diff --git a/CHANGELOG.md b/CHANGELOG.md
index 242d7ee..8a16046 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## v2.0.8
+Released 29th November 2017 (by Heruwar)
+* Fixes a security issue where the password is sent as plaintext in the URL query parameters when methods from libsonic_extas are used. 
+Also adds Subsonic hex encoding when using legacy auth.
+* Adds support for URL paths like https://hostname.com/subsonic as requested in Github issue #17 and also encountered in some of the reports (#14 and #5)
+* Fixes an error when the password only contains digits, which simpleplugin converts to a Long, which later fails when libsonic tries to salt the password expecting a string.
+
 ## v2.0.7
 Released 18 April 2017
 * Added Search (by silascutler)
diff --git a/addon.xml b/addon.xml
index ac8620e..c630c93 100644
--- a/addon.xml
+++ b/addon.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<addon id="plugin.audio.subsonic" name="Subsonic" version="2.0.7" provider-name="BasilFX,grosbouff,silascutler">
+<addon id="plugin.audio.subsonic" name="Subsonic" version="2.0.8" provider-name="BasilFX,grosbouff,silascutler,Heruwar">
 <requires>
     <import addon="xbmc.python" version="2.14.0"/>
     <import addon="script.module.dateutil" version="2.4.2"/>
diff --git a/lib/libsonic_extra/__init__.py b/lib/libsonic_extra/__init__.py
index 606c678..b490a39 100644
--- a/lib/libsonic_extra/__init__.py
+++ b/lib/libsonic_extra/__init__.py
@@ -60,10 +60,11 @@ class SubsonicClient(libsonic.Connection):
         # Pick a default port
         host = "%s://%s" % (scheme, parts.hostname)
         port = parts.port or {"http": 80, "https": 443}[scheme]
+        path = parts.path.rstrip('/') + '/rest'
 
         # Invoke original constructor
         super(SubsonicClient, self).__init__(
-            host, username, password, port=port, appName='Kodi', apiVersion=apiversion, insecure=insecure, legacyAuth=legacyauth)
+            host, username, password, port=port, serverPath=path, appName='Kodi', apiVersion=apiversion, insecure=insecure, legacyAuth=legacyauth)
 
     def getIndexes(self, *args, **kwargs):
         """
@@ -292,7 +293,8 @@ class SubsonicClient(libsonic.Connection):
             parts = list(urlparse.urlparse(
                 args[0].get_full_url() + "?" + args[0].data))
             parts[4] = dict(urlparse.parse_qsl(parts[4]))
-            parts[4].update({"u": self.username, "p": self.password})
+            if self._legacyAuth:
+                parts[4].update({"u": self.username, "p": 'enc:%s' % self._hexEnc(self._rawPass)})
             parts[4] = urllib.urlencode(parts[4])
 
             return urlparse.urlunparse(parts)
diff --git a/main.py b/main.py
index b31e898..e30871e 100644
--- a/main.py
+++ b/main.py
@@ -51,8 +51,8 @@ def get_connection():
         try:
             connection = libsonic_extra.SubsonicClient(
                 Addon().get_setting('subsonic_url'),
-                Addon().get_setting('username'),
-                Addon().get_setting('password'),
+                Addon().get_setting('username', convert=False),
+                Addon().get_setting('password', convert=False),
                 Addon().get_setting('apiversion'),
                 Addon().get_setting('insecure') == 'true',
                 Addon().get_setting('legacyauth') == 'true',