Skip to content

@lachlan-00 lachlan-00 released this Nov 24, 2019 · 6 commits to master since this release (MD5SUM 0f1f8a3c6b5c9511294a0db6d00efa5e)

Make sure you read over the full changelog and check out Release News to get a handle on some of the new features/changes.

Major update points

  • Drop PHP 5.6 support for 7.1+
  • Resolve CVE-2019-12385 for the SQL Injection
  • Resolve CVE-2019-12386 for the persistent XSS
  • Resolve NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0
  • Default to disk 1 instead of 0 (db updates to handle existing albums)
  • Fix - MySQL8 installation using mysql_native_password with caveats []
  • If you are using charts/graphs there has been a change regarding c-pchart chart-faq
  • New Plugin - Matomo.plugin. []
  • New Plugin - ListenBrainz.plugin []
  • Default to mashup view for artists and albums
  • Documented the Ampache API []
  • API Authentication: Require a handshake and generate unique sessions at all times
  • API Authentication: allow sha256 encrypted apikey for auth
    • You must send an encrypted api key in the following fashion. (Hash key joined with username)
    • $passphrase = hash('sha256', $username . hash('sha256', $apikey));
  • Update Subsonic api to 1.13.0 []
  • Allow token auth using API Key instead of password.
Assets 3
You can’t perform that action at this time.