The Memory Remains 1.36.20

Changes since 1.36.19

• When deleting events add a progress ticker and delete in chunks of 10 so that deleting a lot of events works. Fixes [#3444]
• Fix semaphore getting failing when php doesn't have semaphore support
• Handle php versions < 5.6.1 which don't have non-blocking semaphore fixes flashing streams with lots of errors in logs
• Escape single quotes in config values. Fixes broken UI due to broken js. Fixes [#3508]
• replace all uses of strftime which was deprecated in php8.1. So we now work with php8.1.
• introduce new date formatting code and a locale setting separate from language. Allow full customisation of date/time formatting. Fixes [#183]. You likely want to specify Options->System->DateTime Format as the default will include timezone information. One example is: yyyy/MM/dd HH:mm:ss
• Format the output of getLoad to two decimal places
• Add a reorder_queue to videostore. This is needed if you are getting out of order dts errors in your logs. Use it by adding a reorder_queue_size= to EncoderOptions. I think a good value is something like the keyframe interval. Have had good luck with a setting of 10. YMMV.
• Center the up/down arrows in console Mark column
• Don't turn '0' into '' in monitor edit
• Use Content-Security-Policy: for all views instead of Report-Only
• fix possible packetqueue hang on logrotate
• Don't cache_bust bootstrap, because it loads the .map and logs an error
• Remove dependency on php-apc
• Add php-intl as a dependency
• fixes to viewing h265 videos as mjpeg including
• remove username/passwords in logs instead of just masking them, as masking gives info about length.
• translate more strings in the UI

Full Changelog: 1.36.19...1.36.20

The Memory Remains 1.36.19

No changes, just a version bump to satisfy the PPA.

The Memory Remains 1.36.18

Changes since 1.36.17

• use zm_setcookie function to save MontageLayout value. fixes new layout not being automatically chosen on save.
• fix editing a montage layout. For some reason removing onclick event isn't working, so use a global state variable instead.
• fix multiple linked monitor or group selection by not trimming values of select elements
• Add Private field to config (from master). Do not include private config entries in javascript client side.
• Do not include config in javascript client side if not logged in.

Full Changelog: 1.36.17...1.36.18

The Memory Remains 1.36.17

Changes since 1.36.16

• Small adjustments to sizing/placement of shutdown button, status button and account text
• Implement CTRL-click on montagereview to open event in a new tab/window
• report errors from saving a new monitor to ui
• Put back click on image in montage to bring live view
• fix errors saving a new monitor
• fix image scaling on live view/cycle/montage
• implement ctrl-click on montage to open single live view in a new window/tab
• implement semaphore retry when talking to zms
• don't delete .sock files in zms which should reduce zms errors
• start streams in single jpeg mode and then have monitorStream turn them on to streaming

Full Changelog: 1.36.16...1.36.17

The Memory Remains 1.36.16

Changes since 1.36.15

• Fix packetqueue not emptying and deadlock in event writer
• fixes to build on ubuntu bionic
• Set samesite for session ZMSESSID cookie for php < 7.3
• Fix numbering of State enum
• more fixes to scaling and image loading in watch/montage/zones/zone
• fix lots of zms errors in logs
• fix broken audio storage
• fix zmc getting restarted if decoding falls too far behind
• fix export
• fix crash when zone is entirely out of the image
• stop the dbqueue before closing logs. Fixes zms/zmu hangs
• Only keep ZM_COOKIE_LIFETIME entries in Sessions.Prevents millions of sessions from preventing the logout modal to load.
• fix password entries not being upgraded on login.
• debug log the keyframe interval found in the packetqueue
• Don't delete socket in zms as it is a race condition.
• remove lots of debug
• Introduce System setting in config entries which makes them only settable in /etc/zm/.conf files. This is to prevent remote code execution by setting ZM_PATH_FFMPEG. Vulnerability found by Iliya Yatsenko (Positive Technologies)
• Use Content-Security-Policy: for all views instead of Report-Only. This prevents an XSS attack using ZM_HOME_CONTENT found by Iliya Yatsenko (Positive Technologies)
• fix apache complaining about bad headers when using zms instead of nph-zms and getting a 403.
• queue stream requests so that only 1 runs at a time.
• Merge MonitorStream features from master.
• Update montage layouts to fill the available space
• when streaming, start with single image and use javascript to start up the stream and ajax status requests. Fixes brokenness with 4k cameras
• The entire configuration is now available to javascript land as constants
• fix the border changing colour on alarm etc.
• When clicking cancel on zone edit, go back instead of reload
• fix duplicated action on force/cancel alarm buttons on watch view
• Don't update DiskSpace with a 0 value when listing events. This generally happens with missing events and causes too much contention on the Events and summaries tables
• Fix centering when zooming when clicking on image and improve fidelity
• zoom by 10% instead of 25% and remove the limit so you can now zoom in forever.

