From fee76741a02899d2dfdc2ce29cfc27901a06383c Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Sun, 3 Apr 2022 13:38:42 +0200 Subject: [PATCH] Update Testresult --- SECURITY.md | 4 ++++ cps/constants.py | 2 +- setup.cfg | 8 ++++--- test/Calibre-Web TestSummary_Linux.html | 32 +++++++++++++------------ 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 54be54bd..78d5c6e2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -32,8 +32,12 @@ To receive fixes for security vulnerabilities it is required to always upgrade t | V 0.6.16 | JavaScript could get executed on authors page. Thanks to @alicaz || | V 0.6.16 | Localhost can no longer be used to upload covers. Thanks to @scara31 || | V 0.6.16 | Another case where public shelfs could be created without permission is prevented. Thanks to @nhiephon || +| V 0.6.16 | It's prevented to get the name of a private shelfs. Thanks to @nhiephon || | V 0.6.17 | The SSRF Protection can no longer be bypassed via an HTTP redirect. Thanks to @416e6e61 || | V 0.6.17 | The SSRF Protection can no longer be bypassed via 0.0.0.0 and it's ipv6 equivalent. Thanks to @r0hanSH || +| V 0.6.18 | Possible SQL Injection is prevented in user table Thanks to Iman Sharafaldin (Forward Security) || +| V 0.6.18 | The SSRF protection no longer can be bypassed by IPV6/IPV4 embedding. Thanks to @416e6e61 || +| V 0.6.18 | The SSRF protection no longer can be bypassed to connect to other servers in the local network. Thanks to @michaellrowley || ## Statement regarding Log4j (CVE-2021-44228 and related) diff --git a/cps/constants.py b/cps/constants.py index cb5348d5..c2eb0527 100644 --- a/cps/constants.py +++ b/cps/constants.py @@ -154,7 +154,7 @@ def selected_roles(dictionary): BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, ' 'series_id, languages, publisher') -STABLE_VERSION = {'version': '0.6.18 Beta'} +STABLE_VERSION = {'version': '0.6.18'} NIGHTLY_VERSION = dict() NIGHTLY_VERSION[0] = '$Format:%H$' diff --git a/setup.cfg b/setup.cfg index 9ad1164a..49496fc9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -38,6 +38,7 @@ console_scripts = [options] include_package_data = True install_requires = + werkzeug<2.1.0 Babel>=1.3,<3.0 Flask-Babel>=0.11.1,<2.1.0 Flask-Login>=0.3.2,<0.5.1 @@ -52,9 +53,10 @@ install_requires = tornado>=4.1,<6.2 Wand>=0.4.4,<0.7.0 unidecode>=0.04.19,<1.4.0 - lxml>=3.8.0,<4.8.0 + lxml>=3.8.0,<4.9.0 flask-wtf>=0.14.2,<1.1.0 chardet>=3.0.0,<4.1.0 + advocate>=1.0.0,<1.1.0 [options.extras_require] @@ -71,7 +73,7 @@ gdrive = PyYAML>=3.12 rsa>=3.4.2,<4.9.0 gmail = - google-auth-oauthlib>=0.4.3,<0.5.0 + google-auth-oauthlib>=0.4.3,<0.6.0 google-api-python-client>=1.7.11,<2.43.0 goodreads = goodreads>=0.3.2,<0.4.0 @@ -84,7 +86,7 @@ oauth = SQLAlchemy-Utils>=0.33.5,<0.39.0 metadata = rarfile>=3.2 - scholarly>=1.2.0,<1.6 + scholarly>=1.2.0,<1.7 markdown2>=2.0.0,<2.5.0 html2text>=2020.1.16,<2022.1.1 python-dateutil>=2.1,<2.9.0 diff --git a/test/Calibre-Web TestSummary_Linux.html b/test/Calibre-Web TestSummary_Linux.html index 524db518..392fdbea 100644 --- a/test/Calibre-Web TestSummary_Linux.html +++ b/test/Calibre-Web TestSummary_Linux.html @@ -37,20 +37,20 @@
-

Start Time: 2022-03-28 21:45:14

+

Start Time: 2022-04-03 07:19:10

-

Stop Time: 2022-03-29 03:21:52

+

Stop Time: 2022-04-03 12:55:38

-

Duration: 4h 46 min

+

Duration: 4h 47 min

@@ -1593,9 +1593,11 @@ 
Traceback (most recent call last):
-  File "/home/ozzie/Development/calibre-web-test/test/test_edit_books_metadata.py", line 167, in test_load_metadata
-    self.assertGreaterEqual(diff(BytesIO(cover), BytesIO(original_cover), delete_diff_file=True), 0.05)
-AssertionError: 0.0 not greater than or equal to 0.05
+ File "/home/ozzie/Development/calibre-web-test/test/test_edit_books_metadata.py", line 235, in test_load_metadata + self.assertEqual("奇想西遊記1", results[3]['title']) +AssertionError: '奇想西遊記1' != '巧讀西遊記' +- 奇想西遊記1 ++ 巧讀西遊記
@@ -4599,7 +4601,7 @@ AssertionError: 0.0 not greater than or equal to 0.05 Platform - Linux 5.13.0-37-generic #42~20.04.1-Ubuntu SMP Tue Mar 15 15:44:28 UTC 2022 x86_64 x86_64 + Linux 5.13.0-39-generic #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022 x86_64 x86_64 Basic @@ -4659,13 +4661,7 @@ AssertionError: 0.0 not greater than or equal to 0.05 Flask-WTF - 1.0.0 - Basic - - - - gevent - 21.12.0 + 1.0.1 Basic @@ -4719,7 +4715,13 @@ AssertionError: 0.0 not greater than or equal to 0.05 SQLAlchemy - 1.4.32 + 1.4.34 + Basic + + + + tornado + 6.1 Basic