v1.13.11.9rc2

What's Changed

• build(deps-dev): bump @vitejs/plugin-vue from 4.5.2 to 5.0.0 in /frontend by @dependabot in #220
• build(deps): bump ace-builds from 1.32.2 to 1.32.3 in /frontend by @dependabot in #223
• build(deps-dev): bump @vue/compiler-sfc from 3.3.13 to 3.4.3 in /frontend by @dependabot in #224
• build(deps-dev): bump sass from 1.69.5 to 1.69.6 in /frontend by @dependabot in #227
• build(deps): bump ace-code from 1.32.2 to 1.32.3 in /frontend by @dependabot in #226
• Apply fixes from CodeFactor by @skrashevich in #228
• build(deps-dev): bump @vue/eslint-config-airbnb from 7.0.1 to 8.0.0 in /frontend by @dependabot in #225
• build(deps-dev): bump sass from 1.69.6 to 1.69.7 in /frontend by @dependabot in #238
• build(deps-dev): bump @vitejs/plugin-vue from 5.0.0 to 5.0.2 in /frontend by @dependabot in #235
• build(deps): bump vue from 3.3.13 to 3.4.9 in /frontend by @dependabot in #246
• build(deps-dev): bump nodemon from 2.0.22 to 3.0.2 by @dependabot in #247
• build(deps-dev): bump @vitejs/plugin-vue from 5.0.2 to 5.0.3 in /frontend by @dependabot in #243
• Apply fixes from CodeFactor by @skrashevich in #251
• build(deps): bump ace-linters from 1.0.1 to 1.0.3 in /frontend by @dependabot in #250
• build(deps-dev): bump vite from 5.0.10 to 5.0.11 in /frontend by @dependabot in #249
• build(deps-dev): bump eslint-plugin-vue from 9.19.2 to 9.20.0 in /frontend by @dependabot in #248
• build(deps-dev): bump eslint-config-prettier from 8.10.0 to 9.1.0 by @dependabot in #241
• build(deps-dev): bump prettier from 2.8.8 to 3.1.1 by @dependabot in #242
• build(deps): bump vue from 3.4.9 to 3.4.10 in /frontend by @dependabot in #252
• build(deps): bump socket.io-client from 4.7.2 to 4.7.3 in /frontend by @dependabot in #236
• build(deps-dev): bump eslint-plugin-prettier from 4.2.1 to 5.1.3 by @dependabot in #253
• build(deps-dev): bump @vue/eslint-config-prettier from 8.0.0 to 9.0.0 in /frontend by @dependabot in #237
• build(deps): bump socket.io-client from 4.7.2 to 4.7.3 in /frontend by @dependabot in #256
• build(deps): bump @aws-sdk/client-rekognition from 3.489.0 to 3.490.0 in /api by @dependabot in #257

Full Changelog: v1.13.11.9rc1...v1.13.11.9rc2

v1.13.11.9rc1

What's Changed

• build(deps): bump ace-code from 1.32.0 to 1.32.2 in /frontend by @dependabot in #212
• build(deps-dev): bump vite from 5.0.6 to 5.0.10 in /frontend by @dependabot in #209
• build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #208
• build(deps): bump ace-builds from 1.32.0 to 1.32.2 in /frontend by @dependabot in #211
• build(deps-dev): bump @vue/compiler-sfc from 3.3.10 to 3.3.12 in /frontend by @dependabot in #210
• build(deps): bump github/codeql-action from 2 to 3 by @dependabot in #207
• fix duplicate declaration by @skrashevich in #214
• build(deps-dev): bump eslint from 8.55.0 to 8.56.0 in /frontend by @dependabot in #217
• build(deps): bump ace-linters from 0.13.3 to 1.0.1 in /frontend by @dependabot in #218
• build(deps): bump vue from 3.3.10 to 3.3.13 in /frontend by @dependabot in #216
• build(deps-dev): bump @vue/compiler-sfc from 3.3.12 to 3.3.13 in /frontend by @dependabot in #215

Full Changelog: v1.13.11.9rc0...v1.13.11.9rc1

v1.13.11.9 rc0

Highlights of v1.13.11.9:

This release brings in much-needed flexibility for deployment configurations with the introduction of environment variables to set the server host and port. It also simplifies the integration between the API and frontend configurations, ensuring aligned service endpoints. The new expire_after MQTT configuration option enhances the control users have over the expiration time for MQTT messages.

