If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
The initial setup process has been changed. Instead of a built-in multi-step wizard, UpSnap now directs you to create your first superuser account via the server console logs, which contain a one-time setup link generated by PocketBase.
Once you've created the superuser using that link, return to the UpSnap welcome page and click Done to continue.
Why this was necessary
In versions prior to 5.4.0, the setup wizard allowed anyone with network access to register the first superuser account if they reached the setup page before the legitimate administrator. This meant that on a publicly reachable instance, an attacker could take ownership of the application before the real admin had a chance to complete the setup.
By moving account creation out-of-band to the server console, only someone with access to the server logs (i.e. the administrator) can complete the initial setup.
Note
If you have sucessfully completed the initial setup in the past you are not affected.
UpSnap allows setting custom shell commands for waking and shutting down devices. These commands support {{ DEVICE_IP }} and {{ DEVICE_MAC }} placeholders, which are replaced with the device's actual IP and MAC values before being executed on the server.
In versions prior to 5.4.0, these values were only changed by removing spaces before being substituted into the shell command. An attacker with permission to edit a device could set a malicious IP or MAC field, for example:
When the device was woken or shut down, the injected commands would execute on the server with the same privileges as UpSnap itself.
What was fixed
Backend: Before substituting {{ DEVICE_IP }} and {{ DEVICE_MAC }} into any shell command, UpSnap additionally validates both values using Go's standard net.ParseIP and net.ParseMAC. If a value somehow reaches this point in an invalid state, the command is rejected and an error is returned instead of executing.
Database: A new migration adds regex constraints to the ip and mac fields in the PocketBase schema (^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$ for IP, ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ for MAC). Any write that bypasses the UI is rejected at the database level.
HTML input: The IP and MAC fields in the device form now have pattern attributes that enforce valid formats directly in the browser, preventing malformed values from being submitted in the first place.
Who is affected
Any instance where untrusted users had permission to create or edit devices. Users who are the sole administrator of their own instance and have not shared device-edit access are at lower risk.
If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.
Added
Added 58 new DNS provider integrations (see dns-update crate for details).
DNS updater: Log DNS record types and values.
Sieve: Allow User Sieve scripts to access orcpt.
MTA: Log when messages are rejected or discarded by the spam classifier.
Feature: [#24879] [Plugin] Add methods for showing and hiding gridlines.
Feature: [#26327] Add βguests entertainedβ statistic to entertainers.
Improved: [#26374] Add higher resolution app icons for Android.
Improved: [#26386] Initial window scale and toolbar options on fresh Android installations.
Change: [#26476] Limit creation of new station styles to prepare for more flexibility with ride stations and entrances.
Fix: [#25581] Chart drawing issue on some platforms due to compiler optimisation.
Fix: [#26019] Inverted and Inverted Flying Roller Coaster large half loops glitch with the train and donβt draw in tunnels at some angles (original bug).
Fix: [#26183] The ride stat graph placeholder text is not drawn in the expected position.
Fix: [#26287] Game crashes upon connect/disconnect of physical keyboard.
Fix: [#26299] Single Rail S-Bend sprites donβt fully connect to the next track piece at certain angles.
Fix: [#26352] Large scenery items are incorrectly labelled as βbannersβ in the tile inspector.
Fix: [#26352] The label for path additions is using the wrong text colour in the tile inspector.
Fix: [#26360] Inverted Lay-down Roller Coaster helices are invisible when loading old saves.
Fix: [#26396] [Plugin] Socket interfaces were not closing properly and firing up correctly in parallel.
Fix: [#26410] Tiles with water can draw incorrectly when there is something underwater and nothing above water.
Fix: [#26418] Game crashes when a stack overflow occurs in plugin code.
Fix: [#26419] Drop count & negative gβs stat requirements for Flying Roller Coaster donβt get nullified by having an inversion.
Fix: [#26421] Wrong scenery tab highlighted when more than 64 scenery groups are selected.
