password with caveats [https://github.com/ampache/ampache/wiki/mysql-faq]
  • If you are using charts/graphs there has been a change regarding c-pchart chart-faq
  • New Plugin - Matomo.plugin. [https://matomo.org/]
  • New Plugin - ListenBrainz.plugin [https://listenbrainz.org/]
  • Default to mashup view for artists and albums
  • Documented the Ampache API [https://github.com/ampache/ampache/wiki/XML-methods]
  • API Authentication: Require a handshake and generate unique sessions at all times
  • API Authentication: allow sha256 encrypted apikey for auth
    • You must send an encrypted api key in the following fashion. (Hash key joined with username)
    • $passphrase = hash('sha256', $username . hash('sha256', $apikey));
  • Update Subsonic api to 1.13.0 [http://www.subsonic.org/pages/api.jsp]
  • Allow token auth using API Key instead of password.
Assets 3
You can’t perform that action at this time.