Skip to content

spupuz/VibeNVR

v1.16.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 4mo Media Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ffmpeg lightweight local-storage nvr opensource privacy
+1 more
video-surveillance

Affected surfaces

auth

Summary

AI summary

Hardware‑accelerated encoding is now enabled by default, fixing continuous recording start failures.

Full changelog

Full Changelog: https://github.com/spupuz/VibeNVR/compare/v1.15.7...v1.16.0

Release v1.16.0 - Hardware Acceleration & Recording Stability

This release introduces significant improvements to system efficiency, recording stability, and data security.

🚀 Key Features

1. Full Hardware Acceleration (Decoding & Encoding)

  • VAAPI/NVENC Encoding: Enabled hardware-accelerated encoding for video recordings. This drastically reduces CPU overhead during MP4 file generation.
  • Intelligent Detection: The system now automatically selects the best available encoder (h264_vaapi for Intel/AMD or h264_nvenc for NVIDIA).
  • Real-time Feedback: The Dashboard now displays the precise hardware acceleration status:
    • ACTIVE ✓: GPU is actively being used.
    • READY: Specifically configured and waiting for a task.
    • OFF/ERROR: Immediate diagnostics in case of configuration issues.

2. Smart Recording & Continuous Mode

  • Continuous Mode Fix: Resolved a bug preventing "Continuous" recording from starting automatically. Cameras now begin recording immediately when set to this mode.
  • Smart Toggle: The recording button on the Live View overlay is now state-aware.
    • Start Recording → Swaps to Continuous mode.
    • Stop Recording → Restores the previous state (Motion Triggered or Off) instead of disabling recording entirely.

3. Live View Stability

  • Passthrough Fix: Fixed a black screen issue when toggling "Passthrough" settings. The system now forces a clean stream reconnection when network or codec settings change.

🛡️ Security & Privacy

  • Global Log Redaction: Implemented a security filter that automatically masks credentials (username/password) in RTSP URLs and JWT tokens across all system logs.
  • AI-Ready Policies: Technical documentation (CONTEXT.md, AI_POLICY.md, AGENTS.md) has been updated with strict guidelines to ensure future AI-assisted contributions maintain high security and privacy standards.

🛠 Technical Changes

  • Database Migration: Added the previous_recording_mode column to the cameras table (automatically handled on first startup).
  • Versioning: Aligned versions to 1.16.0 across both Backend and Frontend.
  • Cleanup: Removed debug files and legacy backups from the engine repository.

Security Fixes

  • Global log redaction masks credentials in RTSP URLs and JWT tokens across all system logs
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track spupuz/VibeNVR

Get notified when new releases ship.

Sign up free

About spupuz/VibeNVR

All releases →

Related context

Earlier breaking changes

  • v1.28.3 Must update docker-compose.yml with TZ variable for all services

Beta — feedback welcome: [email protected]