This is largely a fixes & polish release. There are a number of bug fixes and security improvements in here.

We DO NOT RECOMMEND running any prior version of zoneminder

Upgrading from 1.32.3 should be relatively painless although if your Logs table is large it may take some time to update it.

Security fixes:

We no longer store passwords using mysql's built-in password encryption.
We now support a modern JWT access token system
Replaced a lot of inline javascript.
There were a number of XSS and SQL injection issues fixed.
CVE-2019-13072
CVE-2019-6777

Other changes:

When adding a new monitor a random colour will be assigned to it instead of red.
We now have a handy resolution dropdown to help prevent typos in the width & height fields
Support for mysql8
Support for php 7.4
Can now delete database log entries for the logs popup
Timezone setting moved from php.ini to Options -> System
ffmpeg hwaccel support for h264 decoding
Improved recording to mp4 with audio
Added ZM_LOG_FFMPEG options which captures ffmpeg debug messages properly which can really help with debugging.
Added ability to use zms to stream mjpeg when the video is stored as h265. Most browsers can't play h265 so this allows you to use passthrough mode with an h265 camera and still watch the video.
Filters now have a Copy To action which copies the event files to a second storage area
We now display additional event information such as that generated by event server object detection

To update to this release on Ubuntu, you will need to add the new ppa
sudo add-apt-repository ppa:iconnor/zoneminder-1.34

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. ZoneMinder is a community project. As such, we are constantly in need of those willing to volunteer their time to maintain and improve it, whether that be writing code, answering questions in the forum, or updating our documentation. Please consider helping us.

Change Log

1.34.0 (2020-01-15)

Full Changelog

Merged pull requests:

