My Friend Of Misery .2

Bug fixes since 1.34.1

• Fix failed login using Google reCaptcha [#2820]

1.34.2 (2020-02-04)

Full Changelog

My Friend Of Misery .1

Bug fixes since 1.34.0

• Return to original url after login [#2811]
• Bug fix Montage page: Allows for proper functionality if MultiPort isn't configured [#2812]
• zmtrigger.pl bad SQL syntax [#2814]

1.34.1 (2020-01-25)

Full Changelog

My Friend Of Misery

This is largely a fixes & polish release. There are a number of bug fixes and security improvements in here.

We DO NOT RECOMMEND running any prior version of zoneminder

Upgrading from 1.32.3 should be relatively painless although if your Logs table is large it may take some time to update it.

Security fixes:

• We no longer store passwords using mysql's built-in password encryption.
• We now support a modern JWT access token system
• Replaced a lot of inline javascript.
• There were a number of XSS and SQL injection issues fixed.
• CVE-2019-13072
• CVE-2019-6777

Other changes:

• When adding a new monitor a random colour will be assigned to it instead of red.
• We now have a handy resolution dropdown to help prevent typos in the width & height fields
• Support for mysql8
• Support for php 7.4
• Can now delete database log entries for the logs popup
• Timezone setting moved from php.ini to Options -> System
• ffmpeg hwaccel support for h264 decoding
• Improved recording to mp4 with audio
• Added ZM_LOG_FFMPEG options which captures ffmpeg debug messages properly which can really help with debugging.
• Added ability to use zms to stream mjpeg when the video is stored as h265. Most browsers can't play h265 so this allows you to use passthrough mode with an h265 camera and still watch the video.
• Filters now have a Copy To action which copies the event files to a second storage area
• We now display additional event information such as that generated by event server object detection

To update to this release on Ubuntu, you will need to add the new ppa
sudo add-apt-repository ppa:iconnor/zoneminder-1.34

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. ZoneMinder is a community project. As such, we are constantly in need of those willing to volunteer their time to maintain and improve it, whether that be writing code, answering questions in the forum, or updating our documentation. Please consider helping us.

Change Log

1.34.0 (2020-01-15)

Full Changelog

Merged pull requests:

• add 3840x2160 4k UHD to monitor dropdown #2804 (PrplHaz4)
• fix tar invocation for *BSD platforms #2801 (DKnight110)
• fix JWT access token always being 1 hr #2790 (pliablepixels)
• Random web colour #2789 (connortechnology)
• Fixed unquoted variable which was failing to correctly detect error case #2788 (anon8675309)
• Add empty array value for terms when there isn't any #2785 (connortechnology)
• fix #2771. #2780 (connortechnology)
• Test for null in user before testing for access in CanEdit et all #2776 (connortechnology)
• Apply relevant changes to deal with php7,4 deprecations #2775 (connortechnology)
• dirty fix filtering Monitors by GroupId. #2774 (connortechnology)
• Fix api alarm auth #2769 (connortechnology)
• Correct video buffer length when analysis and capture fps differ #2768 (selvanair)
• Fix 2692 #2767 (connortechnology)
• Update api.rst #2765 (pliablepixels)
• Its not necessary the token is a refresh. Can also be empty #2763 (pliablepixels)
• typo fix #2759 (pliablepixels)
• add note on API wrapper #2754 (pliablepixels)
• Add storage docs #2752 (Tsopic)
• add model validation so that we don't create empty monitors #2749 (pliablepixels)
• Fix 2745 #2746 (connortechnology)
• 1 34 docs update #2743 (pliablepixels)
• align with other filter options #2727 (externo6)
• More filter options #2726 (externo6)
• Fix ZM slack join link #2722 (pliablepixels)
• Update ISSUE_TEMPLATE.md #2721 (arushipandit)
• Remove dash from IPCC7210W.pm #2719 (Simpler1)
• Add delete from logs ajax capability. Make the clear button use it. … #2715 (connortechnology)
• Add setting of timezone to Options/Config instead of php.ini #2714 (connortechnology)
• Fix 2705 #2706 (connortechnology)
• general clean of onvif probe view. Use buttons instead of inputs and… #2704 (connortechnology)
• Fix auth timing out due to cookie timing out and getting deleted. #2698 (connortechnology)
• In production mode, debug should be 0 #2697 (pliablepixels)
• fixes #2694 #2696 (connortechnology)
• Fix token auth sessions #2695 (connortechnology)
• Tweaks to the ubuntu installation instructions #2688 (raboof)
• Fix iOS autocapitalizing username field on login #2687 (PauliusGedrikas)
• Add code to handleDelay to cancel identical delayed actions. Fixes #2619 #2681 (connortechnology)
• Update faq.rst: Timezone issue. #2680 (Tsaukpaetra)
• Fix token auth sessions #2676 (connortechnology)
• Fix 2673 #2675 (connortechnology)
• Fix download and export button from events list. Fixes #2668 #2670 (connortechnology)
• Filter add copy #2669 (connortechnology)
• Alarm api #2665 (pliablepixels)
• fixed ffmpeg log association to zm log levels #2664 (pliablepixels)
• Demote token log #2663 (pliablepixels)
• Fixes #2579 by putting the event Id into an attribute of the delete b… #2662 (connortechnology)
• Add primary keys to Logs and Stats tables #2653 (bluikko)
• simplify rtfm step #2650 (CanOfSpam3)
• Explicitly link with libdl #2649 (JohnAZoidberg)
• Revert audio sync fixes #2646 ([connortechnology](https://github.com/connortechn...