Under the hood, the Dockerfiles have been updated for the frontend-builder, and key dependencies have been updated to their latest versions, ensuring a smooth and efficient development experience.

In terms of improvements, unnecessary code has been pruned for clarity, and the app's styles have received refinements for a better user interface.

Please refer to the changelog for a complete list of changes and updates included in this version. We value the feedback from our users and the community, and we continue to strive for excellence in each release. Thank you for your continued support.

This release includes several bug fixes, a major refactor, and dependency updates.

Added

• New MQTT expiration configuration option expire_after for customizing the timeout for "recognized" state in Home Assistant. (PR #181)
• Environment variables for configuring server host (DOUBLETAKE_HOST) and port (DOUBLETAKE_PORT) to allow for more flexible deployment scenarios. (Patch 26/38)

Changed

• Updated frontend-builder Dockerfile to use oven/bun:1.0.15 and use apt-get for package installations. (Patch 29/38)
• Updated Node version in Dockerfile to 18.19-bookworm and installed npm@^10.2.4 with fetch-retries set to 20. (Patch 30/38)
• Updated frontend dependencies with the latest releases including ace-builds, ace-code, @vitejs/plugin-vue, @vue/eslint-config-airbnb, @vue/eslint-config-prettier, eslint, and eslint-plugin-vue. (Patch 24/38)
• Updated vite to 5.0.5 in the frontend. (Patch 31/38)
• Added CodeFactor badge to README.md. (Patch 33/38)
• Updated primary Dockerfile to include storage directory initialization and volume for /.storage.
• Updated .github/workflows/playwright.yml to use actions/checkout@v4 and actions/setup-node@v4.
• entrypoint.sh script improvements for better directory handling.

Fixed

• Fixed incorrect import in recognize.util.js. (Patch 13/38)
• Refactored entrypoint.sh script to remove unnecessary double quotes around path variables. (Patch 34/38)
• Refactored Toolbar.vue styles to remove unnecessary CSS rules and improve readability. (Patch 36/38)
• Refactored recognize.util.js by removing the unused fs module import. (Patch 35/38)
• Application of fixes from CodeFactor analysis. (Patch 32/38)
• CodeFactor analysis fixes applied.
• UI and Styles refinements for improved consistency.

Security

The changes in storage.controller.js file reflect a security enhancement in the handling of filenames. The code modification takes place in the matches method of a controller that likely manages file retrieval.

Previously, the server was directly using the filename parameter from the request parameters in req.params. However, user-supplied filenames can be dangerous because they may contain special characters or sequences that could lead to file path traversal attacks, where an attacker attempts to access files and directories stored outside the intended directory structure.

The updated code now sanitizes the filename by calling the sanitize function, which presumably removes or escapes potentially dangerous characters in the filename. The sanitized filename is then used to construct the file's path and check its existence on the server.

Security Implication

The addition of filename sanitation ensures that any attempt by an attacker to manipulate the file path is mitigated. The sanitize-filename-truncate library likely removes or encodes characters that could lead to vulnerabilities such as directory traversal, allowing file operations to be performed safely on the server.

Summary of the Security Fix

In summary, this security fix mitigates a potential vulnerability by ensuring that user input (in this case, a filename) is properly sanitized before being used in file system operations. This helps protect the server from attacks that could exploit unsanitized input to gain unauthorized access to the file system.

Deprecated

• No deprecations in this release.

Removed

• No features were removed in this release.

