github Nezreka/SoulSync 2.7.1
Version 2.7.1
on GitHub

4 hours ago

2.7.1

bug-fix + hardening pass on top of 2.7.0 — a download verification/review system, a real security fix for the login bypass, and a stack of issue fixes.

download verification & review (the headline)

every download now gets fingerprint-checked (acoustid) against what you actually asked for, and the result sticks:

  • verified / unverified status persisted three ways — db, a SOULSYNC_VERIFICATION file tag, and library_history — and shown as a badge on the Downloads completed list.
  • import + scan share one core now (the same normalize() + evaluate() PASS/SKIP/FAIL logic), so the two stop disagreeing — no more one path flagging what the other imported, and no false-flagging across scripts.
  • new Unverified review queue: listen, compare, approve, or delete the questionable downloads, with visible retry progress. mutating actions are admin-only.

security: login bypass closed (#852)

safari's "hide distracting items" (and devtools, curl, etc.) could remove the login/PIN overlay and get in — because the gate was http-only and the websocket handshake wasn't gated, so live data still streamed to an unauthenticated client. now the socket connection enforces the same login/PIN check the http side does. audited every other surface too (SSE, data, admin, search, audio-stream) — all already gated; the socket was the one hole. covers both the launch PIN and the native login.

bug fixes

  • #704 — acoustid retag was ineffective: it fixed a mismatched file's tags but left it in the wrong artist/album folder. new Relocate option retags it and moves it to staging so auto-import re-files it correctly.
  • #702 — listenbrainz weekly playlists could wedge in an unrecoverable sync state ("youtube playlist not found" on cancel). cancel / reset / delete are now idempotent, so a wedged playlist clears and you can re-sync.
  • torrents — magnets stuck "downloading metadata" now actually hit the stall timeout (the byte counter's DHT noise was resetting the clock forever), and dead/timed-out torrents get cleaned out of the client instead of orphaned + re-grabbed as duplicates.
  • #851 — a / or : in a title now matches sources that use _ (slash-title vs underscore-source mismatch).
  • #840 — you can pick & as the artist separator for tags (musicbrainz/picard style).
  • search — auto-selects spotify when "spotify (no auth)" is your active metadata source (they're the same thing).

contributor PRs

  • #845 — opt-in import-folder artist override (+ admin-gated the verification-review endpoints, lifted the history-path resolver to a tested core for delete-safety).
  • #848 — discogs master/release ID collision was fetching the wrong album.
  • #850 — service-worker cover-art cache no longer hard-fails on first load.
  • #853 — artist pages load way faster on reopen: deezer / itunes / discogs now cache the artist→album list like spotify already did, instead of refetching the whole discography every time (+ follow-up: an interrupted deezer fetch can't cache a partial discography).
Check out latest releases or
releases around Nezreka/SoulSync 2.7.1

Don't miss a new SoulSync release

NewReleases is sending notifications on new releases.

Get notifications