Fix: [#26425] Benches donβt reduce watching spots from 4 to 2 while other path additions do (should be reversed).
Fix: [#26432] Guests choose to head for rides they have already ridden if they donβt have a map.
Fix: [#26492] Drag tool shows per-tile error instead of total cost when running out of money midway through placement.
Fix: [#26510] Displayed air time overflows after 655.35 seconds instead of the internal maximum of 1966.05 seconds.
fix crash when stream is closing (bluenviron/gortsplib#1062) when ServerStream.Close() is called, stream readers might have their setuppedTransport set to nil, causing the server to crash. Prevent this.
fix race condition when tearing down connection (bluenviron/gortsplib#1063) ServerConn.session was not properly protected.
fix error 500 caused by in-stream params (bluenviron/gohlslib#355) (#5728) (#5745) PR bluenviron/gohlslib#344 caused a regression. Many codecs (AV1, H264, H265, VP9) use in-stream parameters, that were not taken into consideration anymore when generating init.mp4 and playlists. This has been solved.
support changing text overlay dynamically (#5270) (#5748)
Dependencies
code.cloudfoundry.org/bytefmt updated from v0.70.0 to v0.72.0
github.com/Masterminds/semver/v3 updated from v3.4.0 to v3.5.0
github.com/bluenviron/gohlslib/v2 updated from v2.3.1 to v2.3.2
github.com/bluenviron/gortmplib updated from v0.3.1 to v0.3.2
github.com/bluenviron/gortsplib/v5 updated from v5.5.2 to v5.5.3
github.com/datarhei/gosrt updated from v0.10.0 to v0.11.0
github.com/fsnotify/fsnotify updated from v1.10.0 to v1.10.1
github.com/go-git/go-billy/v5 updated from v5.8.0 to v5.9.0
github.com/go-git/go-git/v5 updated from v5.18.0 to v5.19.0
github.com/gookit/color updated from v1.6.0 to v1.6.1
github.com/matthewhartstonge/argon2 updated from v1.5.2 to v1.5.3
github.com/pion/rtp updated from v1.10.1 to v1.10.2
golang.org/x/crypto updated from v0.50.0 to v0.51.0
golang.org/x/net updated from v0.53.0 to v0.54.0
golang.org/x/sys updated from v0.43.0 to v0.44.0
golang.org/x/term updated from v0.42.0 to v0.43.0
github.com/cyphar/filepath-securejoin updated from v0.4.1 to v0.6.1
github.com/pjbgf/sha1cd updated from v0.3.2 to v0.6.0
golang.org/x/text updated from v0.36.0 to v0.37.0
github.com/bluenviron/mediamtx-rpicamera updated from v2.5.6 to v2.5.7
Security
Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.
Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Changelog
Bug fixes
7b8bcfa: fix: switch cron-parser to named import (CronExpressionParser) (#1737) (@codeanish)
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource records.
Linux kernel: CVE-2026-43284 ("Dirty Frag") β local privilege escalation via the IPsec ESP path. Only relevant on devices with kmod-ipsec / esp4/esp6 loaded. Fixed via the 6.12.87 kernel update.
ath79: Sitecom WLR-7100 (X7 AC1200): fix MAC address assignment, wire up 5 GHz WLAN LED, and move to the tiny target to free ~800 KiB of flash
ipq40xx: Pakedge WR-1: restore lost band label on the WLAN LEDs
mediatek: filogic: Cudy WR3000E/H/P/S v1 and WBR3000UAX v1 (ubootmod NAND builds): disable NMBM, which was mistakenly enabled and prevented the NAND from being used correctly
microchipsw: fix LAN8814 QSGMII soft reset
WiFi fixes and improvements
wifi-scripts: fix basic_rate mapping in the wpa_supplicant ucode generator
mac80211: update backports package to 6.18.26 (general stability improvements)
Core component updates
Linux kernel: update from 6.12.85 to 6.12.87
mac80211: update from 6.18.7 to 6.18.26
Upgrading to 25.12.4
Upgrading from 24.10 to 25.12 should be transparent on most devices, as most configuration data has either remained the same or will be translated correctly on first boot by the package init scripts.
