diff --git a/SECURITY.md b/SECURITY.md index 262e66e2..26ce3c55 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -32,6 +32,8 @@ To receive fixes for security vulnerabilities it is required to always upgrade t | V 0.6.16 | JavaScript could get executed on authors page. Thanks to @alicaz || | V 0.6.16 | Localhost can no longer be used to upload covers. Thanks to @scara31 || | V 0.6.16 | Another case where public shelfs could be created without permission is prevented. Thanks to @nhiephon || +| V 0.6.17 | The SSRF Protection can no longer be bypassed via an HTTP redirect. Thanks to @416e6e61 || +| V 0.6.17 | The SSRF Protection can no longer be bypassed via 0.0.0.0 and it's ipv6 equivalent. Thanks to @r0hanSH || ## Staement regarding Log4j (CVE-2021-44228 and related) diff --git a/cps/constants.py b/cps/constants.py index f9003125..a96f614b 100644 --- a/cps/constants.py +++ b/cps/constants.py @@ -154,7 +154,7 @@ def selected_roles(dictionary): BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, ' 'series_id, languages, publisher') -STABLE_VERSION = {'version': '0.6.17 Beta'} +STABLE_VERSION = {'version': '0.6.17'} NIGHTLY_VERSION = dict() NIGHTLY_VERSION[0] = '$Format:%H$' diff --git a/test/Calibre-Web TestSummary_Linux.html b/test/Calibre-Web TestSummary_Linux.html index c569a45d..5daf8267 100644 --- a/test/Calibre-Web TestSummary_Linux.html +++ b/test/Calibre-Web TestSummary_Linux.html @@ -37,20 +37,20 @@
-

