What's new?
This release fixes a critical security vulnerability that allowed an authenticated user to download an arbitrary file from the host server via the streaming endpoint. Fix commit: d7e2710
Important
If you are running an older release, please upgrade to this release; especially if your server is exposed to the internet.
Special thanks to @443pablo for the security report ❤️.
Enjoy!
The Docker container for this release is available here:
https://github.com/orgs/swingmx/packages/container/swingmusic/594568544?tag=master
Get the Android client APK here: https://github.com/swingmx/android/releases
Join our community on Telegram: https://t.me/+9n61PFcgKhozZDE0