Full Changelog: 1.36.15...1.36.16

The Memory Remains 1.36.15

Changes since 1.36.14

• Merge @alabamatoys' work to add focus controls to Amcrest PTZ
• Ensure rate is an integer when coming from cookie. Remove commented out rate display.
• INF logging of alarm frames in alert state changed to debug
• remove error about last analyse time being zero, which is very common on startup. Not an error.
• Fix issue with leftover zms processes
• Rough in a queue and a thread into the event to process packets. We do this so that the event creator can get back to analysis as fast as possible so as to avoid the packetqueue filling up.
• Fix FFMPEG5 build
• Introduce mask_authentication function to replace username and password with * in url like strings
• Fix lockups due to lack of locking around terminate_
• Merge more code from master fixing up when to clearPackets, don't delete image data if we have an event etc.
• Fixes to layout and scaling of image stream on watch and montage cycle and zone edit views
• auto-select layout instead of defaulting to Freeform.
• Fix problem viewing stream in Safari
• Rename Scale To Fit to Auto. Fix logic when selecting Width/Height/Scale/Layout
• trim whitespace at beginning and end of monitor settings
• Add support for Ubuntu Jammy
• Reduce warnings logged when the packetqueue is full
• Make a warning into a debug in zmdc when restarting a process.
• Merge UpdateCaptureFPS and UpdateAnalysisFPS into 1 SQL Update
• Change zms to stick around and wait for zmc to come back
• Disconnect and Reconnect in PrimeCapture instead of in constructor and destructor. Fixes camera not reconnecting when using Remote RTSP
• Move CMD_ defines to skin.js.php so that they are available everywhere
• Remove loading=lazy as it causes problems with ajax Querying
• Set width of 200px for cycle sidebar
• remove :'s in labels cycle header to be consistent
• handle undefined HTTP_REFERER, and escape zone name in zone edit
• Merge from debian patch 0001-Adapt-apache2.conf-to-work-out-of-the-box.patch
• Use toLocaleString to format fps values with 1 decimal
• Fix points not unhighlighting onmouseout on zone edit
• Fix lockup on logrot by not releasing the event lock
• Remove timeout on ajax call to generate the zip. Fixes [#3264\
• Improve error message when sws_scale fails
• Set samesite for session ZMSESSID cookie for php < 7.3
• Don't assuming we want to communicate with zms if streaming.
• Introduce packetqueue::stop which just sets the deleting flag and sends out a notify.
• We have to update start_usec not just start. Fixes [#3439]

Full Changelog: 1.36.14...1.36.15

The Memory Remains 1.36.14

Changes since 1.36.13

• Fix test for chrome version 7 by not including periods. Fixes broken event with new Chrome
• more fixes for compiling against ffmpeg5. Doesn't yet compile though.
• fix broken PTZ
• remove debugging for displaying ram use estimate in monitor

Full Changelog: 1.36.13...1.36.14

The Memory Remains 1.36.13

Changes since 1.36.12

• Change a warning to a Debug when getting the latest image using zmu
• Updates to Axis PTZ script adding support for getting details from Path and fixing support for older cameras
• Fix for update script for 1.35.25 and DayEventDiskSpace
• include user and function error message about insufficient permissions. Will make it easier to figure out who tried what.
• Fix for crash in CSRF
• Fix missing text-right align on Port/Path labels. Set step to 1 for Port
• Remote RTSP camera.
• Fix fail to get Sources in Remote RTSP
• Fix compilation with ffmpeg 5.0
• Implement filter limits. Which go before pagination/advanced search limits
• Fix do_debian_package build script for version = CURRENT style versioning.
• Implement a check on change of language. Make sure that the specified language file exists. Reports errors to UI
• Test for valid language file when saving user.
• add styling for errors reported to ui and include the errors on options view
• Fix zmu device probing
• Change title of v4l settings button to give an indication WHY it isn't enabled
• Convert Fatal()s to Errors() in image viewing. Maybe Fixes [#3426]
• Include EndDateTimeShort in event stats
• Handle empty endtime (in progress event) more gracefully. If there is a next event just jump to it.
• locking fixes that caused hung zmu and zms processes
• Set mysql character set to utf8 explicitly to support chinese characters (or other special characters).
• escape html in Storage names
• fix auth'd user information being saved to session before switching session id's leaving bogus authenticated user in previous session.
• Fix potential XSS from Username
• Add a pattern filter for Usernames, Group Names and Storage Names to prevent invalid characters and XSS
• Add NOT IN case to filters. Also, fix bad SQL when value evals to false. Test for empty string instead. Fixes [#3425]
• Fix CURL monitors
• Fix event view corruption caused by changes to the sendfile system call.Fixes [#3437]
• Add useful title to frame image telling us which we are looking at
• Allow empty sort field when listing events
• Fix error in PTZ control code when no speed has been defined.
• Allow editing of admin user.
• Add more of the resulting SQL to the filter debug modal
• Make filter debug modal work on non-saved filter
• improvements to Event module implementing a Server() function which figures out which Server likely has the video. Use it to remove duplicate logic
• improvements to Zone module Add numCoords, Coords, Area, AlarmRGB to Zone object. Also add Points(), AreaCoords, svg_polygon
• Implement zm_setcookie to simplify setting cookies, set samesite, deal with older php etc
• add loading=lazy to most images to improve page loading
• Don't both running zmu if monitor Function is set to None
• Add mp4 as an option for generated video and make it the default instead of avi
• Set some new more sensible defaults for various settings including logging, navbar refreshes, full page refreshes and ajax timeouts
• Big update to Control.pm
• Fix for Netcat PTZ using x=0 y=0 for autostop in addition to old stop movement code
• Implement reboot and ping methods for Trendnet PTZ Control
• rough in Url, UrlToZMS PathToZMS PathToIndex, UrlToIndex UrlToApi PathToApi in SERver object
• reduce debug logging in zmaudit

