Skip to content

spupuz/VibeNVR

v1.12.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 4mo Media Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

ffmpeg lightweight local-storage nvr opensource privacy
+1 more
video-surveillance

Affected surfaces

auth crypto_tls

Summary

AI summary

Live view FPS throttling, FFmpeg presets, and unified timestamp logging improve performance and debugging.

Full changelog

Full Changelog: https://github.com/spupuz/VibeNVR/compare/v1.11.1...v1.12.0

VibeNVR v1.12.0 — Performance & Logging Overhaul

This release focuses on system stability, flexible performance tuning, and significantly improved debugging through unified timestamp logging.

🚀 Performance & Optimization

New Optimization Settings

You can now fine‑tune system performance directly from the UI:

  • Live View FPS Throttle: Control live stream frame rate globally or per‑camera to reduce CPU and network load.
  • FFmpeg Presets: Choose encoding presets (e.g., ultrafast, superfast) to balance CPU usage, latency, and quality.
  • Snapshot Quality: Adjust JPEG quality for motion snapshots.

Engine Integration

The video engine now natively respects all optimization parameters, enabling smoother live views on constrained hardware and more predictable CPU utilization.

Security

Invalid optimization values are automatically rejected during import to prevent crashes or unsafe configurations.

📊 Logging & Debugging

  • Unified Timestamps: All logs—Backend API, Video Engine, Nginx Access, Webhooks—now follow a strict, synchronized
    YYYY-MM-DD HH:MM:SS format.
  • Improved Log Viewer: The System Logs tab now sorts mixed log types chronologically, making cross‑service debugging far easier.
  • Actionable Webhook Logs: Webhook events now include clear INFO‑level details such as duration and file paths.

🛠️ Reliability & Maintenance

  • Robust Orphan Recovery: The orphan recording recovery tool now emits structured JSON status updates, ensuring the frontend always displays the correct “Imported / Example” summary—even when logs contain noise.
  • Enhanced Debug Report: Debug reports now include all current optimization parameter values to assist with support and troubleshooting.

🔒 Security

  • Strict Path Validation: Strengthened file‑path checks in the orphan recovery tool to ensure all operations remain confined to data directories.
  • Secret Redaction: Improved regex filters now reliably redact sensitive tokens from all log outputs, including standard streams.

Security Fixes

  • Strict path validation in orphan recovery tool confines operations to data directories
  • Enhanced regex filters reliably redact sensitive tokens from all log outputs
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track spupuz/VibeNVR

Get notified when new releases ship.

Sign up free

About spupuz/VibeNVR

All releases →

Related context

Earlier breaking changes

  • v1.28.3 Must update docker-compose.yml with TZ variable for all services

Beta — feedback welcome: [email protected]