- Update to to 1.36.27
  - Use zm_setcookie, which will automatically set samesite on the session cookie.
    Maybe fixes [#3517]
  - commit to free up locks when there is an error doing MoveTo (like does not exist on disk).
    Also remove commit from CopyTo which does no transactions/locking.
  - Use y instead of Y for path generation when using Deep scheme. Fixes [#3583]
  - Add spans and title attributes on the title h2 parts of frame view so that on mouseover
    it tells you what the numbers are
  - Update frame view js to use const etc instead of var. Put back EventId and FrameId
    in stats being links and fix FrameId not being populated.
    If no stats available disable the stats button and use the title to explain why.
  - In failure state populate imageData array to reduce output php errors in frame view
  - Add connkey and semaphore key to logging about failure to get semaphore.
    Add sem_release before every ajaxError call because ajaxError exits
    and so we never release the semaphore.
  - fix not saving v4l settings.
  - Only warn about event exceeding section_length if we are not using close_mode=TIME.
    Fixes [#3599]
  - make OutputCodec work in API Maybe fixes [#3341]
  - Handle filter[query] not being defined
  - Fix export not working for filter due to limit set to 0.
  - Only look for action if there is a view. Prevents lookup of a non-existent file.
  - Include monitor Id in zmwatch logs, for consistency as well as utility
  - Escape File parameters when inserting log to prevent XSS. Related to fixing [#2466].
    Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
  - Only perform actions on post. Doing them on GET allows doing actions without CSRF
    from things like img tags which is not good. 
    Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
  - Upgrade jquery to 3.6.1
  - Update jquery-ui to 1.13.2 to remove reported dependency advisory

• Files Changed
• Browse Source