add 3840x2160 4k UHD to monitor dropdown #2804 (PrplHaz4)
fix tar invocation for *BSD platforms #2801 (DKnight110)
fix JWT access token always being 1 hr #2790 (pliablepixels)
Random web colour #2789 (connortechnology)
Fixed unquoted variable which was failing to correctly detect error case #2788 (anon8675309)
Add empty array value for terms when there isn't any #2785 (connortechnology)
fix #2771. #2780 (connortechnology)
Test for null in user before testing for access in CanEdit et all #2776 (connortechnology)
Apply relevant changes to deal with php7,4 deprecations #2775 (connortechnology)
dirty fix filtering Monitors by GroupId. #2774 (connortechnology)
Fix api alarm auth #2769 (connortechnology)
Correct video buffer length when analysis and capture fps differ #2768 (selvanair)
Fix 2692 #2767 (connortechnology)
Update api.rst #2765 (pliablepixels)
Its not necessary the token is a refresh. Can also be empty #2763 (pliablepixels)
typo fix #2759 (pliablepixels)
add note on API wrapper #2754 (pliablepixels)
Add storage docs #2752 (Tsopic)
add model validation so that we don't create empty monitors #2749 (pliablepixels)
Fix 2745 #2746 (connortechnology)
1 34 docs update #2743 (pliablepixels)
align with other filter options #2727 (externo6)
More filter options #2726 (externo6)
Fix ZM slack join link #2722 (pliablepixels)
Update ISSUE_TEMPLATE.md #2721 (arushipandit)
Remove dash from IPCC7210W.pm #2719 (Simpler1)
Add delete from logs ajax capability. Make the clear button use it. … #2715 (connortechnology)
Add setting of timezone to Options/Config instead of php.ini #2714 (connortechnology)
Fix 2705 #2706 (connortechnology)
general clean of onvif probe view. Use buttons instead of inputs and… #2704 (connortechnology)
Fix auth timing out due to cookie timing out and getting deleted. #2698 (connortechnology)
In production mode, debug should be 0 #2697 (pliablepixels)
fixes #2694 #2696 (connortechnology)
Fix token auth sessions #2695 (connortechnology)
Tweaks to the ubuntu installation instructions #2688 (raboof)
Fix iOS autocapitalizing username field on login #2687 (PauliusGedrikas)
Add code to handleDelay to cancel identical delayed actions. Fixes #2619 #2681 (connortechnology)
Update faq.rst: Timezone issue. #2680 (Tsaukpaetra)
Fix token auth sessions #2676 (connortechnology)
Fix 2673 #2675 (connortechnology)
Fix download and export button from events list. Fixes #2668 #2670 (connortechnology)
Filter add copy #2669 (connortechnology)
Alarm api #2665 (pliablepixels)
fixed ffmpeg log association to zm log levels #2664 (pliablepixels)
Demote token log #2663 (pliablepixels)
Fixes #2579 by putting the event Id into an attribute of the delete b… #2662 (connortechnology)
Add primary keys to Logs and Stats tables #2653 (bluikko)
simplify rtfm step #2650 (CanOfSpam3)
Explicitly link with libdl #2649 (JohnAZoidberg)
Revert audio sync fixes #2646 (connortechnology)
Fix zmcrypt message #2645 (pliablepixels)
End continuous events on alarm #2644 (connortechnology)
fix for zone overlay scaling issues in montage #2643 (tolland)
add event file system path to API #2639 (pliablepixels)
improve watch view zoomin/out ui #2638 (connortechnology)
fixes #2294 #2637 (connortechnology)
Fixing translations on console view #2635 (fri-K)
Completed Polish translation #2634 (fri-K)
add options help to linked monitors option #2633 (tolland)
When writing MP4 sample, save buffer.size() into a temporary variable #2628 (arrowd)
remove a password log, corrected PHP version in log #2627 (pliablepixels)
check for API disabled only when auth is on #2624 (pliablepixels)
fix #2622 #2623 (zhuykovkb)
WIP: Add pagination to frames.php in classic #2618 (tolland)
test for error code from db creation and die on error #2611 (connortechnology)
State Fixes #2604 (connortechnology)
Spelling and grammar fixes in help #2603 (jimender2)
Another attempt to fix Dahua SQL Control values #2600 (cnighswonger)
Replace MySQL Password() with bcrypt, allow for alternate JWT tokens #2598 (pliablepixels)
ifdef HAVE_ZLIB_H around code that uses Image->Zip #2597 (connortechnology)
FIFO support for zoneminder zone debugging #2594 (mitchcapper)
Netcat ONVIF: adding ONVIF authentication #2591 (redaco)
Netcat ONVIF: Added support for "profile token" #2589 (redaco)
Use GREATEST function prevent negative values in event counts #2587 (connortechnology)
Update url to donate page #2586 (steveroot)
Fixing video export view #2585 (gonzalezcalleja)
Update Debian Instructions #2584 (alexfornuto)
Alarm cause fix #2582 (pliablepixels)
Revert "Alarm cause fix" #2581 (connortechnology)
Alarm cause fix #2580 (pliablepixels)
Revert "Alarm cause fix" #2581 (connortechnology)
Alarm cause fix #2580 (pliablepixels)
Fix image path #2576 (andornaut)
Add shutdown capability #2575 (connortechnology)
added support for named params to consoleEvents #2571 (pliablepixels)
Installation guide for Debian Stretch #2570 (aktarus82)
daemonize zmcontrol #2563 (knight-of-ni)
Added and edited tranlations to ru_ru.php #2562 (santos995)
Add camera relative iris control methods #2557 (cnighswonger)
Camera reboot function #2554 (cnighswonger)
Dahua control improvements #2552 (cnighswonger)
Use zm_session_start() for API auth. Fixes #2547 #2549 (mnoorenberghe)
