Package Details: unifi-video 3.10.13-2

Git Clone URL: https://aur.archlinux.org/unifi-video.git (read-only, click to copy)
Package Base: unifi-video
Description: Centralized management system for Ubiquiti UniFi surveillance cameras.
Upstream URL: https://www.ubnt.com/
Licenses: custom
Conflicts: unifi-video-beta
Submitter: fryfrog
Maintainer: torben
Last Packager: torben
Votes: 10
Popularity: 0.000000
First Submitted: 2016-04-18 17:44 (UTC)
Last Updated: 2021-12-28 10:51 (UTC)

Dependencies (6)

Required by (0)

Sources (5)

Pinned Comments

torben commented on 2023-01-04 09:20 (UTC) (edited on 2023-01-04 09:20 (UTC) by torben)

Please be aware, that Ubiquity has discontinued support for Unifi-Video..

I will keep an eye on this package while I am still using it, but please understand that without support von Ubiquity there isn't much I can do in case of problems with the app itself.

Also, I strongly recommend no longer publishing Unifi-Video unprotected on the Web. Work under the assumption, that this application can be breached.

torben commented on 2021-12-18 16:55 (UTC) (edited on 2021-12-27 14:04 (UTC) by torben)

Version 3.10.13-2 mitigates the log4j JNDI vulnerability out of the box

Be aware, that unifi-video is affected by the recent log4j JNDI Lookup vulnerabilities. As Ubiquity is no longer maintaining this piece of software, we can't expect an update.

The best mitigation (removing the JNDI Lookup Ability in log4j) for unifi-video can be found here:

https://community.ui.com/questions/Mitigating-the-Java-Log4J-exploit-in-UniFi-Video-on-Debian-Ubuntu/c59621d2-3cbf-48aa-9780-76477e0b1d39#answer/06ed75d6-113c-4230-9d44-7394e4ba2542

Basically, it removes the corresponding lookup-class from log4j-core.jar via:

zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

I strongly recommend everybody to update either to 3.10.13-2 or to fix the log4j JAR file manually.

Latest Comments

1 2 3 4 5 Next › Last »

torben commented on 2023-01-04 09:20 (UTC) (edited on 2023-01-04 09:20 (UTC) by torben)

Please be aware, that Ubiquity has discontinued support for Unifi-Video..

I will keep an eye on this package while I am still using it, but please understand that without support von Ubiquity there isn't much I can do in case of problems with the app itself.

Also, I strongly recommend no longer publishing Unifi-Video unprotected on the Web. Work under the assumption, that this application can be breached.

torben commented on 2021-12-21 17:17 (UTC)

@fryfrog: Would be fine with me, just sent you a PM.

fryfrog commented on 2021-12-19 20:43 (UTC)

@torben, I think this is a great idea, but won't have time to work on it for a week or two. Would you be interested in co-maintainer and do it?

torben commented on 2021-12-18 16:55 (UTC) (edited on 2021-12-27 14:04 (UTC) by torben)

Version 3.10.13-2 mitigates the log4j JNDI vulnerability out of the box

Be aware, that unifi-video is affected by the recent log4j JNDI Lookup vulnerabilities. As Ubiquity is no longer maintaining this piece of software, we can't expect an update.

The best mitigation (removing the JNDI Lookup Ability in log4j) for unifi-video can be found here:

https://community.ui.com/questions/Mitigating-the-Java-Log4J-exploit-in-UniFi-Video-on-Debian-Ubuntu/c59621d2-3cbf-48aa-9780-76477e0b1d39#answer/06ed75d6-113c-4230-9d44-7394e4ba2542

Basically, it removes the corresponding lookup-class from log4j-core.jar via:

zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

I strongly recommend everybody to update either to 3.10.13-2 or to fix the log4j JAR file manually.

fryfrog commented on 2020-10-11 02:50 (UTC)

@pinjiz: Thanks for the report, I've added which to the depends and pushed it, but w/o a pkgrel bump. I'm looking at my Docker image which is what I actually use and that folder is actually a symlink to /var. Are you sure it should be a folder?

lrwxrwxrwx  1 unifi-video unifi-video 20 Jul 31 12:20 data -> /var/lib/unifi-video

pinjiz commented on 2020-10-10 21:46 (UTC)

This package now requires 'which' as it is no longer part of 'base'. Otherwise JAVA=$(readlink -e $(which java)) in /usr/bin/unifi-video will fail.

Additionally I had to create the directory /usr/lib/unifi-video/data/ manually.

mgb0 commented on 2018-10-06 05:55 (UTC) (edited on 2018-10-06 05:55 (UTC) by mgb0)

@fryfrog I just set this up and had to use @mohaine's script to get mongodb to start

Another issue I had was the missing /usr/lib/unifi-video/data directory. The unifi-video service wouldn't start until I manually created the data subdir and changed the ownership to unifi-video

fryfrog commented on 2018-02-07 04:54 (UTC) (edited on 2018-02-07 04:57 (UTC) by fryfrog)

@mohaine, what is trying to start mongodb w/ the --nohttpinterface option? Nothing shows up when I grep -ir -- "--nohttpinterface" the sources.

Edit: It must be something inside the java files. :/

sdkyuzo commented on 2018-02-07 04:24 (UTC)

Thanks mohaine for the fix. New to unifi-video, arch is my preferred distro. Couldn't get it running because of mongod startup errors, your script fixed the issue. Thanks for commenting on a fix for the rest of us to find and use!