And Justice for All

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. ZoneMinder is a community project. As such, we are constantly in need of those willing to volunteer their time to maintain and improve it, whether that be writing code, answering questions in the forum, or updating our documentation. Please consider helping us.

Bug Fix Release

This is another bug fix release.

Here is a summary of the changes:

• Better support for ZoneMinder behind a (reverse) proxy
• Fix triggers to sum event counts properly
• fix API getVersion call
• fix shared memory alignment errors on some 32bit systems
• fix return user/pass credentials when auth relay is plain

What's New

If you are upgrading from a release older than 1.32.0, then it is critically important to read the release notes for the 1.32.0 release. There are several critical changes you should be aware of. Please read them. It is painfully obvious to us who has and has not read the release notes in our user forum.

Change Log

1.32.3 (2018-12-08)

Full Changelog

Merged pull requests:

• strip port from HTTP_HOST #2335 (connortechnology)
• Fix rate resetting #2329 (connortechnology)
• returns user=&pass= in credentials for auth_relay plain and none #2327 #2328 (pliablepixels)
• Add description for Stream Replay Image Buffer #2325 (epruesse)
• Fix unreadable input text when OS theme dark #2324 (epruesse)
• Fix triggers to sum event counts properly #2323 (knight-of-ni)
• fix #2317 #2322 (connortechnology)
• rpm sub-packages #2314 (knight-of-ni)
• remove epadding2, to restore the 64bit alignment of startup_time. #2307 (connortechnology)
• Fix typos in README file #2301 (rafidashab)
• Adding "Storage Tag" in definemonitor.rst #2299 (aktarus82)
• Use the global dbh in ZoneMinder::Database instead of keeping our own… #2298 (connortechnology)
• update nginx support on redhat #2293 (knight-of-ni)
• updated API - streaming/server/storage/other edits #2291 (pliablepixels)
• Audio only with ffmpeg #2289 (connortechnology)
• rough in adding Monitor_Status to Monitors #2288 (connortechnology)
• API - Disable E_NOTICE from php error reporting in cake debug #2286 (ratmole)
• Fixes for a couple issues in the Ubuntu guide #2285 (chrisk)
• Fix 2279 delete camera through api #2281 (connortechnology)
• Document /api/monitors/daemonStatus/ #2278 (mnoorenberghe)
• use json_encode/decode instead of serialize/unserialize to pass onvif… #2273 (connortechnology)
• API getVersion Fix -> Undefined variable: eTagMatches... #2268 (ratmole)
• Bosnian translation #2266 (dado-ca)
• Include the remoteAddr in the session authhash cache, so that a chang… #2264 (connortechnology)
• show event notes in same event view #2259 (pliablepixels)
• Added monitor preset for D-link DCS-930L #2255 (azend)
• Fixed cambozola typo #2252 (azend)
• Server path prefix #2152 (connortechnology)