There are fixes in here for 3 vulnerabilities:
Remote code execution by specifying an invalid language found by Krastanoel.
Stored XSS in Username field found by Tester Tester
Session Fixation problem found by Tester Tester.

Full Changelog: 1.36.12...1.36.13

The Memory Remains 1.36.12

Changes since 1.36.11

• Allow NOW or CURRENT for PACKAGE_VERSION similar to snapshot in do_debian_package.sh
• Fix lack of scaling when TIMESTAMP_ON_CAPTURE is off
• Fix deleting from event view.
• Pause streaming before delete to prevent errors being logged due to missing files
• documentation fixes
• Fix NULL and add special 0 case for Storage area specification in filter
• Handle bug where a value of '' will prevent special case handling in filter rules
• Allow '' to mean NULL when specifying Storage Area
• include monitor dimensions when logging about zone mismatch
• Remove text-nowrap from cause/notes column
• If we are starting a process that is waiting to term, mark it to get started by the reaper. Fixes case where zmdc thought the process was still running and so didn't start it. We never noticed because zmwatch would eventually notice. The result is instant restart.
• kill the background timer when switching to history so that we don't cause a javascript error
• Detect group hierarchy loops and break them.
• clear the monitors array before terminating log. Might fix zmu hangs
• Add auth relay to status ajax request fixing logged 404 error
• Wait for closeEvent thread to finish. Fixes unfinished event when zmc told to restart
• Fix libvnc_camera so that we don't crash on Reload
• Fix build on FreeBSD/armv7

1.36.12

Full Changelog

The Memory Remains 1.36.11

Changes since 1.36.10

• fixes to do_debian_package.sh
• Fix Event count subsitutions in emails
• Fix locking in CopyTo and MoveTo filter functions
• Fix super fast playback after switch to next event
• Allow orderings set by filters to work in event listing. Fixes [#3348]
• Handle auth to mysql problems during postinst more gracefully
• fix validInt to take negative integers. Introduce validCardinal to handle positive integers
• Put back generate video button in event view
• Add Debian 11 (Bullseye) install docs
• Italian translation updates
• set rows on email body textarea
• Restore download buttons behaviour on event view. It should just download the mp4.
• fix javascript error if download button doesn't exist because there is no mp4
• Set Locale for time to en_GB.utf8, changed STRF_FMT_DATETIME_SHORTER to %x which is locale aware short date
• Fix filters not deleting
• Make delete dialog disappear on success. Fixes [#3377]
• Set character set as utf8 when connect to mysql to avoid mistakes when there are Chinese characters in storage path.
• Fix event listing when not paginated.
• Fix logged errors when av_write_trailer returns a positive value
• alert error message when an error is returned instead of rows in events list ajax
• Report error if sql fails. Add check for access to specific event in events listing
• Set zm_terminate on crash so that other threads exit instead of continuing
• Don't exit(0) on QUIT in zms. Instead set zm_terminate=true so that all the cleanup routines run. Fixes swap files not being deleted.
• fix build on posix/musl
• Add privacy to options tabs so we can get back to it.
• Send all stats rows instead of just 1 so that you can view stats for all zones
• implement UrlToZMS in Monitor.php
• implement Event::canEdit
• When saving v4l settings redirect back to watch instead of console.
• Add title to Download button so you can see the expected filename.

1.36.11

Full Changelog