mirror of https://github.com/blakeblackshear/frigate.git synced 2026-06-02 07:00:32 +00:00

History

* scrub genai API keys and onvif credentials from config endpoint

* enforce camera access in thumbnail tracked-object fallback

The /events/{id}/thumbnail endpoint called require_camera_access when
loading persisted events but skipped the check in the tracked-object
fallback path for in-progress events. A restricted viewer could
retrieve thumbnails from cameras they should not have access to.

* block filter and attach flags in custom ffmpeg export args

The ffmpeg argument blocklist missed -filter_complex, -lavfi, -vf,
-af, -filter, and -attach. These flags can read arbitrary files via
source filters like movie= and amovie=, bypassing the existing -i
block. A user with camera access could exploit this through the
custom export endpoint.

* enforce camera access on VLM monitor endpoint

POST /vlm/monitor allowed any authenticated user to start VLM
monitoring on any camera without checking camera access. A viewer
restricted to specific cameras could monitor cameras they should
not have access to.

* enforce camera access in chat start_camera_watch tool

The start_camera_watch tool called via POST /chat/completion did not
validate camera access, allowing a restricted viewer to start VLM
monitoring on cameras outside their allowed set through the chat
interface.

* restrict review summary endpoint to admin role

* fix require_role call passing string instead of list

* fix section config uiSchema merge replacing base entries

mergeSectionConfig was replacing the entire base uiSchema when a
level override (global/camera) also defined one, causing base-level
ui:after/ui:before directives to be silently dropped. This broke
the SemanticSearchReindex button which was defined in base uiSchema.

2026-03-31 13:45:04 -05:00

.vscode

Update web readme (#12062 )

2024-06-19 08:11:51 -06:00

images

llc to inc and 2025 to 2026 (#21484 )

2026-01-01 09:56:09 -06:00

patches

Replace react-tracked and react-use-websocket with useSyncExternalStore (#22386 )

2026-03-11 09:02:51 -05:00

public

Add UI config messages framework (#22692 )

2026-03-29 15:25:40 -06:00

src

Miscellaneous improvements (#22714 )

2026-03-31 13:45:04 -05:00

themes

Detail Stream tweaks (#20533 )

2025-10-16 14:15:23 -06:00

.eslintrc.cjs

Auth! (#11347 )

2024-05-18 10:36:13 -06:00

.gitignore

chore: i18n use cache key (#20885 )

2025-11-14 09:36:46 -06:00

.prettierrc

Use prettier-plugin-tailwindcss (#11373 )

2024-05-14 09:06:44 -06:00

components.json

Add shadcn sidebar component (#20292 )

2025-09-30 15:02:35 -06:00

i18next.config.ts

i18n workflow improvements and tweaks (#22586 )

2026-03-23 08:48:02 -05:00

index.html

Various Tweaks (#22609 )

2026-03-24 13:53:39 -06:00

clarify trademark and license interaction (#21019 )

2025-11-23 08:42:48 -07:00

package-lock.json

Bump ajv from 6.12.6 to 6.14.0 in /web (#22587 )

2026-03-23 09:09:50 -05:00

package.json

i18n workflow improvements and tweaks (#22586 )

2026-03-23 08:48:02 -05:00

postcss.config.js

Fix linter and fix lint issues (#10141 )

2024-02-28 16:23:56 -06:00

README.md

Update web readme (#12062 )

2024-06-19 08:11:51 -06:00

site.webmanifest

Update webmanifest to use /BASE_PATH/ (#17310 )

2025-03-23 05:34:33 -06:00

tailwind.config.cjs

Various Tweaks (#22609 )

2026-03-24 13:53:39 -06:00

tsconfig.json

…

tsconfig.node.json

…

vite.config.ts

Full UI configuration (#22151 )

2026-02-27 08:55:36 -07:00

README.md

This is the Frigate frontend which connects to and provides a User Interface to the Python backend.

Web Development

Installing Web Dependencies Via NPM

Within /web, run:

npm install

Running development frontend

Within /web, run:

PROXY_HOST=<ip_address:port> npm run dev

The Proxy Host can point to your existing Frigate instance. Otherwise defaults to localhost:5000 if running Frigate on the same machine.

Extensions

Install these IDE extensions for an improved development experience:

eslint