For upgrades within the OpenWrt 25.12 stable series, Attended Sysupgrade is also supported, which allows preserving the installed packages.
Sysupgrade from 23.05 or earlier to 25.12 is not officially supported.
Cron log level was fixed in busybox. system.@system[0].cronloglevel should be set to 7 for normal logging. 7 is the default now. If this option is not set, the default is used and no manual action is needed. fc0c518
Bananapi BPI-R4: Interface eth1 was renamed to sfp-lan or lan4, and interface eth2 was renamed to sfp-wan to match the labels. You have to upgrade without saving the configuration. cd8dcfe
TP-Link RE355 v1, RE450 v1 and RE450 v2: The partition layout and block size changed in this release to fix configuration loss on sysupgrade. Users upgrading from OpenWrt 25.12.0 or earlier must use sysupgrade -F to force the upgrade. The image must not exceed 5.875 MB (6016 KiB).
Meraki MX60: Direct sysupgrade to 25.12.4 is not possible without manual preparation β meraki_loadaddr must be changed before upgrading, as the default value is insufficient to boot OpenWrt 25.12+. See the device wiki page for instructions.
Known issues
Zyxel EX5601-T0: the WAN interface was renamed from eth1 to wan β check and update your network configuration after upgrading.
Pixel 10 phones have problems connecting to WPA3-protected WiFi 6 APs. #21486
802.11r Fast Transition (FT) causes connection problems with some WiFi clients when WPA3 is used. #22200
SQM CAKE MQ (cake_mq): throughput may be unexpectedly low on some configurations after the scheduler fixes in this release. #22344
If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.
Added
is_ip_in_cidr expression function for CIDR matching.
Changed
Bump mail-auth to 0.9 (which bumps hickory-resolver to 0.26).
Deprecated RFC2136 SIG(0) support as it is no longer supported by hickory.
Fixed
JMAP:
Patching ids containing digits in JSON Pointers fails.
Patching nested objects with null values fails.
External directories:
SQL: Return Failed instead of Error when the query returns no results.
LDAP: Impersonation fails when the user has not logged in before.
Network: Attempt binding to IPv4 when binding to IPv6 fails with EAFNOSUPPORT error.
Bootstrap: Timeout after 30 seconds when probing the data store.
HTTP: Use permissive CORS headers for .well-known endpoints.
ACME:
Include apex domains when requesting certificates for subdomains.
Use the public suffix list to determine the zone name when no origin is provided.
MTA:
Allow rescheduling recipients with permanent failures.
Process reports using original RCPT before rewriting.
Autodiscover v2 endpoint unreachable.
DNS update (via dns-update crate):
OVH + Google Cloud DNS: Fix FQDN handling for MX and SRV records.
Route53: Fix changeset error resolution.
deSEC: Use empty subname for apex records instead of @, which the API rejects.
Cloudflare: Wrap TXT record content in double quotes (RFC 1035) to suppress dashboard warnings.
iCalendar/JSCalendar (via calcard crate):
Support STATUS:CANCELLED mapping from VTODO to JSCalendar.
UpSnap is, and always will be, free and open source software.
If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.
The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.
Major version: new installs default to auto adaptive colours (matching web based draw.io); upgrades preserve simple. Change via Extras β Configuration.
If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.
Added
Changed
Fixed
Live tracing in community and OSS versions.
Timezone changes from the AccountSettings object return invalidProperties.
mail-parser panic with certain messages containing corrupted attachments.
Pagination by anchor for queued messages, tasks and metrics.
Spam filter: Use original instead of rewritten RCPT on checks.
JMAP:
References in nested objects not resolved.
AddressBook/query fetches wrong resources.
Import tool fails to restore registry entries.
FDB: Allow multiple FoundationDB instances in the same process.
Autoconfig: Return %EMAILADDRESS% when no email address is provided.
