diff --git a/README.md b/README.md
index 4ebb5cd8..896d4535 100644
--- a/README.md
+++ b/README.md
@@ -37,9 +37,9 @@ Calibre-Web is a web app providing a clean interface for browsing, reading and d
- "Magic Link" login to make it easy to log on eReaders
- Login via LDAP, google/github oauth and via proxy authentication
-## Quick start
+## Installation
-#### Install via pip
+#### Installation via pip (recommended)
1. Install calibre web via pip with the command `pip install calibreweb` (Depending on your OS and or distro the command could also be `pip3`).
2. Optional features can also be installed via pip, please refer to [this page](https://github.com/janeczku/calibre-web/wiki/Dependencies-in-Calibre-Web-Linux-Windows) for details
3. Calibre-Web can be started afterwards by typing `cps` or `python3 -m cps`
@@ -47,18 +47,21 @@ Calibre-Web is a web app providing a clean interface for browsing, reading and d
#### Manual installation
1. Install dependencies by running `pip3 install --target vendor -r requirements.txt` (python3.x). Alternativly set up a python virtual environment.
2. Execute the command: `python3 cps.py` (or `nohup python3 cps.py` - recommended if you want to exit the terminal window)
-
+
+Issues with Ubuntu:
+Please note that running the above install command can fail on some versions of Ubuntu, saying `"can't combine user with prefix"`. This is a [known bug](https://github.com/pypa/pip/issues/3826) and can be remedied by using the command `pip install --system --target vendor -r requirements.txt` instead.
+
+## Quick start
+
Point your browser to `http://localhost:8083` or `http://localhost:8083/opds` for the OPDS catalog
Set `Location of Calibre database` to the path of the folder where your Calibre library (metadata.db) lives, push "submit" button\
Optionally a Google Drive can be used to host the calibre library [-> Using Google Drive integration](https://github.com/janeczku/calibre-web/wiki/Configuration#using-google-drive-integration)
Go to Login page
-**Default admin login:**\
+#### Default admin login:
*Username:* admin\
*Password:* admin123
-**Issues with Ubuntu:**
-Please note that running the above install command can fail on some versions of Ubuntu, saying `"can't combine user with prefix"`. This is a [known bug](https://github.com/pypa/pip/issues/3826) and can be remedied by using the command `pip install --system --target vendor -r requirements.txt` instead.
## Requirements
diff --git a/SECURITY.md b/SECURITY.md
index 2f36fac8..dc763184 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,3 +3,27 @@
## Reporting a Vulnerability
Please report security issues to ozzie.fernandez.isaacs@googlemail.com
+
+## Supported Versions
+
+To receive fixes for security vulnerabilities it is required to always upgrade to the latest version of Calibre-Web. See https://github.com/janeczku/calibre-web/releases/latest for the latest release.
+
+## History
+
+| Fixed in | Description |CVE number |
+| ---------- |---------|---------|
+| 3rd July 2018 | Guest access acts as a backdoor||
+| V 0.6.7 |Hardcoded secret key for sessions |CVE-2020-12627 |
+| V 0.6.13|Calibre-Web Metadata cross site scripting |CVE-2021-25964|
+| V 0.6.13|Name of Shelves are only visible to users who can access the corresponding shelf Thanks to @ibarrionuevo||
+| V 0.6.13|JavaScript could get executed in the description field. Thanks to @ranjit-git ||
+| V 0.6.13|JavaScript could get executed in a custom column of type "comment" field ||
+| V 0.6.13|JavaScript could get executed after converting a book to another format with a title containing javascript code||
+| V 0.6.13|JavaScript could get executed after converting a book to another format with a username containing javascript code||
+| V 0.6.13|JavaScript could get executed in the description series, categories or publishers title||
+| V 0.6.13|JavaScript could get executed in the shelf title||
+| V 0.6.13|Login with the old session cookie after logout. Thanks to @ibarrionuevo||
+| V 0.6.14|CSRF was possible. Thanks to @mik317 ||
+| V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo||
+
+
diff --git a/cps/constants.py b/cps/constants.py
index 367bc29d..e37ad900 100644
--- a/cps/constants.py
+++ b/cps/constants.py
@@ -151,7 +151,7 @@ def selected_roles(dictionary):
BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
'series_id, languages, publisher')
-STABLE_VERSION = {'version': '0.6.14 Beta'}
+STABLE_VERSION = {'version': '0.6.15 Beta'}
NIGHTLY_VERSION = {}
NIGHTLY_VERSION[0] = '$Format:%H$'
diff --git a/optional-requirements.txt b/optional-requirements.txt
