Ampache v4.0.0 Release Notes
Release Date: 2019-11-24 // over 4 years ago-
ampache-4.0.0_all.zip (MD5SUM 0f1f8a3c6b5c9511294a0db6d00efa5e)
🚀 Make sure you read over the full changelog and check out Release News to get a handle on some of the new features/changes.
⚡️ Major update points
- ⬇️ Drop PHP 5.6 support for 7.1+
- Resolve CVE-2019-12385 for the SQL Injection
- Resolve CVE-2019-12386 for the persistent XSS
- Resolve NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0
- ⚡️ Default to disk 1 instead of 0 (db updates to handle existing albums)
- Fix - MySQL8 installation using mysql_native_password with caveats [https://github.com/ampache/ampache/wiki/mysql-faq]
- If you are using charts/graphs there has been a change regarding c-pchart chart-faq
- 🆕 New Plugin - Matomo.plugin. [https://matomo.org/]
- 🆕 New Plugin - ListenBrainz.plugin [https://listenbrainz.org/]
- 0️⃣ Default to mashup view for artists and albums
- Documented the Ampache API [https://github.com/ampache/ampache/wiki/XML-methods]
- API Authentication: Require a handshake and generate unique sessions at all times
- API Authentication: allow sha256 encrypted apikey for auth
- You must send an encrypted api key in the following fashion. (Hash key joined with username)
- $passphrase = hash('sha256', $username . hash('sha256', $apikey));
- ⚡️ Update Subsonic api to 1.13.0 [http://www.subsonic.org/pages/api.jsp]
- 👍 Allow token auth using API Key instead of password.