* This Change Log was automatically generated by github_changelog_generator

Tuesday's Gone

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. We are always in need of volunteers, not just to write code, but to help manage the user forum, manage wiki content, write documentation, test the latest master branch, etc. There is always far more work to do than people available to do the work.

Bug Fix Release

This is a bug fix release that fixes issues of moderate severity.

Here is a summary:

• Additional fixes to zmtrigger
• Additional fixes to zmfilter
• remember navbar collapse selection
• don't build neon instructions on armel architecture
• don't refresh the page during an Ajax timeout error

What's New

If you are upgrading from a release older than 1.32.0, then you should read the release notes for that release. There are several key changes you should be aware of.

Change Log

1.32.2 (2018-10-13)

Full Changelog

Merged pull requests:

• check for __ARM_PCS_VFP instead of __armel__ #2250 (knight-of-ni)
• rough in for alarmed frame retrieval #2248 (pliablepixels)
• Turn off navbar #2247 (connortechnology)
• don't build neon instructions on armel #2246 (knight-of-ni)
• Make header flips persistent based on cookie #2245 (connortechnology)
• implement loadMonitor sub #2244 (knight-of-ni)
• use $Event rather than $event #2240 (knight-of-ni)
• added note on auth hash logins #2237 (pliablepixels)
• Fix 2229 get disk percent #2232 (connortechnology)
• allow username&password even if AUTH_HASH is enabled #2231 (pliablepixels)
• Documentation Improvements + Fixes #2230 (dhanikabulath)
• Touch lockfile #2217 (connortechnology)
• Add Control plugin for PTZ cameras supporting the PSIA IP Media Device API #2191 (jof)

* This Change Log was automatically generated by github_changelog_generator

Turn the Page

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. We are always in need of volunteers, not just to write code, but to help manage the user forum, manage wiki content, write documentation, test the latest master branch, etc. There is always far more work to do than people available to do the work.

Bug Fix Release

This is a bug fix release that fixes several key problems. We recommend everyone update immediately.

Here is a summary:

• Fix zmaudit ignoring the archive flag
• Fix issues due to the way events are stored
• Fix zmtrigger ignoring recently changed monitors
• Reload the page properly on ajax error (avoids "permission denied" screen)
• Fix x264 encode method corrupting shared memory
• Fix the export button on the log view

What's New

If you are upgrading from a release older than 1.32.0, then you should read the release notes for that release. There are several key changes you should be aware of.

Change Log

1.32.1 (2018-10-01)

Full Changelog

Merged pull requests:

• dim x264 encode when on arm #2227 (knight-of-ni)
• don't zmMemInvalidate when reloading monitors #2225 (knight-of-ni)
• added note to make sure headers is on #2222 (pliablepixels)
• added license #2221 (pliablepixels)
• Fix 2213 #2215 (connortechnology)
• fixed path for login/logout api #2208 (pliablepixels)
• Misspelling and grammar #2202 (larandvit)
• Control plugin for Dahua PTZ cameras #2192 (jof)
• Fix #2205 #2207 (connortechnology)

* This Change Log was automatically generated by github_changelog_generator

Nothing Else Matters

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. We are always in need of volunteers, not just to write code, but to help manage the user forum, manage wiki content, write documentation, test the latest master branch, etc. There is always far more work to do than people available to do the work.

This version of ZoneMinder includes a new look, which means our documentation is in need of being updated. The only requirement is a desire to learn a fairly intuitive markdown language. Please consider volunteering your time.

