Released 1.36.13 The Memory Remains

Information and announcements regarding the website and forums in general.
Post Reply
User avatar
iconnor
Posts: 2862
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Released 1.36.13 The Memory Remains

Post by iconnor »

Changes since 1.36.12

- Change a warning to a Debug when getting the latest image using zmu
- Updates to Axis PTZ script adding support for getting details from Path and fixing support for older cameras
- Fix for update script for 1.35.25 and DayEventDiskSpace
- include user and function error message about insufficient permissions. Will make it easier to figure out who tried what.
- Fix for crash in CSRF
- Fix missing text-right align on Port/Path labels. Set step to 1 for Port
- Remote RTSP camera.
- Fix fail to get Sources in Remote RTSP
- Fix compilation with ffmpeg 5.0
- Implement filter limits. Which go before pagination/advanced search limits
- Fix do_debian_package build script for version = CURRENT style versioning.
- Implement a check on change of language. Make sure that the specified language file exists. Reports errors to UI
- Test for valid language file when saving user.
- add styling for errors reported to ui and include the errors on options view
- Fix zmu device probing
- Change title of v4l settings button to give an indication WHY it isn't enabled
- Convert Fatal()s to Errors() in image viewing. Maybe Fixes [\#3426]
- Include EndDateTimeShort in event stats
- Handle empty endtime (in progress event) more gracefully. If there is a next event just jump to it.
- locking fixes that caused hung zmu and zms processes
- Set mysql character set to utf8 explicitly to support chinese characters (or other special characters).
- escape html in Storage names
- fix auth'd user information being saved to session before switching session id's leaving bogus authenticated user in previous session.
- Fix potential XSS from Username
- Add a pattern filter for Usernames, Group Names and Storage Names to prevent invalid characters and XSS
- Add NOT IN case to filters. Also, fix bad SQL when value evals to false. Test for empty string instead. Fixes #3425
- Fix CURL monitors
- Fix event view corruption caused by changes to the sendfile system call.Fixes #3437
- Add useful title to frame image telling us which we are looking at
- Allow empty sort field when listing events
- Fix error in PTZ control code when no speed has been defined.
- Allow editing of admin user.
- Add more of the resulting SQL to the filter debug modal
- Make filter debug modal work on non-saved filter
- improvements to Event module implementing a Server() function which figures out which Server likely has the video. Use it to remove duplicate logic
- improvements to Zone module Add numCoords, Coords, Area, AlarmRGB to Zone object. Also add Points(), AreaCoords, svg_polygon
- Implement zm_setcookie to simplify setting cookies, set samesite, deal with older php etc
- add loading=lazy to most images to improve page loading
- Don't bother running zmu if monitor Function is set to None
- Add mp4 as an option for generated video and make it the default instead of avi
- Set some new more sensible defaults for various settings including logging, navbar refreshes, full page refreshes and ajax timeouts
- Big update to Control.pm
- Fix for Netcat PTZ using x=0 y=0 for autostop in addition to old stop movement code
- Implement reboot and ping methods for Trendnet PTZ Control
- rough in Url, UrlToZMS PathToZMS PathToIndex, UrlToIndex UrlToApi PathToApi in SERver object
- reduce debug logging in zmaudit

There are fixes in here for 3 vulnerabilities:
Remote code execution by specifying an invalid language found by Krastanoel.
Stored XSS in Username field found by Tester Tester
Session Fixation problem found by Tester Tester.

1.36.13
Full Changelog
Post Reply