index af068a51..cfa2bfc3 100644
--- a/optional-requirements.txt
+++ b/optional-requirements.txt
@@ -1,5 +1,5 @@
# GDrive Integration
-gevent>20.6.0,<21.2.0
+gevent>20.6.0,<22.0.0
greenlet>=0.4.17,<1.2.0
httplib2>=0.9.2,<0.20.0
oauth2client>=4.0.0,<4.1.4
diff --git a/setup.cfg b/setup.cfg
index 58213f47..76f7e405 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -18,6 +18,7 @@ classifiers =
Development Status :: 5 - Production/Stable
License :: OSI Approved :: GNU Affero General Public License v3
Programming Language :: Python :: 3
+ Programming Language :: Python :: 3.5
Programming Language :: Python :: 3.6
Programming Language :: Python :: 3.7
Programming Language :: Python :: 3.8
@@ -56,7 +57,7 @@ install_requires =
[options.extras_require]
gdrive =
google-api-python-client>=1.7.11,<2.1.0
- gevent>20.6.0,<21.2.0
+ gevent>20.6.0,<22.0.0
greenlet>=0.4.17,<1.2.0
httplib2>=0.9.2,<0.20.0
oauth2client>=4.0.0,<4.1.4
diff --git a/test/Calibre-Web TestSummary_Linux.html b/test/Calibre-Web TestSummary_Linux.html
index 7cdaa5a0..1733a51a 100644
--- a/test/Calibre-Web TestSummary_Linux.html
+++ b/test/Calibre-Web TestSummary_Linux.html
@@ -37,20 +37,20 @@
-
Start Time: 2021-10-29 07:17:17
+
Start Time: 2021-10-30 19:49:15
-
Stop Time: 2021-10-29 10:46:29
+
Stop Time: 2021-10-30 23:31:02
-
Duration: 2h 49 min
+
Duration: 3h 2 min
@@ -378,13 +378,13 @@
-
+
| TestDeleteDatabase |
1 |
- 0 |
1 |
0 |
0 |
+ 0 |
Detail
|
@@ -392,32 +392,11 @@
-
+
|
TestDeleteDatabase - test_delete_books_in_database
|
-
-
-
-
-
-
-
- |
+ PASS |
@@ -1240,15 +1219,15 @@ AssertionError: '' != 'No matching records found'
-
+
| TestEditBooksList |
- 10 |
- 9 |
- 1 |
+ 18 |
+ 18 |
+ 0 |
0 |
0 |
- Detail
+ Detail
|
@@ -1274,7 +1253,7 @@ AssertionError: '' != 'No matching records found'
|
- TestEditBooksList - test_bookslist_edit_languages
+ TestEditBooksList - test_bookslist_edit_comment
|
PASS |
@@ -1283,7 +1262,7 @@ AssertionError: '' != 'No matching records found'
|
- TestEditBooksList - test_bookslist_edit_publisher
+ TestEditBooksList - test_bookslist_edit_cust_category
|
PASS |
@@ -1292,7 +1271,7 @@ AssertionError: '' != 'No matching records found'
|
- TestEditBooksList - test_bookslist_edit_series
+ TestEditBooksList - test_bookslist_edit_cust_comment
|
PASS |
@@ -1301,7 +1280,7 @@ AssertionError: '' != 'No matching records found'
|
- TestEditBooksList - test_bookslist_edit_seriesindex
+ TestEditBooksList - test_bookslist_edit_cust_enum
|
PASS |
@@ -1309,6 +1288,78 @@ AssertionError: '' != 'No matching records found'
+ |
+ TestEditBooksList - test_bookslist_edit_cust_float
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_cust_int
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_cust_ratings
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_cust_text
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_languages
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_publisher
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_series
+ |
+ PASS |
+
+
+
+
+
+ |
+ TestEditBooksList - test_bookslist_edit_seriesindex
+ |
+ PASS |
+
+
+
+
+
|
TestEditBooksList - test_bookslist_edit_title
|
@@ -1317,36 +1368,16 @@ AssertionError: '' != 'No matching records found'
-
+
|
TestEditBooksList - test_list_visibility
|
-
-
-
-
-
-
-
- |
+ PASS |
-
+
|
TestEditBooksList - test_restricted_rights
|
@@ -1355,7 +1386,7 @@ AssertionError: 9 != 17
-
+
|
TestEditBooksList - test_search_books_list
|
@@ -1365,11 +1396,11 @@ AssertionError: 9 != 17
-
+
| TestEditBooksOnGdrive |
20 |
- 19 |
- 1 |
+ 20 |
+ 0 |
0 |
0 |
@@ -1550,31 +1581,11 @@ AssertionError: 9 != 17
- |
+
|
TestEditBooksOnGdrive - test_watch_metadata
|
-
-
-
-
-
-
-
- |
+ PASS |
@@ -1943,12 +1954,12 @@ AssertionError: 'series' unexpectedly found in {'id': 5, 're
-
+
| TestKoboSyncBig |
4 |
- 1 |
- 1 |
- 2 |
+ 4 |
+ 0 |
+ 0 |
0 |
Detail
@@ -1957,60 +1968,20 @@ AssertionError: 'series' unexpectedly found in {'id': 5, 're
- |
+
|
TestKoboSyncBig - test_kobo_sync_selected_shelfs
|
-
-
-
-
-
-
-
- |
+ PASS |
-
+
|
TestKoboSyncBig - test_sync_changed_book
|
-
-
-
-
-
-
-
- |
+ PASS |
@@ -2024,31 +1995,11 @@ IndexError: list index out of range
-
+
|
TestKoboSyncBig - test_sync_shelf
|
-
-
-
-
-
-
-
- |
+ PASS |
@@ -2950,11 +2901,11 @@ AssertionError: 1 != 0
-
+
| TestShelf |
13 |
- 11 |
- 1 |
+ 12 |
+ 0 |
0 |
1 |
@@ -2973,31 +2924,11 @@ AssertionError: 1 != 0
- |
+
|
TestShelf - test_adv_search_shelf
|
-
-
-
-
-
-
-
- |
+ PASS |
@@ -4151,10 +4082,10 @@ AssertionError: 0 != 5
| Total |
- 358 |
- 345 |
- 5 |
- 2 |
+ 366 |
+ 360 |
+ 0 |
+ 0 |
6 |
|
@@ -4561,7 +4492,7 @@ AssertionError: 0 != 5