What's New

There are significant changes to this release.

Here is a brief summary:

• A re-worked web console, compared to the previous 1.30.4 release
• record to mp4 container
• record audio
• support for php 7.x
• Arbitrary website as a non-recordable, interactive monitor.
• Updated Montage Review
• Options-> Paths moved into config files under conf.d folder
• Multiple storage paths are supported. See Options -> Storage
• The old method of bind mounting the event folder is no longer needed nor recommended
• Additional system statistics on the web console
• Raspberry pi OMX hardware h264 decoder support
• Event thumbnails play video on mouseover
• Drag and drop sorting of monitors
• Scalability improvements
• Support for Redhat el6 distros and clones has been removed

Existing Users

For those of you upgrading from a previous version of ZoneMinder:

• The upgrade scripts will take longer than normal to run, especially if you have many events
• Your previous settings on the Options -> Paths tab have been moved into the file zmcustom.conf which is typically found under /etc/zm/conf.d
• Consider migrating your events folder from the former bind mount method to the new method under Options -> Storage
• You should no longer have symbolic links in your webroot folder. This resolves a long standing security issue.
• The Apache config file has changed. This config file may or may not update automatically. This depends on what distro you are running and how you installed ZoneMinder. Please refer to the documentation for your distro to learn what specific steps are required.

Attention Package Managers

There are some fairly significant changes that must be completed to your packing scripts in order for ZoneMinder to install properly. Please contact us to coordinate the changes to your packaging scripts. A brief summary of the requirements is listed here: #2078 (comment)

Change Log

1.32.0 (2018-09-12)

Full Changelog

Merged pull requests:

• implement collapsible headers #2203 (knight-of-ni)
• Misspelling - non-recordable #2200 (larandvit)
• optionhelp - support links markdown style #2198 (knight-of-ni)
• Add Privacy Statement #2194 (knight-of-ni)
• adjust scoring algorithm when max_alaram size is specified. #2186 (vajonam)
• Revert "Add Privacy Statement" #2179 (connortechnology)
• Add Privacy Statement #2176 (knight-of-ni)
• Support quoting config variables #2175 (knight-of-ni)
• retrieve geoip data rather than the ip #2173 (knight-of-ni)
• Bugfix in Control and added new Camera #2171 (rdissertori)
• fix_2167 #2168 (connortechnology)
• fixed getCredentials not working if called directly #2164 (pliablepixels)
• documentation for new login/logout APIs #2163 (pliablepixels)
• Control/ipcamios #2162 (Daedilus)
• Added new control script for iPhone ip camera software #2161 (Daedilus)
• 2156 api login #2157 (pliablepixels)
• Arp tool #2155 (knight-of-ni)
• Removed "chosen" web site; "prism.js" is not distributable. #2154 (onlyjob)
• Cycle width #2153 (connortechnology)
• JSON::Any --> JSON::MaybeXS (Closes: #770). #2151 (onlyjob)
• Misc JS hygiene #2150 (onlyjob)
• fix regex to match IP and first numbers of MAC in the arp -a output (Closes: #2144) #2145 (onlyjob)
• create ZM_EXPORT_DIR if needed #2136 (connortechnology)
• Rework generateAuthHash to take a force parameter so that it can be u… #2135 (connortechnology)
• Allow selection of different source column filtering on the console #2132 (knight-of-ni)
• Change langfile's charset to UTF-8 as in #583 #2131 (cpasqualini)
• Grant access to the new cache directory in Apache on Ubuntu #2130 (mnoorenberghe)
• Fix #2124. Always allow selection of checkboxes, include canEdit(Eve… #2125 (connortechnology)
• rework reaper #2117 (connortechnology)
• when detecting a down db connection, need to clear the stored sth as … #2116 (connortechnology)
• Fix perl logging #2115 (connortechnology)
• create the pid file before doing anything else #2114 (knight-of-ni)
• Implement a RecursiveMutex class which is an explicit Recursive Mutex… #2111 (connortechnology)
• fixed typo #2103 (TopView)
• naming consistency of attribute #2096 (pliablepixels)
• auth_key api for different situations #2090 (pliablepixels)
• Migrate Webcache out of webroot #2083 (knight-of-ni)
• Fix signalcheck #2082 (connortechnology)
• use ZoneMinder::Server::CpuLoad rather than Sys:CpuLoad #2080 (knight-of-ni)
• Fix travis build status #2077 (spanner3003)
• update japanese php #2069 (sgunji)
• upgrade to cakephp 2.10.8 #2067 (knight-of-ni)
• Fix the second part of #2064 #2066 (MTres19)
• Use Event.Width and Event.Height instead of Monitor.Width and Monitor… #2063 (connortechnology)
• Fix intermittent API authentication problem caused by whitespace in CakePHP file #2062 (mcdamo)
• 2059 alarm cause #2060 (pliablepixels)
• Add D-Link DCS-3415 Script Control #2053 (habibapp1365)
• Packaging...

