Cherrymusic

- FEATURE: ... new feature here!
- FIXED:
- IMPROVEMENT:

- FEATURE: Use file metadata when album art fetching (thanks mattss)
- IMPROVEMENT: Switch to iTunes API for album art fetching (thanks mattss)
- IMPROVEMENT: Better filtering of directory names when fetching album art (thanks mattss)

- FIXED: more fixes for cherrypy detection (thanks Isgar)

- FIXED: crash on start when not able to detect cherrypy version

- FEATURE: support for reading MP4 tags
- FIXED: unicode crash when using cherrypy > 5.4
- FIXED: running the server directly on port 80
- FIXED: transcoding of OGG files with other samplerates than 44khz
- IMPROVEMENT: documented --deleteuser and --changepassword switches
- IMPROVEMENT: don't show remaining time in shuffle mode

- FIXED: *Security* CVE-2015-8309 Download of arbitrary files by logged in users (thanks
feedersec)
- FIXED: *Security* CVE-2015-8310 XSS attack by logged-in users (thanks feedersec)
- FIXED: OGA files are now correctly recognized as ogg-audio files
- FIXED: Sorting tracks by track number correctly
- FIXED: Cannot load playlists containing single quotes
- FEATURE: allow reverse-sorting of playlists (thanks pando85)
- FEATURE: Enabled support of ffmpeg to decode ALAC files
- FEATURE: Added optional support for Pillow as Image Library
- IMPROVEMENT: disabled confirm-to-quit message for playlist downloads
- IMPROVEMENT: Updated TinyTag to version 0.10.1 (much faster ID3 parsing)
- IMPROVEMENT: Predictable selection of album-art images (thanks lzh9102)
- FIXED: Removed restrictions for passwords created in CLI