changelog - ampache/ampache GitHub Wiki

Release News

About

Hi! Ampache has had a lot of changes over the last year. Let's talk about what's new.

4.0.0

Resolved Security Issues

  • Resolved CVE-2019-12385 for the SQL Injection
  • Resolved CVE-2019-12386 for the persistent XSS
  • Resolved NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0

PHP 5.6 support has ended

Ampache will track against stable and requires a minimum of PHP 7.1

Removed all Plex code

Unfortunately, Plex has become so proprietary that all the apps no longer work with Ampache. This can't be resolved and the Plex server/backend has been removed.

Removed message of the day

Message of the day was not implemented in a safe way and has been removed. It will (probably) come back later as part of the messaging section.

New Config Option - mail_enable

Mail features and components that require a mail server are disabled until you enable this setting. For example, this ensures that you can't reset your password without a valid email server.

New Config Options - rating_browse_filter, rating_browse_minimum_stars

If you enable rating_browse_filter this setting the get_random and browse pages will remove artists and albums that are <= to rating_browse_minimum_stars. It's a great way to hide things you hate without having to do more than use the rating system. Screenshot from 2019-11-23 08-09-33 Screenshot from 2019-11-23 08-09-59

New Config Option - send_full_stream

By default Ampache used to chunk files at all times. But maybe you don't want to do that? This can be useful if you are having issues streaming and you can set it for all streams or a specific player (true, webplayer, api)

New Config Option - github_force_branch

Allow any official Ampache git branch set in config. Ampache branches

New Config Option - subsonic_stream_scrobble

It's pretty annoying how all the subsonic clients seem to ignore their download method. When enabled Ampache will record each cache as a download then use the client's scrobble method to record a stream before sending on to last.fm. This allows you to cache thousands of songs without blowing out your stats.

New Config Option - waveform_height, waveform_width

Customize the waveform size. Pretty simple!

New Config Option - of_the_moment

Set custom amount of albums/videos in "of the moment" areas. This setting used to be hardcoded.

Don't allow lost password reset for Admin users

A lot of features allowed abuse of admin user accounts and this is one of them. Admin users are responsible enough to secure their own passwords. (Right?)

No video, no channels in new installs

Due to a larger focus on the basics; video and channels are disabled by default.

Added SVG support to the theme engine

You can now add SVG images to Ampache themes. These will take priority over png images if they have the same name. There have been a lot of changes in the default theme and interface that your custom themes are probably broken in some way.

MySQL8 installation

Due to the changes in the default auth plugin for mysql there are some caveats you need to be aware of during install. These will be fixed when PHP 7.4 releases. FAQ link

Separation of charts from the default install

If you are using charts/graphs there has been a change regarding c-pchart FAQ link

Extend bin/sort_files.inc & catalog patterns to handle new fields

sort_files was a bit all over the place, there are new settings and variables available to use for a smoother experience that actually works. check out the catalogs tabs to see new variables.

Screenshot from 2019-11-23 23-50-00

Add bin/clean_art_table.inc

Clean art from the database that doesn't fit your min or max dimensions.

Add -u to bin/catalog_update.inc

This function will update the artist table with bio, image, etc as well as update similar artists.

Default to disk 1 instead of 0

There are some db updates to handle existing albums but now every album will report it's correct disk. Vinyl and albums with side A/B will convert the alpha characters to the numeric integer (A=1, B=2)

Rework user uploads to rely on file tags ONLY instead of allowing manual choices

There is now no function to allow setting Artist/Allbum in the upload process. Tags will be read and inserted as normal.

Include smartlists in the API playlist calls

A search is treated the same way as a playlist. Unlimited lists have a 5000 track limit set but this limit can be ignored by the API client.

Add now_playing.php

Show the currently playing track and fall back to last played if none.

This uses the config options; use_now_playing_embedded, now_playing_refresh_limit, now_playing_css_file

Screenshot from 2019-11-23 23-50-53

Default to mashup for artists and albums

You saw it above! the mashup shows a lot of good information. Set your limit with popular_threshold. Screenshot from 2019-11-24 17-00-03

Default to album_group on new installs

Screenshot from 2019-11-23 23-55-00 Screenshot from 2019-11-23 23-55-38

Documented the Ampache API

Check out the new and vastly improved API! API Info, API-methods

There have been some changes to the handling of the authentication handshake.

  • Require a handshake and generate unique sessions at all times
  • allow sha256 encrypted apikey for auth
    • You must send an encrypted api key in the following fashion. (Hash key joined with username)
    • $passphrase = hash('sha256', $username . hash('sha256', $apikey));

Subsonic Backend

  • Update api to 1.13.0 [http://www.subsonic.org/pages/api.jsp]
  • Allow token auth using API Key instead of password.
  • Don't ignore group settings with id3 browsing
  • New Method: updateUser
  • New Method: getTopSongs

Screenshot_20191122-153914_DSub

  • Fix cover art for playlists and albums and users

Screenshot_1574383721

  • Enable getChatMessages, addMessage allowing server chat

Screenshot_1574383687

  • Api fixes for podcast playback, Ultrasonic/Dsub workarounds