The Frayed Ends of Sanity

Small Fix

This release has been created to address an issue which was discovered in the new uridecode function. There are some minor packaging related changes made as well. What follows has been copied and pasted from the previous release notes to make sure everyone reads it.

Cake PHP API Note

The previous 1.30.2 release disabled cake php debug mode due to a potential security vulnerability. Be advised that, because cake debug mode is off, the cake debug web page, typically navigated to with a /zm/api suffix, is also turned off. The API itself will continue to function normally.

Important Note to Package Maintainers

Switching to the php apc cache engine adds a new package dependency on the php-apc or php-apcu package. The exact name of the package varies per distro. The API will not function without this package installed and the web server restarted.

Nightly Builds

We have recently enabled a nightly build system, which is cranking out rpm & deb packages almost as fast as we make changes to the source code. If you have an interest in testing a recent build of the master branch then this is for you. This will allow you to test bleeding edge software changes w/o having to first be an expert in building rpm or deb packages. Nightly build rpm packages are currently available at zmrepo.zoneminder.com. As soon as I learn where Isaac is hosting the deb packages, I will update these release notes.

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. We are always in need of volunteers, not just to write code, but to help manage the user forum, manage wiki content, write documentation, test the latest master branch, etc. There is always far more work to do than people available to do the work.

What follows is the complete change log since our previous release:

Change Log

1.30.4 (2017-05-09)

Full Changelog

Merged pull requests:

• update ubuntu builds with dependencies on php-apcu and php-apc and php-apcu-bc #1873 (connortechnology)
• fix uridecode(password) to uridecode(value) #1872 (connortechnology)
• Clean up ubuntu builds #1871 (connortechnology)

Turn the Page

One More bug Fix Release

The ZoneMinder team is proud to release one more bug release before we move on to bigger things.

There are not as many changes this go around, but here is a summary of the most significant:

• The cake php cache engine has been changed from flat files to php apc. No more API failures due to missing folders.
• A previous security vulnerability fix introduced a bug restarting zma/zmc. This has been fixed.
• Fixed a long standing issue where the timestamp would disappear when TIMESTAMP_ON_CAPTURE was disabled.
• Historically, zms has never supported extended ascii characters in camera passwords. This has been fixed.

Cake PHP API Note

The previous 1.30.2 release disabled cake php debug mode due to a potential security vulnerability. Be advised that, because cake debug mode is off, the cake debug web page, typically navigated to with a /zm/api suffix, is also turned off. The API itself will continue to function normally.

Important Note to Package Maintainers

Switching to the php apc cache engine adds a new package dependency on the php-apc or php-apcu package. The exact name of the package varies per distro. The API will not function without this package installed and the web server restarted.

Nightly Builds

We have recently enabled a nightly build system, which is cranking out rpm & deb packages almost as fast as we make changes to the source code. If you have an interest in testing a recent build of the master branch then this is for you. This will allow you to test bleeding edge software changes w/o having to first be an expert in building rpm or deb packages. Nightly build rpm packages are currently available at zmrepo.zoneminder.com. As soon as I learn where Isaac is hosting the deb packages, I will update these release notes.