Don't scroll to the top of the page when force/cancel alarm is clicked #2548 (mnoorenberghe)
Fix for file and curl camera sources #2545 (rpdrewes)
Php namespace #2537 (connortechnology)
Add support for control of Amcrest cameras #2536 (cnighswonger)
fix slack join link #2535 (pliablepixels)
Update and fix privacy view #2534 (connortechnology)
need to prefix with _dir_ otherwise relative to initial script #2531 (mitchcapper)
don't quote dbEscape values it will quote it already #2529 (mitchcapper)
Fixed typo in options_logging userguide #2526 (j-marz)
Use buttons instead of divs and inputs #2522 (connortechnology)
Fix comment about hiding navbar #2521 (timwsuqld)
rough in a control function in Filter object. Use it to start/stop z… #2518 (connortechnology)
Fix API SQL Injection #2517 (mnoorenberghe)
event.js: Wait for delete request to succeed before navigating. #2515 (mnoorenberghe)
show object detected file, if object detection in place #2514 (pliablepixels)
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view #2511 (mnoorenberghe)
Cleanup old files #2509 (SteveGilvarry)
Set CSRF on as the default for new installs. Fixes #2507 #2508 (SteveGilvarry)
added object detection frame rendering #2505 (pliablepixels)
Update version view #2488 (connortechnology)
Improve session #2487 (connortechnology)
Validate zmu Username and Password lengths #2484 (SteveGilvarry)
Now that we are dynamically allocating safer_username and safer_passw… #2483 (connortechnology)
Fixes 2478 Remove overrun possibility #2482 (SteveGilvarry)
Fix zones.php self-xss. Fixes #2444 #2481 (mnoorenberghe)
Enforce CSP on many more views #2480 (mnoorenberghe)
Fix name/protocol XSS in controlcaps.php. Fixes #2445 #2479 (mnoorenberghe)
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src #2439 (mnoorenberghe)
Filter improvements #2438 (connortechnology)
Fix zone area calculation #2437 (montagdude)
Validate cnj, obr, and cbr arguments in parseFilter #2434 (mnoorenberghe)
Remove jQuery use from top-level event listeners in skin.js #2433 (mnoorenberghe)
Replace remaining console inline event handlers #2432 (mnoorenberghe)
Log CSP violations in ZM logs in supported browsers #2431 (mnoorenberghe)
Upgrade jQuery version #2430 (mnoorenberghe)
Replace MooTools usage for adding window event listeners #2429 (mnoorenberghe)
Add a validateForm event listener and enforce CSP on some views #2425 (mnoorenberghe)
Replace onclick='submitTab(...' with a click listener #2424 (mnoorenberghe)
controlcap.php: Reflected xss fix with validHtmlStr #2423 (mnoorenberghe)
skins/classic/views/control.php second order sqli #2422 (mnoorenberghe)
Fix ajax/status.php orderby sql injection #2421 (mnoorenberghe)
Fix recaptcha support with the CSP #2420 (mnoorenberghe)
More eslint fixes; eslint in php; add eslint to travis #2419 (mnoorenberghe)
Fix duplicate 'class' attribute in options #2418 (mnoorenberghe)
Convert some characters to HTML entities #2417 (mnoorenberghe)
Fix eslint violations #2416 (mnoorenberghe)
More inline JS / nonce conversions #2415 (mnoorenberghe)
Add a CSP script-src policy with nonce-source and convert more inline event handlers #2413 (mnoorenberghe)
Replace onclick inline event handlers for createPopup #2410 (mnoorenberghe)
update debian to 1.32.x #2407 (kobold81)
Fix imagesize requirements #2404 (connortechnology)
add a logging callback to the libvlc camera #2401 (connortechnology)
disable delete button when event is archived. #2396 (connortechnology)
remove ob_clean stuff which logs errors when output buffering is turned off #2395 (connortechnology)
Fix #2391 by defining monitor variable #2392 (davidjb)
implement timezone check function #2387 (knight-of-ni)
Split actions.php into individual files per view #2385 (connortechnology)
add WebSite type to enum #2382 (knight-of-ni)
add Foscam R2C ptz script #2380 (techrockedge)
Improve config efficiency #2379 (connortechnology)
Fix 2253 #2377 (connortechnology)
Fixes #2375 #2376 (SalmonMode)
remove ZM_DIR_IMAGES #2374 (knight-of-ni)
force overloadframes and ExtendAlarmFrames to int #2373 (knight-of-ni)
Update area when editing x and y coords #2372 (connortechnology)
2369 misspelling fix #2371 (jimender2)
update viewImagePatch #2370 (knight-of-ni)
Fix 2340 #2368 (connortechnology)
fix path to thumb and anal images #2367 (knight-of-ni)
Update area when editing x and y coords #2366 (connortechnology)
remove option to build with no ffmpeg #2365 (knight-of-ni)
Small groups fixes #2362 (connortechnology)
Update permissions checking for Groups to not use session. Fixes #2353 #2359 (connortechnology)
Implement libswresample support as an alternative to libavresample, w… #2357 (connortechnology)
make sure auth is regenerated each time we call login.json #2347 (pliablepixels)
Ffmpeg logs optional #2345 (pliablepixels)
support for forwarded proto/port in Server.php #2343 (mrosack)
allow one to set manpage destination #2337 (knight-of-ni)
strip port from HTTP_HOST #2335 (connortechnology)
Fix ios9 #2331 (connortechnology)
Fix rate resetting #2329 (connortechnology)

* This Change Log was automatically generated by github_changelog_generator

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

My Friend Of Misery