Changes since 1.36.12
- Change a warning to a Debug when getting the latest image using zmu
- Updates to Axis PTZ script adding support for getting details from Path and fixing support for older cameras
- Fix for update script for 1.35.25 and DayEventDiskSpace
- include user and function error message about insufficient permissions. Will make it easier to figure out who tried what.
- Fix for crash in CSRF
- Fix missing text-right align on Port/Path labels. Set step to 1 for Port
- Remote RTSP camera.
- Fix fail to get Sources in Remote RTSP
- Fix compilation with ffmpeg 5.0
- Implement filter limits. Which go before pagination/advanced search limits
- Fix do_debian_package build script for version = CURRENT style versioning.
- Implement a check on change of language. Make sure that the specified language file exists. Reports errors to UI
- Test for valid language file when saving user.
- add styling for errors reported to ui and include the errors on options view
- Fix zmu device probing
- Change title of v4l settings button to give an indication WHY it isn't enabled
- Convert Fatal()s to Errors() in image viewing. Maybe Fixes [\#3426]
- Include EndDateTimeShort in event stats
- Handle empty endtime (in progress event) more gracefully. If there is a next event just jump to it.
- locking fixes that caused hung zmu and zms processes
- Set mysql character set to utf8 explicitly to support chinese characters (or other special characters).
- escape html in Storage names
- fix auth'd user information being saved to session before switching session id's leaving bogus authenticated user in previous session.
- Fix potential XSS from Username
- Add a pattern filter for Usernames, Group Names and Storage Names to prevent invalid characters and XSS
- Add NOT IN case to filters. Also, fix bad SQL when value evals to false. Test for empty string instead. Fixes #3425
- Fix CURL monitors
- Fix event view corruption caused by changes to the sendfile system call.Fixes #3437
- Add useful title to frame image telling us which we are looking at
- Allow empty sort field when listing events
- Fix error in PTZ control code when no speed has been defined.
- Allow editing of admin user.
- Add more of the resulting SQL to the filter debug modal
- Make filter debug modal work on non-saved filter
- improvements to Event module implementing a Server() function which figures out which Server likely has the video. Use it to remove duplicate logic
- improvements to Zone module Add numCoords, Coords, Area, AlarmRGB to Zone object. Also add Points(), AreaCoords, svg_polygon
- Implement zm_setcookie to simplify setting cookies, set samesite, deal with older php etc
- add loading=lazy to most images to improve page loading
- Don't bother running zmu if monitor Function is set to None
- Add mp4 as an option for generated video and make it the default instead of avi
- Set some new more sensible defaults for various settings including logging, navbar refreshes, full page refreshes and ajax timeouts
- Big update to Control.pm
- Fix for Netcat PTZ using x=0 y=0 for autostop in addition to old stop movement code
- Implement reboot and ping methods for Trendnet PTZ Control
- rough in Url, UrlToZMS PathToZMS PathToIndex, UrlToIndex UrlToApi PathToApi in SERver object
- reduce debug logging in zmaudit
There are fixes in here for 3 vulnerabilities:
Remote code execution by specifying an invalid language found by Krastanoel.
Stored XSS in Username field found by Tester Tester
Session Fixation problem found by Tester Tester.
1.36.13
Full Changelog