Commits

• build(deps): bump ace-code from 1.31.1 to 1.31.2 in /frontend by @dependabot in #168
• build(deps-dev): bump @vitejs/plugin-vue from 4.4.0 to 4.5.0 in /frontend by @dependabot in #165
• build(deps-dev): bump vite-svg-loader from 4.0.0 to 5.1.0 in /frontend by @dependabot in #164
• build(deps): bump actions/setup-node from 3 to 4 by @dependabot in #163
• build(deps): bump ace-builds from 1.31.1 to 1.31.2 in /frontend by @dependabot in #167
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #162
• build(deps-dev): bump @vue/compiler-sfc from 3.3.8 to 3.3.9 in /frontend by @dependabot in #176
• build(deps): bump vue from 3.3.8 to 3.3.9 in /frontend by @dependabot in #175
• Document additional mqtt configuration options by @ccutrer in #149
• build(deps): bump jsdom from 22.1.0 to 23.0.0 in /api by @dependabot in #174
• build(deps-dev): bump vite from 4.5.0 to 5.0.5 in /frontend by @dependabot in #186
• build(deps-dev): bump @vue/compiler-sfc from 3.3.9 to 3.3.10 in /frontend by @dependabot in #185
• build(deps): bump vue from 3.3.9 to 3.3.10 in /frontend by @dependabot in #184
• Apply fixes from CodeFactor by @skrashevich in #188
• Match controller optimise by @skrashevich in #190
• Apply fixes from CodeFactor by @skrashevich in #195
• Apply fixes from CodeFactor by @skrashevich in #198
• build(deps-dev): bump @vitejs/plugin-vue from 4.5.1 to 4.5.2 in /frontend by @dependabot in #199
• build(deps-dev): bump vite from 5.0.5 to 5.0.6 in /frontend by @dependabot in #200
• Apply fixes from CodeFactor by @skrashevich in #201

New Contributors

• @ccutrer made their first contribution in #149

Full Changelog: v1.13.11.8...v1.13.11.9rc0

v1.13.11.8

Bug Fixes

• [BUG] Frigate sublabels

Others

• bump deps versions
• ui-tests by playwright
• multi-arch static binaries for linux

Full Changelog: v1.13.11.7...v1.13.11.8

v1.13.11.7

1. Reintroduces support for the arm/v7 architecture
2. Removes unused code. Reduce docker container size
3. Performance optimizations have been implemented for better efficiency
4. Option to trace SQL queries has been added for better debugging and tracking.

Full Changelog: v1.13.11.6.1...v1.13.11.7

v1.13.11.6.1

1.13.11.6.1

Bug Fixes

• [BUG] fix top menu

1.13.11.6

Changes

• [BUG/Feature] added ability to disable ip checks in double-take hassio addon

Full Changelog: v1.13.11.5...v1.13.11.6.1

v1.13.11.6

What's Changed

• [BUG/Feature] added ability to disable ip checks in double-take hassio addon

Full Changelog: v1.13.11.5...v1.13.11.6

v1.13.11.5

Bug Fixes

• [BUG] fix error "Cannot set headers after they are sent to the client"

Others

• Migrate to NodeJS 18
• Logs button in top menu bar

Full Changelog: v1.13.11.4...v1.13.11.5

v1.13.11.4

What's Changed

• Apply fixes from CodeFactor by @skrashevich in #106
• build(deps): bump docker/metadata-action from 4 to 5 by @dependabot in #116
• build(deps): bump docker/setup-buildx-action from 2 to 3 by @dependabot in #115
• build(deps): bump luxon from 2.5.2 to 3.4.3 in /frontend by @dependabot in #111
• Apply fixes from CodeFactor by @skrashevich in #120
• build(deps): bump docker/build-push-action from 4 to 5 by @dependabot in #114
• build(deps): bump docker/setup-qemu-action from 2 to 3 by @dependabot in #113
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #104
• Update mqtt.util.js to correct spelling in verbose log message by @leccelecce in #122
• build(deps): bump archiver from 5.3.2 to 6.0.1 in /api by @dependabot in #105
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in #123
• build(deps): bump ace-linters from 0.12.1 to 0.13.2 in /frontend by @dependabot in #87
• build(deps): bump luxon from 2.5.2 to 3.4.3 in /api by @dependabot in #110
• Documentation: README for docker on windows by @skrashevich in #128
• build(deps): bump codacy/codacy-analysis-cli-action from 1.1.0 to 4.3.0 by @dependabot in #133
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #132

New Contributors

• @leccelecce made their first contribution in #122

Full Changelog: v1.13.11.3...v1.13.11.4

v1.13.11.3

Bug Fixes

• [BUG] Unable to delete images from Train Menu #102

Full Changelog: v1.13.11.2...v1.13.11.3