I erased.

Currently Airsonic has a reproducible Path search bug.
The content is very related to this PR ... what next?
Do you want to handle here or issue ?

I would prefer to have it in a new issue :)

If you scan with a specific pass pattern, the data is corrupted and incorrect search.
(I thought it was related to this PR, but it might not be related ...)
I'll Investigate a little more the playback procedure and then write a new issue.

As for the scan, it seems that my confirmation was missing.
It used to be confused with the problem of nesting of directories with reported examples and children not being updated.

I wrote a new issue for shuffle false search.

Earlier, I wrote that my clones contained some spec changes.
That is the problem above.
Folders are excluded from queries, and path comparisons exact-match.
This is a simpler solution as Japanese are traditionally plagued by native language pass strings.
There is a bug in path comparison, and folder specification is only a factor of false search.

Doing the same with Airsonic means that removes folder condition from query.
If legacy should be respected, There is a alternative proposal such as :

• update as it is
• change the analysis of the FOLDER field to PathHierarchyTokenizer or a new dedicated PathTokenizer.

The most reliable and robust is to modify the logic so that the path comparison will be done by exact-match.
In my clone, I deleted the folder from the search condition, but can keep this condition by using another index.

In such a design, boost value(current dead code) allows for score adjustments.
I think the first design idea was like that.

Currently legacy code is implemented to reduce index size, in exchange for inaccuracies.
This is a tricky approach that is difficult to understand without careful reading.

In any case there is a better solution.
The benefits of Lucene's version upgrade outweigh the slight increase in processing.
(Memory improvement, index compression rate, search speed improvement, etc.)
If that is determined to be necessary, it is good to change to a better process.

I like the idea of changing the analysis of the FOLDER field to PathHierarchyTokenizer or a new dedicated PathTokenizer.

Worse case, increasing the size of the index is completely acceptable in my opinion.

It solved by doing some experiments.

In my clone, I wrote that the folder contains specification changes.
Not SpanOr but Or.
When I verified this accurately, the current SpanOr implementation can not be migrated to 7.x due to technical limitations.
(Available with the expert option. . .)

Legacy saves the path as follows:
In 7.x, SpanOr can not be used for NO_NORMS.

doc.add(new Field(FieldNames.FOLDER, mediaFile.getFolder(), Field.Store.NO,　Field.Index.NOT_ANALYZED_NO_NORMS

When Path is processed with Single Token by KeywordAnalyzer instead of NO_NORMS, Spanor can be used.
(Of course it is an undesirable implementation. For verification.)
In this case, if there are Music Folders such as Music, Music2 and Music3, misanalysis occurs.
For example, shuffle search will pick up the mess.
The result that can be observed by the user is a bug close to #1139.
But the cause is a potential defect different from #1139.

There is another legacy mysterious behavior.

"+((art:abc* f:abc*) (art:def* f:def*)) +spanOr([f:" + PATH1 + "])",

The path of Music Folder is specified in the main query, and comparison with the input value is performed.

I think this is not a meaningful specification.
(I do not understand unless I ask the author)

• Folder is specified as NO_NORMS at the time of document generation. At least not related to scoring
• However, since Folder is explicitly added to IndexType, it is analyzed by MultiFieldQueryParser. Due to the input is affected evil by analysis by MultiFieldQueryParser and there is no substantial meaning as a search of Folder

The correspondence method is either of the following:

• The intention is unknown but to be implement as it is (It does not function as a proper search condition).
• To be omit it because it causes false search.
• Direct search of music folders is considered as a requirement for user, so to be fix.

In the case of the third policy, search will be realized using PathHierarchyTokenizer, KeywordTokenizer and PathTokenizer etc...

Besides replacing the simple API syntax, rewriting SpanOr to Or is a condition for updating.
UAX#29 needs some confirmation about the handling of the underbar.

I can create a PR keeping this in mind.

It's ok to break retro-compatibility: nobody is going to complain that the search is working way better :D

I will create a PR from this.

If you want to increase the variation of the test and apply it after and before the update, it is useful if the PR so far is merged into the master or the verification branch.
If you want to make a decision on discard including push after this, I will push on this PR.
(Which one is better?)

If you want to postpone the decision to discard , there are also ideas to improve the Reader and include it in the evaluation..

The overall performance by the upgrade tends to improve, but the search overhead time increases by about 1 ms.
It will be improved by reusing the reader.

Reader is open every search and not closed 😣
it is recommended to fix.
I'll push in succession if necessary.

MediaScannerService#
deleteOldIndexFiles() probably does not work.

It is a mechanism to change the generation of an existing index.
Database schemas also have generation management, but they can be thought of as similar roles.

This does not have to be immediate, but a fix in the future is ​​desirable.

I'm ok with merging this PR so you can work on top of the master, since it's making the code a bit more clear: everyone prefers to review small PR, instead of massive ones.

But I would like that at least someone else review this PR, since it's moving a lot of things around.

Please close the Reader and fix deleteOldIndexFiles method is possible :)

For the time being, i will proceed locally.
Once the policy is decided, I'll PR it to the desired location.

I hope the tests are done as thoroughly as possible.
I will do my best as much as possible, but it would be better if different people would be involved.

I`ll correct the point you pointed out.

There are currently inevitable CVE issues in Airsonic.
I may not be able to respond immediately.

spring-security-core-4.2.12.RELEASE.jar
(cpe:/a:pivotal_software:spring_security:4.2.12,
 org.springframework.security:spring-security-core:4.2.12.RELEASE) : CVE-2019-11272

spring-security-ldap-4.2.12.RELEASE.jar
(org.springframework.security:spring-security-ldap:4.2.12.RELEASE,
 cpe:/a:pivotal_software:spring_security:4.2.12,
 cpe:/a:pivotal_software:spring-ldap:4.2.12) : CVE-2019-11272

tomcat-embed-core-8.5.40.jar
(org.apache.tomcat.embed:tomcat-embed-core:8.5.40,
 cpe:/a:apache_software_foundation:tomcat:8.5.40,
 cpe:/a:apache_tomcat:apache_tomcat:8.5.40,
 cpe:/a:apache:tomcat:8.5.40) : CVE-2019-10072

jackson-databind-2.9.9.jar
 (cpe:/a:fasterxml:jackson:2.9.9,
  cpe:/a:fasterxml:jackson-databind:2.9.9,
  com.fasterxml.jackson.core:jackson-databind:2.9.9) : CVE-2019-12814

Jdom2.x exists in Airsonic classpath.

$ mvn dependency:tree | grep -i jdom
[INFO] +- org.jdom:jdom:jar:2.0.2:compile

In this case, jackson-databind causes a security issue.
There is no effective countermeasure at present.

The 2.9.9.1 or 2.10.0 release of jackson-databind is planned and is pending for several days.
It may be easier if this is released.

@tesshucom id rebase with master. those cve issues should be fixed there.

I understand.
It was already solved in upstream!

Looks good. Can you rebase? (I can too if you want).

I'll leave it to you which granularity of rebase is appropriate!

Rebased in 767b39e