Overview
Request 1008813 accepted
- Update to to 1.36.27
- Use zm_setcookie, which will automatically set samesite on the session cookie.
Maybe fixes [#3517]
- commit to free up locks when there is an error doing MoveTo (like does not exist on disk).
Also remove commit from CopyTo which does no transactions/locking.
- Use y instead of Y for path generation when using Deep scheme. Fixes [#3583]
- Add spans and title attributes on the title h2 parts of frame view so that on mouseover
it tells you what the numbers are
- Update frame view js to use const etc instead of var. Put back EventId and FrameId
in stats being links and fix FrameId not being populated.
If no stats available disable the stats button and use the title to explain why.
- In failure state populate imageData array to reduce output php errors in frame view
- Add connkey and semaphore key to logging about failure to get semaphore.
Add sem_release before every ajaxError call because ajaxError exits
and so we never release the semaphore.
- fix not saving v4l settings.
- Only warn about event exceeding section_length if we are not using close_mode=TIME.
Fixes [#3599]
- make OutputCodec work in API Maybe fixes [#3341]
- Handle filter[query] not being defined
- Fix export not working for filter due to limit set to 0.
- Only look for action if there is a view. Prevents lookup of a non-existent file.
- Include monitor Id in zmwatch logs, for consistency as well as utility
- Escape File parameters when inserting log to prevent XSS. Related to fixing [#2466].
Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
- Only perform actions on post. Doing them on GET allows doing actions without CSRF
from things like img tags which is not good.
Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
- Upgrade jquery to 3.6.1
- Update jquery-ui to 1.13.2 to remove reported dependency advisory
- Fix missing STATE_UNKNOWN in perl libs causing missed events in zmes.
- Add permissions checking to API/Logs. Fixes unprivileged user being to add/edit/delete/view logs.
Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
Request History
ecsos created request
- Update to to 1.36.27
- Use zm_setcookie, which will automatically set samesite on the session cookie.
Maybe fixes [#3517]
- commit to free up locks when there is an error doing MoveTo (like does not exist on disk).
Also remove commit from CopyTo which does no transactions/locking.
- Use y instead of Y for path generation when using Deep scheme. Fixes [#3583]
- Add spans and title attributes on the title h2 parts of frame view so that on mouseover
it tells you what the numbers are
- Update frame view js to use const etc instead of var. Put back EventId and FrameId
in stats being links and fix FrameId not being populated.
If no stats available disable the stats button and use the title to explain why.
- In failure state populate imageData array to reduce output php errors in frame view
- Add connkey and semaphore key to logging about failure to get semaphore.
Add sem_release before every ajaxError call because ajaxError exits
and so we never release the semaphore.
- fix not saving v4l settings.
- Only warn about event exceeding section_length if we are not using close_mode=TIME.
Fixes [#3599]
- make OutputCodec work in API Maybe fixes [#3341]
- Handle filter[query] not being defined
- Fix export not working for filter due to limit set to 0.
- Only look for action if there is a view. Prevents lookup of a non-existent file.
- Include monitor Id in zmwatch logs, for consistency as well as utility
- Escape File parameters when inserting log to prevent XSS. Related to fixing [#2466].
Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433
- Only perform actions on post. Doing them on GET allows doing actions without CSRF
from things like img tags which is not good.
Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q
- Upgrade jquery to 3.6.1
- Update jquery-ui to 1.13.2 to remove reported dependency advisory
- Fix missing STATE_UNKNOWN in perl libs causing missed events in zmes.
- Add permissions checking to API/Logs. Fixes unprivileged user being to add/edit/delete/view logs.
Fixes https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
Monex accepted request
Thank you.
