Skip to content

spupuz/VibeNVR

v1.29.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 6d Media Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ffmpeg lightweight local-storage nvr opensource privacy
+1 more
video-surveillance

Affected surfaces

rbac

Summary

AI summary

Customizable drag-and-drop sorting for cameras with admin-only protection and settings copy safeguards.

Changes in this release

Security High

Restricts /api/cameras/reorder endpoint to admin users only via RBAC.

Restricts /api/cameras/reorder endpoint to admin users only via RBAC.

Source: llm_adapter@2026-05-28

Confidence: high
Feature Medium

Adds customizable drag-and-drop sorting for cameras in Live View and Settings manager.

Adds customizable drag-and-drop sorting for cameras in Live View and Settings manager.

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Medium

Excludes sort_order from "Copy Settings" logic to prevent layout corruption during configuration cloning.

Excludes sort_order from "Copy Settings" logic to prevent layout corruption during configuration cloning.

Source: llm_adapter@2026-05-28

Confidence: high
Full changelog

Full Changelog: https://github.com/spupuz/VibeNVR/compare/v1.29.2...v1.29.3

🚀 Release v1.29.3

📝 Summary

This release introduces a highly requested quality-of-life feature: customizable drag-and-drop sorting for cameras! Users can now manually arrange the order of their cameras in both the Live View grid and the Settings manager, with the layout securely persisting in the database. Alongside this, the "Copy Settings" feature has been updated to protect your carefully arranged layouts from being unintentionally overwritten during bulk operations.

🛠️ Key Improvements

  • 🚀 UI/UX: Drag-and-Drop Sorting. Visually arrange your camera feeds with a sleek new grab handle (GripHorizontal).
  • 🛡️ Security: Admin-Only Reordering. The new /api/cameras/reorder endpoint is strictly protected by RBAC to ensure Viewers cannot alter the master layout.
  • 🎨 Aesthetics: Polished the interaction states for the grab handles to ensure they don't overlap or distract from the video feed or selection checkboxes.
  • ⚙️ Integrity: Excluded the sort_order attribute from the global "Copy Settings" logic to prevent layout corruption when cloning configurations across groups.

Security Fixes

  • /api/cameras/reorder now enforces admin‑only access via RBAC, blocking Viewer role from altering camera layout
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track spupuz/VibeNVR

Get notified when new releases ship.

Sign up free

About spupuz/VibeNVR

All releases →

Related context

Earlier breaking changes

  • v1.28.3 Must update docker-compose.yml with TZ variable for all services

Beta — feedback welcome: [email protected]