Release v0.54.5 · navidrome/navidrome · GitHub (github.com)

submitted 4 months ago by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

This is an important security fix. Please update ASAP. A proper CVE advisory will be published soon and will be linked here.

top 2 comments

sorted by: hot top new old

[-] [email protected] 3 points 4 months ago* (last edited 4 months ago)

This seems quite serious, I'll definitely be reading the CVE once it's published. Luckily, I noticed the github notification of the release after only a couple of hours.

edit: I read the advisory and it wasn't too bad in terms of attacker access:

Impact
An attacker can use any non-existent username to bypass the authentication system and gain access to various read-only data in Navidrome, such as user playlists. However, any attempt to modify data fails due to insufficient permissions, limiting the impact to unauthorized viewing of information.

[-] [email protected] 2 points 4 months ago

I wish the web ui supported jukebox mode

this post was submitted on 21 Feb 2025

25 points (100.0% liked)

Navidrome Music Server (Unofficial)

368 readers

3 users here now

Navidrome is a free, open source web-based music collection server and streamer. It gives you freedom to listen to your music collection from any browser or mobile device. https://www.navidrome.org/

This is an unofficial community. However, we adhear to the official Code Of Conduct set by the Navidrome project.

founded 2 years ago

MODERATORS

[email protected]