Quota: Include Sieve scripts in quota recalculations.
Main changes between OpenWrt 25.12.2 and OpenWrt 25.12.3
Only the main changes are listed below. See the full changelog for details.
Security fixes
Linux kernel: fixes CVE-2026-31431 ("Copy Fail"). In earlier releases this only affected users on the starfive target and users who had installed kmod-crypto-user.
mbedtls: update to 3.6.6 (multiple CVE fixes)
OpenSSL: update to 3.5.6 (multiple CVE fixes)
wolfSSL: update to 5.9.1 (multiple CVE fixes)
Device support
New devices supported in 25.12.3:
mediatek: filogic: ASUS RT-AX52 PRO
mediatek: filogic: D-Link AQUILA PRO AI E30
mediatek: filogic: Huasifei WH3000 Pro (NAND variant)
qualcommax: ipq50xx: Xiaomi AX6000: enable PCIe1 for QCA9887
qualcommax: ipq807x: Linksys MX5300: add label MAC assignment
ramips: Yuncore CPE200: fix EEPROM size
ramips: mt7621: fix reset hang
ramips: Wavlink WL-WN575A3: fix EEPROM size for 5 GHz WiFi
ramips: Xiaomi Mi Router 4C: fix WAN LED GPIO (#18578)
WiFi fixes and improvements
wifi-scripts: fix incorrect erp_domain and fils_cache_id values generated by the ucode-based config script (#21768)
wifi-scripts: add missing bridge_isolate and network_vlan fields to the ucode schema (#22620)
wifi-scripts: add missing iface and other fields to the ucode station/vlan schema (#22165)
wifi-scripts: add EHT (WiFi 7) rates to set_fixed_freq
Networking and system fixes
mbedtls: backport upstream patches to fix TLS 1.2 client issues β fixes a regression that broke DDNS updates and other TLS 1.2 client connections; the regression was introduced in mbedtls package updates shipped after the 25.12.2 release (#22874)
base-files: sysupgrade: fix -u option (skip default configuration) which was broken with apk
base-files: sysupgrade: fix -f (custom backup) when the path contains spaces
base-files: sysupgrade: update backup exclusion list
base-files: use DISKSEQ instead of MAJOR/MINOR for stable disk identification (MAJOR/MINOR are not sequential)
lantiq: fix mtdparsers refcount and memory leak
uqmi / umbim: introduce devpath option for selecting cellular modems by USB device path
kernel: add kmod-vsock and kmod-vsock-virtio for VM guests (vsock communication)
Core component updates
Linux kernel: update from 6.12.74 to 6.12.85
ca-certificates: update from 20250419 to 20260223
linux-firmware: update from 20251125 to 20260221
mbedtls: update from 3.6.5 to 3.6.6 (security fixes)
OpenSSL: update from 3.5.5 to 3.5.6 (security fixes)
wireless-regdb: update from 2026.02.04 to 2026.03.18
wolfSSL: update from 5.8.4 to 5.9.1 (security fixes)
xdp-tools: update from 1.4.3 to 1.6.3
Upgrading to 25.12.3
Upgrading from 24.10 to 25.12 should be transparent on most devices, as most configuration data has either remained the same or will be translated correctly on first boot by the package init scripts.
For upgrades within the OpenWrt 25.12 stable series, Attended Sysupgrade is also supported, which allows preserving the installed packages.
Sysupgrade from 23.05 or earlier to 25.12 is not officially supported.
Cron log level was fixed in busybox. system.@system[0].cronloglevel should be set to 7 for normal logging. 7 is the default now. If this option is not set, the default is used and no manual action is needed. fc0c518
Bananapi BPI-R4: Interface eth1 was renamed to sfp-lan or lan4, and interface eth2 was renamed to sfp-wan to match the labels. You have to upgrade without saving the configuration. cd8dcfe
TP-Link RE355 v1, RE450 v1 and RE450 v2: The partition layout and block size changed in this release to fix configuration loss on sysupgrade. Users upgrading from OpenWrt 25.12.0 or earlier must use sysupgrade -F to force the upgrade. The image must not exceed 5.875 MB (6016 KiB).
