| Version | Change log |
| Blue Iris 6.0.4.2 Mar 9, 2026 |
Fixed: The viewer’s Find function was not properly advancing to the next clip Plates and unknown faces will be saved immediately following AI alert confirmation when not also using object tracking; this was previously delayed. Changed: The viewer’s Testing & Tuning ??' Analyze with AI feature now utilizes the AI object tracker for display instead of the raw objects. The full analysis detail is still part of the AI inspector on the Status window when that’s open. This has the benefit of determining static vs moving objects as well as relevant transition states. The ONNX Runtime DLL was updated from version 1.23.0 to version 1.24.3. Added: An option on the viewer’s Find window to “Ignore static and non-moving objects using object tracking” The viewer’s Find function will also save plates and unknown faces as they are encountered according to camera AI settings |
| Blue Iris 6.0.4.1 Mar 6, 2026 |
Fixed: The highest confidence license plate was not always being added to Settings/AI/Plates properly Changed: The object tracker will move objects from the “New” state to the “Moving” state more quickly if the position is changing The “Ignore static objects” option for AI alert confirmation is now “ignore static and non-moving objects” which essentially now also ignores “new” objects. This helps to eliminate false positives for static objects that temporarily “disappear” The “require motion” option for AI alert confirmation has been relabeled as "Triggers” for readability with essentially the same functionality at this time. It’s all triggers, or only motion sensor triggers, but additional options may be added as use-cases are presented |
| Blue Iris 6.0.3.8 Mar 3, 2026 |
Fixed: Missing cameras on the make/models list bug Changed: Further smoothing out of recent webserver security features. Most will no longer apply to LAN connections. Host and User-Agent checks can be eliminated by blanking out those fields in Settings/Web server. Further ban-immunity can be achieved by specifically adding an IP to the Settings/Web server/Advanced list with either the ^ or = directive. |
| Blue Iris 6.0.3.7 Mar 3, 2026 |
Fixed: Missing cameras on the make/models list bug Changed: Further smoothing out of recent webserver security features. Most will no longer Apply to LAN connections. Host and User-Agent checks can be eliminated by Blanking out those fields in Settings/Web server. Further ban-immunity can be Achieved by specifically adding an IP to the Settings/Web server/Advanced list with Either the ^ or = directive. |
| Blue Iris 6.0.3.5 Mar 2, 2026 |
Fixed: Missing cameras on the make/models list bug Changed: Further smoothing out of recent webserver security features. Most will no longer Apply to LAN connections. Host and User-Agent checks can be eliminated by Blanking out those fields in Settings/Web server. Further ban-immunity can be Achieved by specifically adding an IP to the Settings/Web server/Advanced list with Either the ^ or = directive. |
| Blue Iris 6.0.3.4 Feb 28, 2026 |
Fixed: User-Agent and Host HTTP parameters once again are case-insensitive Changed: IP addresses banned because of new security measures now extend only for the lifetime of the executable without the possibly to thaw. Adding each to the permanent IP ban list could cause this list to grow excessively. Banned IP addresses without the possibility to thaw no longer receive the HTTP 403 response; connections are simply closed/ignored. Host and User-Agent requirements will only be enforced on non-LAN requests Effort made to log banning just once, while updating the connection count on the Status/Connections page |
| Blue Iris 6.0.3.3 Feb 27, 2026 |
Fixed: User-Agent and Host HTTP parameters once again are case-insensitive Changed: IP addresses banned because of new security measures now extend only for the lifetime of the executable without the possibly to thaw. Adding each to the permanent IP ban list could cause this list to grow excessively. Banned IP addresses without the possibility to thaw no longer receive the HTTP 403 response; connections are simply closed/ignored. Host and User-Agent requirements will only be enforced on non-LAN requests Effort made to log banning just once, while updating the connection count on the Status/Connections page |
| Blue Iris 6.0.3.2 Feb 26, 2026 |
Fixed: A bizarre bug that caused the camera “Main stream when solo/Fullscreen” option to be toggled when toggling the “zoom-in to objects” option on AI alert confirmation. The JSON parser regarding use of integers beyond 31-bits, affecting the WILDLIFE flag in the database (1LU<<31) when communicating to UI3 Remote maintenance requests used the User-Agent: Blue Iris, which did not meet the minimum 10 character length now imposed; minimum changed to 9. Changed: Authenticated requests to the webserver root / now automatically serve the ui3.htm page without redirection The default bad user-agent list to exclude “python” and other agents that may be required for local HA Banned IP addresses because of new security measures are now considered permanent bans and will appear on Settings/Web server/Advanced Added: Logging of all banned IP addresses because of new security measures A “bad URL” internal list that currently includes: .env, /geoserver, /wp-, /cgi-bin, forcing permanent banning Before accepting a TLS/HTTPS connection, the hostname provided via TLS server-name-indication is examined against the allowed host list before completing the TLS handshake. |
| Blue Iris 6.0.3.1 Feb 26, 2026 |
Fixed: Object tracking for license plates not part of a vehicle object Added: A Host/s field to Settings/AI for remote access. If you use a host name for your server, the HTTP Host request parameter must match a specified host name in this field (comma separated). This adds another layer of security by denying any response to bots and other intruders that do not specify a correct host name. Validation around the HTTP Host and User-agent parameters. They must be present and be of proper length. A ban user-agent field to the Settings/Web server/Advanced page. This is a case-insensitive sub-string match. If found, the connecting is closed and banned. Changed: As an additional security enhancement, unauthenticated server requests to / will no longer be redirected to login.htm, the page will simply be served immediately. |
| Blue Iris 6.0.3.0 Feb 26, 2026 |
Fixed: Object tracking for license plates not part of a vehicle object Added: A Host/s field to Settings/AI for remote access. If you use a host name for your server, the HTTP Host request parameter must match a specified host name in this field (comma separated). This adds another layer of security by denying any response to bots and other intruders that do not specify a correct host name. Validation around the HTTP Host and User-agent parameters. They must be present and be of proper length. A ban user-agent field to the Settings/Web server/Advanced page. This is a case-insensitive sub-string match. If found, the connecting is closed and banned. Changed: As an additional security enhancement, unauthenticated server requests to / will no longer be redirected to login.htm, the page will simply be served immediately. |
