Update Testresult

Author: OzzieIsaacs

SECURITY.md

@@ -32,8 +32,12 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
 | V 0.6.16      | JavaScript could get executed on authors page. Thanks to @alicaz                                                   ||
 | V 0.6.16      | Localhost can no longer be used to upload covers. Thanks to @scara31                                               ||
 | V 0.6.16      | Another case where public shelfs could be created without permission is prevented. Thanks to @nhiephon             ||
+| V 0.6.16      | It's prevented to get the name of a private shelfs. Thanks to @nhiephon                                            ||
 | V 0.6.17      | The SSRF Protection can no longer be bypassed via an HTTP redirect. Thanks to @416e6e61                            ||
 | V 0.6.17      | The SSRF Protection can no longer be bypassed via 0.0.0.0 and it's ipv6 equivalent. Thanks to @r0hanSH             ||
+| V 0.6.18      | Possible SQL Injection is prevented in user table  Thanks to Iman Sharafaldin (Forward Security)                   ||
+| V 0.6.18      | The SSRF protection no longer can be bypassed by IPV6/IPV4 embedding. Thanks to  @416e6e61                         ||
+| V 0.6.18      | The SSRF protection no longer can be bypassed to connect to other servers in the local network. Thanks to @michaellrowley ||
 
 
 ## Statement regarding Log4j (CVE-2021-44228 and related)

cps/constants.py

@@ -154,7 +154,7 @@ def selected_roles(dictionary):
 BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
                                   'series_id, languages, publisher')
 
-STABLE_VERSION = {'version': '0.6.18 Beta'}
+STABLE_VERSION = {'version': '0.6.18'}
 
 NIGHTLY_VERSION = dict()
 NIGHTLY_VERSION[0] = '$Format:%H$'

setup.cfg

@@ -38,6 +38,7 @@ console_scripts =
 [options]
 include_package_data = True
 install_requires = 
+	werkzeug<2.1.0
 	Babel>=1.3,<3.0
 	Flask-Babel>=0.11.1,<2.1.0
 	Flask-Login>=0.3.2,<0.5.1
@@ -52,9 +53,10 @@ install_requires =
 	tornado>=4.1,<6.2
 	Wand>=0.4.4,<0.7.0
 	unidecode>=0.04.19,<1.4.0
-	lxml>=3.8.0,<4.8.0
+	lxml>=3.8.0,<4.9.0
 	flask-wtf>=0.14.2,<1.1.0
 	chardet>=3.0.0,<4.1.0
+	advocate>=1.0.0,<1.1.0
 
 
 [options.extras_require]
@@ -71,7 +73,7 @@ gdrive =
 	PyYAML>=3.12
 	rsa>=3.4.2,<4.9.0
 gmail = 
-	google-auth-oauthlib>=0.4.3,<0.5.0
+	google-auth-oauthlib>=0.4.3,<0.6.0
 	google-api-python-client>=1.7.11,<2.43.0
 goodreads = 
 	goodreads>=0.3.2,<0.4.0
@@ -84,7 +86,7 @@ oauth =
 	SQLAlchemy-Utils>=0.33.5,<0.39.0
 metadata = 
 	rarfile>=3.2
-	scholarly>=1.2.0,<1.6
+	scholarly>=1.2.0,<1.7
 	markdown2>=2.0.0,<2.5.0
 	html2text>=2020.1.16,<2022.1.1
 	python-dateutil>=2.1,<2.9.0

test/Calibre-Web TestSummary_Linux.html

@@ -37,20 +37,20 @@ <h1 id='report_title' class="text-center">Calibre-Web Tests</h1>
       <div class="row">
         <div class="col-xs-6 col-md-6 col-sm-offset-3" style="margin-top:50px;">
 
-            <p class='text-justify attribute'><strong>Start Time: </strong>2022-03-28 21:45:14</p>
+            <p class='text-justify attribute'><strong>Start Time: </strong>2022-04-03 07:19:10</p>
 
         </div>
       </div>
       <div class="row">
         <div class="col-xs-6 col-md-6 col-sm-offset-3">
 
-            <p class='text-justify attribute'><strong>Stop Time: </strong>2022-03-29 03:21:52</p>
+            <p class='text-justify attribute'><strong>Stop Time: </strong>2022-04-03 12:55:38</p>
 
         </div>
       </div>
       <div class="row">
         <div class="col-xs-6 col-md-6 col-sm-offset-3">
-           <p class='text-justify attribute'><strong>Duration: </strong>4h 46 min</p>
+           <p class='text-justify attribute'><strong>Duration: </strong>4h 47 min</p>
         </div>
       </div>
       </div>
@@ -1593,9 +1593,11 @@ <h1 id='report_title' class="text-center">Calibre-Web Tests</h1>
                     </div>
                     <div class="text-left pull-left">
                         <pre class="text-left">Traceback (most recent call last):
-  File &#34;/home/ozzie/Development/calibre-web-test/test/test_edit_books_metadata.py&#34;, line 167, in test_load_metadata
-    self.assertGreaterEqual(diff(BytesIO(cover), BytesIO(original_cover), delete_diff_file=True), 0.05)
-AssertionError: 0.0 not greater than or equal to 0.05</pre>
+  File &#34;/home/ozzie/Development/calibre-web-test/test/test_edit_books_metadata.py&#34;, line 235, in test_load_metadata
+    self.assertEqual(&#34;奇想西遊記1&#34;, results[3][&#39;title&#39;])
+AssertionError: &#39;奇想西遊記1&#39; != &#39;巧讀西遊記&#39;
+- 奇想西遊記1
++ 巧讀西遊記</pre>
                     </div>
                     <div class="clearfix"></div>
                 </div>
@@ -4599,7 +4601,7 @@ <h4 class="panel-title">
 
             <tr>
               <th>Platform</th>
-              <td>Linux 5.13.0-37-generic #42~20.04.1-Ubuntu SMP Tue Mar 15 15:44:28 UTC 2022 x86_64 x86_64</td>
+              <td>Linux 5.13.0-39-generic #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022 x86_64 x86_64</td>
               <td>Basic</td>
             </tr>
 
@@ -4659,13 +4661,7 @@ <h4 class="panel-title">
 
             <tr>
               <th>Flask-WTF</th>
-              <td>1.0.0</td>
-              <td>Basic</td>
-            </tr>
-          
-            <tr>
-              <th>gevent</th>
-              <td>21.12.0</td>
+              <td>1.0.1</td>
               <td>Basic</td>
             </tr>
 
@@ -4719,7 +4715,13 @@ <h4 class="panel-title">
 
             <tr>
               <th>SQLAlchemy</th>
-              <td>1.4.32</td>
+              <td>1.4.34</td>
+              <td>Basic</td>
+            </tr>
+          
+            <tr>
+              <th>tornado</th>
+              <td>6.1</td>
               <td>Basic</td>
             </tr>