Start Time: 2022-02-28 21:38:15

+

Start Time: 2022-03-02 20:56:18

-

Stop Time: 2022-03-01 01:36:56

+

Stop Time: 2022-03-03 01:48:44

-

Duration: 3h 14 min

+

Duration: 4h 5 min

@@ -1351,12 +1351,12 @@ - + TestEditAuthorsGdrive 6 - 5 + 6 + 0 0 - 1 0 Detail @@ -1410,31 +1410,11 @@ - +
TestEditAuthorsGdrive - test_rename_capital_on_upload
- -
- ERROR -
- - - - + PASS @@ -1641,12 +1621,12 @@ KeyError: 'title' - + TestEditBooksOnGdrive 20 - 15 + 17 3 - 2 + 0 0 Detail @@ -1664,31 +1644,11 @@ KeyError: 'title' - +
TestEditBooksOnGdrive - test_edit_author
- -
- ERROR -
- - - - + PASS @@ -1810,31 +1770,11 @@ IndexError: list index out of range - +
TestEditBooksOnGdrive - test_edit_title
- -
- ERROR -
- - - - + PASS @@ -1927,7 +1867,7 @@ AssertionError: 0.0 not greater than 0.02 
Traceback (most recent call last):
   File "/home/ozzie/Development/calibre-web-test/test/test_edit_ebooks_gdrive.py", line 947, in test_watch_metadata
     self.assertNotIn('series', book)
-AssertionError: 'series' unexpectedly found in {'id': 5, 'reader': [], 'title': 'testbook', 'author': ['John Döe'], 'rating': 0, 'languages': ['English'], 'identifier': [], 'cover': '/cover/5?edit=cd72c8b1-57d4-4162-a993-661f44e62822', 'tag': [], 'publisher': ['Randomhäus'], 'pubdate': 'Jan 19, 2017', 'comment': 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit.Aenean commodo ligula eget dolor.Aenean massa.Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.Nulla consequat massa quis enim.Donec pede justo, fringilla vel, aliquet nec, vulputate', 'add_shelf': [], 'del_shelf': [], 'edit_enable': True, 'kindle': None, 'kindlebtn': None, 'download': ['EPUB (6.7 kB)'], 'read': False, 'archived': False, 'series_all': 'Book 1 of test', 'series_index': '1', 'series': 'test', 'cust_columns': []}
+AssertionError: 'series' unexpectedly found in {'id': 5, 'reader': [], 'title': 'testbook', 'author': ['John Döe'], 'rating': 0, 'languages': ['English'], 'identifier': [], 'cover': '/cover/5?edit=22ded0fa-26b4-429d-81fc-bc75707c4e4c', 'tag': [], 'publisher': ['Randomhäus'], 'pubdate': 'Jan 19, 2017', 'comment': 'Lorem ipsum dolor sit amet, consectetuer adipiscing elit.Aenean commodo ligula eget dolor.Aenean massa.Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.Nulla consequat massa quis enim.Donec pede justo, fringilla vel, aliquet nec, vulputate', 'add_shelf': [], 'del_shelf': [], 'edit_enable': True, 'kindle': None, 'kindlebtn': None, 'download': ['EPUB (6.7 kB)'], 'read': False, 'archived': False, 'series_all': 'Book 1 of test', 'series_index': '1', 'series': 'test', 'cust_columns': []}
@@ -2004,11 +1944,11 @@ AssertionError: 'series' unexpectedly found in {'id': 5, 're - + TestSSL 7 - 6 - 1 + 7 + 0 0 0 @@ -2036,31 +1976,11 @@ AssertionError: 'series' unexpectedly found in {'id': 5, 're - +
TestSSL - test_SSL_logging_email
- -
- FAIL -
- - - - + PASS @@ -3754,275 +3674,929 @@ AssertionError: 0 is not true : Email logging not working - - _ErrorHolder - 6 + + TestUploadEPubs + 2 + 2 0 0 - 6 0 - Detail + Detail - + -
setUpClass (test_upload_epubs)
- - -
- ERROR -
- - - +
TestUploadEPubs - test_upload_epub_duplicate
+ PASS - + -
setUpClass (test_user_list)
+
TestUploadEPubs - test_upload_epub_lang
- -
- ERROR -
- - - + + TestUserList + 18 + 18 + 0 + 0 + 0 + + Detail + + + + + + + +
TestUserList - test_edit_user_email
+ PASS - + -
setUpClass (test_user_load)
- - -
- ERROR -
- - - +
TestUserList - test_list_visibility
+ PASS - + -
setUpClass (test_user_template)
- - -
- ERROR -
- - - +
TestUserList - test_user_list_admin_role
+ PASS - + -
setUpClass (test_visiblilitys)
- - -
- ERROR -
- - - +
TestUserList - test_user_list_check_sort
+ PASS - + -
setUpClass (test_zz_helper)
+
TestUserList - test_user_list_denied_tags
- -
- ERROR -
- - - + PASS + + + + + + +
TestUserList - test_user_list_download_role
+ PASS + + + + + + +
TestUserList - test_user_list_edit_button
+ + PASS + + + + + + +
TestUserList - test_user_list_edit_email
+ + PASS + + + + + + +
TestUserList - test_user_list_edit_kindle
+ + PASS + + + + + + +
TestUserList - test_user_list_edit_language
+ + PASS + + + + + + +
TestUserList - test_user_list_edit_locale
+ + PASS + + + + + + +
TestUserList - test_user_list_edit_name
+ + PASS + + + + + + +
TestUserList - test_user_list_edit_visiblility
+ + PASS + + + + + + +
TestUserList - test_user_list_guest_edit
+ + PASS + + + + + + +
TestUserList - test_user_list_remove_admin
+ + PASS + + + + + + +
TestUserList - test_user_list_requests
+ + PASS + + + + + + +
TestUserList - test_user_list_search
+ + PASS + + + + + + +
TestUserList - test_user_list_sort
+ + PASS + + + + + + + TestUserLoad + 1 + 1 + 0 + 0 + 0 + + Detail + + + + + + + +
TestUserLoad - test_user_change_vis
+ + PASS + + + + + + + TestUserTemplate + 21 + 21 + 0 + 0 + 0 + + Detail + + + + + + + +
TestUserTemplate - test_allow_column_restriction
+ + PASS + + + + + + +
TestUserTemplate - test_allow_tag_restriction
+ + PASS + + + + + + +
TestUserTemplate - test_archived_format_template
+ + PASS + + + + + + +
TestUserTemplate - test_author_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_best_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_category_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_deny_column_restriction
+ + PASS + + + + + + +
TestUserTemplate - test_deny_tag_restriction
