Critical Fixes and Updates (!286) · Merge requests · Shinobi Systems / Shinobi

Moe requested to merge dev into master Feb 19, 2021

All users must update to the latest dev or master builds. This update addresses a critical bug found with Superuser authentication.

If your installation cannot be accessed outside your network you are in less danger of penetration but still suggested to update.

Again, you must update because of CVE-2021-27228.

Changes :

Fix Superuser Penetration Bug (Bug found by Marco Rieger @ins0) - CVE-2021-27228
Update API Key Manager
Update Sub-Account Manager (move to regular dashboard, deprecate /admin)
Update Face plugin to use tfjs 1.7.4
Fix PTZ Turn Speed
FFmpeg string generation fixes
Fix cron.js script
Update Coral Installer (by Mitch Ross @mitchross1)
Fix Bounding Box Logic (by Mitch Ross @mitchross1)

Edited Feb 19, 2021 by Moe

Critical Fixes and Updates