Meraki MX60: Direct sysupgrade to 25.12.3 is not possible without manual preparation β meraki_loadaddr must be changed before upgrading, as the default value is insufficient to boot OpenWrt 25.12+. See the device wiki page for instructions.
Known issues
Zyxel EX5601-T0: the WAN interface was renamed from eth1 to wan β check and update your network configuration after upgrading.
Pixel 10 phones have problems connecting to WPA3-protected WiFi 6 APs. #21486
802.11r Fast Transition (FT) causes connection problems with some WiFi clients when WPA3 is used. #22200
SQM CAKE MQ (cake_mq): throughput may be unexpectedly low on some configurations after the scheduler fixes in this release. #22344
Non-VGA option ROM dispatch - CSMWrap now enumerates legacy x86 option ROMs from non-VGA PCI devices (NIC PXE ROMs, RAID/storage ROMs, etc.) and dispatches them through the CSM, mirroring what a real CSM would do.
$PIR table synthesis - A PCI BIOS Specification 2.1 $PIR table is now synthesized from ACPI _PRT/_PRS and handed to SeaBIOS so legacy OSes can get non-ACPI PCI IRQ routing.
Working APM shutdown and reboot - APM Set Power State (off/reboot) now trampolines through the helper core into UEFI's ResetSystem runtime service. Previously these calls were no-ops.
CPU visibility configuration - Three new csmwrap.ini options (system_thread, cpu_allowlist, cpu_blocklist) let you pin the BIOS proxy helper core to a specific APIC ID and hide arbitrary APs.
Auto-select GPU with working OpROM - When the primary GPU's option ROM can't be claimed (VGA arbitration fails, no legacy image, oversized ROM), CSMWrap now falls through to the next VGA-class device instead of giving up.
And more!
Bug Fixes
Many bug fixes and improvements across PCI, APIC/x2APIC/MP tables, AMD MTRR and PAM unlocking, AMD IOMMU teardown order, GOP/VGA arbitration, e820 generation, and more.
SeaBIOS
Many bug fixes and improvements across xHCI/EHCI/OHCI/UHCI, AHCI/NVMe/eMMC, and more.
If you are upgrading from v0.16.x, replace the binary (or run docker pull). If you are upgrading from v0.15.x and below, please read the upgrading documentation for more information on how to upgrade from previous versions.
Added
Changed
Replaced STALWART_HTTPS_PORT with STALWART_PUBLIC_URL.
App Passwords now begin with app_ instead of app to avoid issues with some clients that do not support spaces in passwords.
Fixed
Directory:
Invalidate caches when group memberships change on an external directory.
Updated the token field on the user detail page to require confirmation before regenerating or removing a token, and saved those changes immediately without requiring a page-level save. (#27108 by @LZylstra)
@directus/api
Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn)
Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)
@directus/env
Added opt-in must-revalidate and ETag headers for assets via ASSETS_CACHE_REVALIDATE env var (#27027 by @gaetansenn)
@directus/sdk
Added a force option to schema apply to bypass hash check (#27136 by @Nitwel)
π Bug Fixes & Optimizations
@directus/app
Fixed UI freeze when navigating items with WYSIWYG translations for non-admin users (#27154 by @gaetansenn)
Fixed selection not being cleared after running a manual flow from the collection list view sidebar (#27330 by @kropsi)
Fixed "Save as copy" in the file library throwing a 403 Forbidden error (#27181 by @sanskar-soni-9)
Fixed user token not being displayed after generation when collaboration is enabled (#27319 by @LZylstra)
Prevented filter popup being closed when reordering filters (#27324 by @HZooly)
Fixed icon flash in navigation sidebar for bookmarks without an icon (#27329 by @HZooly)
Migrated @directus/visual-editing into the monorepo (#27157 by @formfcw)
prevent code injection in case of MTX_QUERY in hooks (#5707) When MTX_QUERY is used explicitly in hooks, for instance "curl http://something/?$MTX_QUERY", it can be used to inject arbitrary commands. MTX_QUERY is now url-encoded to prevent any abuse regardless of the configuration.
use temporary redirects instead of permanent redirects (#5710) this prevents unwanted caching.