Thank You to Those who have Contributed

We continue to thank those that have contributed to the ZoneMinder project. We are always in need of volunteers, not just to write code, but to help manage the user forum, manage wiki content, write documentation, test the latest master branch, etc. There is always far more work to do than people available to do the work.

What follows is the complete change log since our previous release:

Change Log

1.30.3 (2017-05-02)

Full Changelog

Merged pull requests:

• Fix spelling of remSocketFile #1869 (jedelbo)
• fix skin path in export_functions #1862 (knnniggett)
• Use ctype_digit #1861 (josh4trunks)
• Update documentation #1860 (josh4trunks)
• fixes escaping #1858 (connortechnology)
• use dos2unix to remove BOM #1856 (connortechnology)
• make cake tmp = zoneminder tmp #1854 (knnniggett)
• change cake cache engine from File -> Apc #1853 (knnniggett)
• move cake log to zoneminder log folder #1852 (knnniggett)
• invert timestamp_on_capture condition #1851 (knnniggett)
• Suppress debug messages on ZM service start/restart #1847 (ekwoodrich)
• Use misc/apache.conf instead of utils/docker/apache-vhost in docker #1846 (mnoorenberghe)
• fix Monitors filtering SQL #1844 (connortechnology)
• zm_local_camera.cpp: Improve format strings #1837 (DarkDeepBlue)
• Fix out-of-source building failing because pod2man #1832 (mastertheknife)
• Uri decode in zms #1826 (connortechnology)
• Remove zmc -r argument as it does not seem to be implemented. #1820 (SteveGilvarry)
• Additional controls for FI8908W cameras #1791 (dwalkes)
• packpack nightly builds #1788 (knnniggett)

The Unforgiven

Slight Change of Plans

Vulnerabilities! Yikes!
We had several reports of vulnerabilities come in during the last release candidate. We thank the security professionals for taking the time to review our project and have been hard at work implementing fixes. There are a few remaining vulnerabilities, similar to ones we already fixed, which we cannot currently duplicate. The purpose of this release is to establish a new baseline for testing before the next 1.30.3 release. If any of the remaining vulnerabilities turn out to be valid, understand that they require valid ZoneMinder user credentials to implement.

Because some of the vulnerabilities go back as far as our github history tracks, we recommend everyone upgrade to this version of ZoneMinder.

Yes, this also means the next 1.30.3 release will also be a bug fix release. It will not be a new feature release as we had hoped.

Thank You to Those who have Contributed

First, a big thank you to those who have contributed their time to this project, or who have contributed financially. The money donated to the project is primarily used to maintain an Internet presence. The donated funds are not used as income for our developers. We do occasionally assign funds to open issues through Bountysource, but those funds can be claimed by anyone who does the work. We all, from those that respond to questions in the forums to those who develop the underlying code, are effectively volunteers, each with our own $dayjobs. We participate because we want to be part of an open-source, community project, which brings me to my next point.

We know from our telemetry data that ZoneMinder has an extremely large user base. In just one week, we received 20k ip addresses, actively running ZoneMinder, and those sites are just the sites who have the telemetry data enabled. On the flip side to this, there are comparatively few people who contribute back to the project. This puts us in a perpetual situation where we cannot keep up whether that be responding in the forums, writing new code, fixing existing code, writing documentation, etc. We are looking for help from mature individuals who understand what it means to be part of a team project. To become part of the team, you don't need to know how to do a particular task, write code, etc. Rather, you simply need a strong desire to learn and interact with the other members.

Bug Fix Release

While there are a few new features, this release focuses on bug fixes and improvements to existing code.

