Upcoming moOde 9.1.0 release - Printable Version +- Moode Forum (https://moodeaudio.org/forum) +-- Forum: moOde audio player (https://moodeaudio.org/forum/forumdisplay.php?fid=3) +--- Forum: Support (https://moodeaudio.org/forum/forumdisplay.php?fid=7) +--- Thread: Upcoming moOde 9.1.0 release (/showthread.php?tid=6887) |
RE: Upcoming moOde 9.1.0 release - kurt1970 - 09-13-2024 By playing with the sudo apt-get update etc, I've the 9.1.0 on my instance since 3 or 4 days, playing +12h/day. It seems to behave. RE: Upcoming moOde 9.1.0 release - Tim Curtis - 09-13-2024 Try the test image I just posted yesterday. It includes the new XSS detection. RE: Upcoming moOde 9.1.0 release - TheOldPresbyope - 09-13-2024 So with XSS detection enabled, I regenerated the library using my modest collection of ca. 600 albums. Got several dozen hits based on detection of "<", "(", and "=". Examples: Code: 20240913 132330 SECCHK: XSS character detected: tag|value: Composer|<Various Composers> All in all, detection and reporting seems to be working (though calling out Laurie Anderson for her iconic Let x=x just feels so wrong<grin>). Still, from a system perspective, the more important part of your recent security changes is the tightening of the webUI code. Too bad it's invisible to the casual user but it is definitely an improvement. Regards, Kent RE: Upcoming moOde 9.1.0 release - Tim Curtis - 09-13-2024 (09-13-2024, 05:58 PM)TheOldPresbyope Wrote: So with XSS detection enabled, I regenerated the library using my modest collection of ca. 600 albums. Got several dozen hits based on detection of "<", "(", and "=". Parenthesis are not part of the regex but 'script' is an XSS command. It's in the work 'transcription'. I'll have to refine the XSS command detection so that normal words don't trigger detection. RE: Upcoming moOde 9.1.0 release - Sehnsucht - 09-13-2024 One thing I do is simply to remove all flac tags except for those I actively set/use. I run this against every file: Code: metaflac --show-tag DATE --show-tag TITLE --show-tag GENRE --show-tag ARTIST --show-tag ALBUM --show-tag TRACKNUMBER --show-tag DISCNUMBER "$1" | metaflac --remove-all-tags --import-tags-from=- "$1" RE: Upcoming moOde 9.1.0 release - TheOldPresbyope - 09-14-2024 @Tim Curtis By the way, are you contemplating bumping to upmpdcli-v1.8.16 with its updated Tidal plugin? Regards, Kent RE: Upcoming moOde 9.1.0 release - Tim Curtis - 09-14-2024 I'll look into it. RE: Upcoming moOde 9.1.0 release - Tim Curtis - 09-14-2024 @bitlab just uploaded new upmpdcli packages to the CS repo. Run the commands below to install then reboot. Code: # Bump upmpdcli RE: Upcoming moOde 9.1.0 release - TheOldPresbyope - 09-14-2024 (09-14-2024, 12:51 PM)Tim Curtis Wrote: @bitlab just uploaded new upmpdcli packages to the CS repo. Nice. I cheated when I tried the Tidal plugin recently and ignored the updated libraries. Hats off to @bitlab for doing the job right. Regards, Kent RE: Upcoming moOde 9.1.0 release - Tim Curtis - 09-14-2024 (09-14-2024, 01:09 PM)TheOldPresbyope Wrote:(09-14-2024, 12:51 PM)Tim Curtis Wrote: @bitlab just uploaded new upmpdcli packages to the CS repo. Are u able to test the updated Tidal plugin? IIRC configuring it was kind of involved... |