Frigate NVR Updates: Security Hardening and Accuracy Fixes
Today's merges centered on closing security gaps in authentication and database handling, alongside a correctness fix for face recognition accuracy. Two separate security issues were patched: a logout token bug and a regex denial-of-service risk on the database thread.
Duration: PT2M27S
Episode overview
This episode is a short developer briefing from Frigate NVR Updates.
It explains recent repository work in plain language.
- Show: Frigate NVR Updates
- Published: 2026-07-14T13:16:02Z
- Audio duration: PT2M27S
Transcript excerpt
This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.
Good day, and welcome to Frigate NVR Updates for July 14th, 2026.
The clearest theme today is security hardening across two independent but related areas: authentication and database query handling.
First, PR #23678 from nulledy fixes a real logout flaw. Clicking logout in the web UI could silently issue a fresh token if it happened within the refresh window, meaning users weren't actually logged out. The fix disables auth checks specifically on the logout endpoint in the Nginx config, and also cleans up how…
Second, and more serious, is commit c2e739b from Josh Hawkins, merged as PR #23714. The recognized license plate filter was passing user-controlled regex patterns straight to Python's search function on the single database thread. A malicious or just poorly written pattern could freeze the entire application through…
Second theme: accuracy fixes in the machine learning pipeline. PR #23712 from Jozef Huscava found that face crops were being fed to the FaceNet and ArcFace embedders in the wrong color order — B-G-R instead of R-G-B. Because the same error applied during both enrollment and recognition, it partially canceled out,…
Rounding out the day, Nicolas Mowen landed two…
Nearby episodes from Frigate NVR Updates
- Weekly Recap - Documentation Cleanup and Authentication Groundwork
- Auth Expands, Face Recognition Gets Fixed
- Correctness Fixes Across Classification and Auth
- Documentation and Cleanup Day
- Cleanup and Streaming Bump
- Recording Reliability and Polish
- Cleaning Up Async and Code Quality
- Weekly Recap - Configuration Stability & Community Hardware