Here is the short list of changes:

• Various sql injection, xss, and other vulnerabilities have been fixed.
  • CVE-2017-7203 is a duplicate of CVE-2017-5367 fixed ea5342a
  • CVE-2017-5595 fixed 8b19fca
  • CVE-2016-10205, CVE-2016-10204 fixed #1764
  • CVE-2016-10201 fixed c5906a5
• CVE-2017-5368, CVE-2016-10206 Added CSRF mitigation. This option ENABLE_CSRF_MAGIC defaults to OFF currently and must be turned on under Options. Packagers should choose to default on to resolve CVE-2017-5368 and CVE-2016-10206. If a package maintainer wants to change the default, then they should do the following in the build script before calling cmake: ./utils/zmeditconfigdata.sh ZM_ENABLE_CSRF_MAGIC yes
• Fixed an issue where the red outline did not appear in images with blob detection enabled
• The new ONVIF probe should now properly detect many more ONVIF compliant cameras
• A few security fixes were implemented to help mitigate malicious activity
• Various updates to the documentation including an emphasis to use the "ffmpeg" source type for modern IP cameras. Only use the other source types if there is a problem using ffmpeg.
• New Hikvision & Keekon PTZ control scripts have been added
• Since the amount of free /dev/shm memory is critical, this is now shown at the top of the web console.

A Notice about the next release following 1.30.3

We have had a number of big ticket items in the works for a while now, and after a recent discussion, we have decided to implement some, or perhaps all, of these major features following the release of 1.30.3. I won't name there here, because the list of features we deploy might change. What I do want to emphasize, however, is that the release which contains these new features will need to run its course to find and work out any bugs which will likely be introduced. So if you are running a production system and don't want reliability to suffer, then I would recommend you upgrade to 1.30.3, but skip the next release after that.

As always, here is the long list of changes:

Change Log

1.30.2 (2017-03-30)

Full Changelog

Merged pull requests:

• Setup api cache dirs #1835 (connortechnology)
• Fix check that API user is enabled #1828 (mnoorenberghe)
• Fix failure to attribute previous work #1819 (SteveGilvarry)
• Increase default window sizes for the flat theme. Fixes #1059 #1816 (mnoorenberghe)
• ZoneMinder: Rename public enum CHAR_WIDTH/CHAR_HEIGHT to avoid conflicts #1806 (adam900710)
• fix permissions on zm.conf in deb pkg scripts #1800 (knnniggett)
• use === operator in getDiskPercent function #1794 (knnniggett)
• Reduce the default API debug level #1793 (knnniggett)
• zmlinkcontent: fix syntax error #1792 (kunkku)
• fix missing isset check, caused number of Undefined Property warnings #1790 (vajonam)
• fix usage of wrong key #1785 (vajonam)
• fix typo for correct checking if a command has excuted for an event, … #1777 (vajonam)
• Remove SSH server from docker image #1774 (michaelarnauts)
• Add the missing F back in. #1773 (SteveGilvarry)
• add motion zone preset disclaimer #1767 (knnniggett)
• Align Method description to what it is actually doing #1765 (SteveGilvarry)
• Test for Controllable as well as ControlId #1843 (connortechnology)
• fix inserting x10 record with missing comma #1836 (connortechnology)
• Implement CSRF Mitigation #1822 (knnniggett)
• Properly escape postLoginQuery. Fixes #1797 #1815 (mnoorenberghe)
• Fix zmc crashing when zones are no good #1811 (connortechnology)
• use escapeshellarg on inputs to daemonControl and other functions #1780 (connortechnology)
• remove line that causes endless reading when doing single image mode #1770 (connortechnology)
• sanitize the image path before processing #1758 (knnniggett)
• must call zmMemInvalidate before next #1717 (connortechnology)
• Improve filter #1504 (connortechnology)

1.30.2-rc.1 (2017-02-05)

Full Changelog

Merged pull requests:

• sql injection and session fixation vulerability fixes #1764 (kylejohnson)
• check if crud plugin exists before unpacking #1759 (knnniggett)
• sanitize the image path before processing #1758 (knnniggett)
• 1716 doc img typo #1754 ([pliablepixels](https://g...