This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+1 more
Affected surfaces
ReleasePort's take
Light signalRelease v1.28.7 introduces perβcamera retention policies and precise storage dashboards, while enhancing security via log redaction and tightening PyAV engine checks.
Why it matters: Security improvements (log redaction, hardened PyAV) mitigate credential exposure; new retention policies and dashboard precision help operators manage resources more accurately in v1.28.7 deployments.
Summary
AI summaryUpdates π οΈ Key Improvements, π Release v1.28.7, and RBAC across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Implements systemβwide log redaction to mask tokens and passwords instantly. Implements systemβwide log redaction to mask tokens and passwords instantly. Source: llm_adapter@2026-05-24 Confidence: high |
β |
| Security | Medium |
Hardens PyAV engine preβflight checks and strengthens SSRF/Path Traversal protections. Hardens PyAV engine preβflight checks and strengthens SSRF/Path Traversal protections. Source: llm_adapter@2026-05-24 Confidence: high |
β |
| Feature | Medium |
Adds per-camera custom retention policies for storage engine. Adds per-camera custom retention policies for storage engine. Source: llm_adapter@2026-05-24 Confidence: high |
β |
| Feature | Medium |
Updates Storage Dashboard to show exact capacity and required storage estimates down to 0.01β―GB. Updates Storage Dashboard to show exact capacity and required storage estimates down to 0.01β―GB. Source: llm_adapter@2026-05-24 Confidence: high |
β |
| Feature | Medium |
Deploys groupβbased RoleβBased Access Control (RBAC) for administrators. Deploys groupβbased RoleβBased Access Control (RBAC) for administrators. Source: llm_adapter@2026-05-24 Confidence: high |
β |
Full changelog
Full Changelog: https://github.com/spupuz/VibeNVR/compare/v1.28.6...v1.28.7
π Release v1.28.7
π Summary
This release introduces highly requested granular storage controls, tightens our Role-Based Access Control (RBAC), and hardens the system's security posture. Users can now define precise, custom retention periods per-camera with surgical dashboard estimates. Additionally, administrative capabilities have been expanded with group-based RBAC and deep log redaction guarantees zero trace of sensitive tokens.
π οΈ Key Improvements
- π Storage Engine: Introduced support for Custom Days retention policies at the per-camera level. The Storage Dashboard now calculates and displays exact Capacity and Required Storage estimates even for micro-burn rates (threshold lowered to 0.01 GB).
- π‘οΈ Security & Privacy: Implemented robust, system-wide log redaction to instantly mask tokens and passwords. Hardened the PyAV engine pre-flight checks and significantly fortified SSRF/Path Traversal protections.
- π₯ Access Control: Deployed comprehensive Group-Based RBAC. Administrators can now edit existing user capabilities dynamically while ensuring Viewer roles remain strictly isolated from sensitive actions.
Security Fixes
- Hardened PyAV preβflight checks, strengthened SSRF and Path Traversal protections, and added systemβwide log redaction to prevent token leakage
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About spupuz/VibeNVR
All releases βRelated context
Related tools
Earlier breaking changes
- v1.28.3 Must update docker-compose.yml with TZ variable for all services
Beta — feedback welcome: [email protected]