Version bump

update dependencies in setup.cfg
Update security bug list

SECURITY.md

@@ -10,21 +10,25 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
 
 ## History
 
-| Fixed in  | Description  |CVE number |
-| ---------- |---------|---------|
-| 3rd July 2018 | Guest access acts as a backdoor||
-| V 0.6.7 |Hardcoded secret key for sessions |CVE-2020-12627 |
-| V 0.6.13|Calibre-Web Metadata cross site scripting |CVE-2021-25964|
-| V 0.6.13|Name of Shelves are only visible to users who can access the corresponding shelf Thanks to @ibarrionuevo||
-| V 0.6.13|JavaScript could get executed in the description field. Thanks to @ranjit-git  and Hagai Wechsler (WhiteSource)||
-| V 0.6.13|JavaScript could get executed in a custom column of type "comment" field ||
-| V 0.6.13|JavaScript could get executed after converting a book to another format with a title containing javascript code||
-| V 0.6.13|JavaScript could get executed after converting a book to another format with a username containing javascript code||
-| V 0.6.13|JavaScript could get executed in the description series, categories or publishers title||
-| V 0.6.13|JavaScript could get executed  in the shelf title||
-| V 0.6.13|Login with the old session cookie after logout. Thanks to @ibarrionuevo||
-| V 0.6.14|CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource)  |CVE-2021-25965|
-| V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo||
+| Fixed in      | Description                                                                                                        |CVE number |
+|---------------|--------------------------------------------------------------------------------------------------------------------|---------|
+| 3rd July 2018 | Guest access acts as a backdoor                                                                                    ||
+| V 0.6.7       | Hardcoded secret key for sessions                                                                                  |CVE-2020-12627 |
+| V 0.6.13      | Calibre-Web Metadata cross site scripting                                                                          |CVE-2021-25964|
+| V 0.6.13      | Name of Shelves are only visible to users who can access the corresponding shelf Thanks to @ibarrionuevo           ||
+| V 0.6.13      | JavaScript could get executed in the description field. Thanks to @ranjit-git  and Hagai Wechsler (WhiteSource)    ||
+| V 0.6.13      | JavaScript could get executed in a custom column of type "comment" field                                           ||
+| V 0.6.13      | JavaScript could get executed after converting a book to another format with a title containing javascript code    ||
+| V 0.6.13      | JavaScript could get executed after converting a book to another format with a username containing javascript code ||
+| V 0.6.13      | JavaScript could get executed in the description series, categories or publishers title                            ||
+| V 0.6.13      | JavaScript could get executed  in the shelf title                                                                  ||
+| V 0.6.13      | Login with the old session cookie after logout. Thanks to @ibarrionuevo                                            ||
+| V 0.6.14      | CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource)                                              |CVE-2021-25965|
+| V 0.6.14      | Migrated some routes to POST-requests (CSRF protection). Thanks to @scara31                                        ||
+| V 0.6.15      | Fix for "javascript:" script links in identifier. Thanks to @scara31                                               ||
+| V 0.6.15      | Cross-Site Scripting vulnerability on uploaded cover file names. Thanks to @ibarrionuevo                           ||
+| V 0.6.15      | Creating public shelfs is now denied if user is missing the edit public shelf right. Thanks to @ibarrionuevo       ||
+| V 0.6.15      | Changed error message in case of trying to delete a shelf unauthorized. Thanks to @ibarrionuevo                    ||
 
 
 ## Staement regarding Log4j (CVE-2021-44228 and related)

cps/constants.py

@@ -151,7 +151,7 @@ def selected_roles(dictionary):
 BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
                                   'series_id, languages, publisher')
 
-STABLE_VERSION = {'version': '0.6.15'}
+STABLE_VERSION = {'version': '0.6.16 Beta'}
 
 NIGHTLY_VERSION = {}
 NIGHTLY_VERSION[0] = '$Format:%H$'

setup.cfg

@@ -54,6 +54,7 @@ install_requires =
 	unidecode>=0.04.19,<1.4.0
 	lxml>=3.8.0,<4.8.0
 	flask-wtf>=0.14.2,<1.1.0
+	chardet>=3.0.0,<4.1.0
 
 
 [options.extras_require]