+ + PASS + + + + + + +
TestUserTemplate - test_detail_random_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_download_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_format_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_hot_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_language_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_limit_book_languages
+ + PASS + + + + + + +
TestUserTemplate - test_list_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_publisher_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_random_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_read_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_recent_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_series_user_template
+ + PASS + + + + + + +
TestUserTemplate - test_ui_language_settings
+ + PASS + + + + + + + TestCalibreWebVisibilitys + 34 + 34 + 0 + 0 + 0 + + Detail + + + + + + + +
TestCalibreWebVisibilitys - test_about
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_SMTP_Settings
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_add_user
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_password
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_archived
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_authors
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_category
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_file_formats
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_hot
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_language
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_publisher
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_random
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_rated
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_rating
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_read
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_admin_change_visibility_series
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_allow_columns
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_allow_tags
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_archive_books
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_authors_max_settings
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_change_title
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_checked_logged_in
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_hide_custom_column
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_link_column_to_read_status
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_random_books_available
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_request_link_column_to_read_status
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_restrict_columns
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_restrict_tags
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_save_views_recent
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_search_functions
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_search_order
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_search_string
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_user_email_available
+ + PASS + + + + + + +
TestCalibreWebVisibilitys - test_user_visibility_sidebar
+ + PASS + + + + + + + TestCalibreHelper + 16 + 16 + 0 + 0 + 0 + + Detail + + + + + + + +
TestCalibreHelper - test_author_sort
+ + PASS + + + + + + +
TestCalibreHelper - test_author_sort_comma
+ + PASS + + + + + + +
TestCalibreHelper - test_author_sort_junior
+ + PASS + + + + + + +
TestCalibreHelper - test_author_sort_oneword
+ + PASS + + + + + + +
TestCalibreHelper - test_author_sort_roman
+ + PASS + + + + + + +
TestCalibreHelper - test_check_Limit_Length
+ + PASS + + + + + + +
TestCalibreHelper - test_check_char_replacement
+ + PASS + + + + + + +
TestCalibreHelper - test_check_chinese_Characters
+ + PASS + + + + + + +
TestCalibreHelper - test_check_deg_eur_replacement
+ + PASS + + + + + + +
TestCalibreHelper - test_check_doubleS
+ + PASS + + + + + + +
TestCalibreHelper - test_check_finish_Dot
+ + PASS + + + + + + +
TestCalibreHelper - test_check_high23
+ + PASS + + + + + + +
TestCalibreHelper - test_check_umlauts
+ + PASS + + + + + + +
TestCalibreHelper - test_random_password
+ + PASS + + + + + + +
TestCalibreHelper - test_split_authors
+ + PASS + + + + + + +
TestCalibreHelper - test_whitespaces
+ + PASS Total - 318 - 298 - 4 - 9 + 404 + 394 + 3 + 0 7   @@ -4183,7 +4757,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc google-api-python-client - 2.38.0 + 2.39.0 TestCliGdrivedb @@ -4213,7 +4787,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc google-api-python-client - 2.38.0 + 2.39.0 TestEbookConvertCalibreGDrive @@ -4243,7 +4817,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc google-api-python-client - 2.38.0 + 2.39.0 TestEbookConvertGDriveKepubify @@ -4285,7 +4859,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc google-api-python-client - 2.38.0 + 2.39.0 TestEditAuthorsGdrive @@ -4321,7 +4895,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc google-api-python-client - 2.38.0 + 2.39.0 TestEditBooksOnGdrive @@ -4363,7 +4937,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc google-api-python-client - 2.38.0 + 2.39.0 TestSetupGdrive @@ -4453,7 +5027,7 @@ ImportError: cannot import name 'helper' from 'cps' (unknown loc