Merge request->controls instead of overwriting (bluenviron/mediamtx-rpicamera#97) libcamera 0.7.0 is more strict about changing controls; assignment is no longer allowed since raspberrypi/libcamera@310cd8b Instead, we use the merge call with overwrite.
Security
Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.
Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
track sessions (#962) (#5683) sessions are now tracked through cookies or query parameters. This provides the ability to inspect sessions through logs, metrics and API, allows more precise tracking of outbound bytes, decreases load on external HTTP authentication URLs since they are now called once per session and not once per request.
improve listener labels (#5635) add a label after every "listener opened on :XXX" message that mentions protocols of every listener.
dump unencrypted TLS sessions (#5624) when dumpPackets is true, embed TLS master keys into the dump, in a format which is natively compatible with Wireshark.
use "token" as query parameter key to pass tokens (#5647) the legacy "jwt" query parameter key is still supported.
deprecate authJWTInHTTPQuery and disable JWTs in query parameters (#5648) This fixes a long standing security flaw. Even though it's a breaking change, few users should be impacted since this feature has been discouraged for some time.
expose token passed as query parameter to HTTP authentication too (#5649) this allows to parse tokens coming from RTSP and RTMP without additional effort.
playback: return errors as JSON (#5656) this is aligned with all other HTTP-based services.
prevent out-of-memory errors (#5674) impose a maximum size on body of incoming HTTP requests and responses.
metrics: improve performance (#5663) use string.Builder instead of string concatenation
metrics: add labels to the output (#5687) group metrics under visible, distinct labels.
metrics: fix filtering by type=rtmp_conns and type=rtmps_conns (#5689)
metrics: add readerType attribute to the path_readers metric (#5690) this allows to filter path readers by type.
metrics: use an enum for parsing metrics type (#5692)
metrics: fix race condition when reloading configuration (#5693)
muxer: generate init segment once (bluenviron/gohlslib#344) Previously, the init segment was regenerated in case of codec parameter changes, but changing the init segment has been proved to cause video and audio discontinuities on iOS. Now the init file contains starting parameters only and never changes during the stream lifetime.
code.cloudfoundry.org/bytefmt updated from v0.67.0 to v0.69.0
github.com/alecthomas/kong updated from v1.14.0 to v1.15.0
github.com/bluenviron/gohlslib/v2 updated from v2.2.9 to v2.3.0
github.com/bluenviron/gortsplib/v5 updated from v5.5.1 to v5.5.2
github.com/go-git/go-git/v5 updated from v5.17.2 to v5.18.0
github.com/matthewhartstonge/argon2 updated from v1.4.6 to v1.5.2
github.com/pion/ice/v4 updated from v4.2.2 to v4.2.5
golang.org/x/crypto updated from v0.49.0 to v0.50.0
golang.org/x/sys updated from v0.42.0 to v0.43.0
golang.org/x/term updated from v0.41.0 to v0.42.0
github.com/pion/stun/v3 updated from v3.1.1 to v3.1.2
github.com/pion/turn/v4 removed
golang.org/x/net updated from v0.52.0 to v0.53.0
golang.org/x/text updated from v0.35.0 to v0.36.0
golang.org/x/time updated from v0.12.0 to v0.14.0
github.com/pion/turn/v5 v5.0.3 added
hls.js updated from v1.6.15 to v1.6.16
Security
Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.
Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
prevent directory traversal attacks (#5602) Path names are used as part of paths in several components: in the recorder, in the playback server and in every HTTP-based component (WebRTC, HLS, API). Special characters that allow to escape from the intended directory are now forbidden in order to prevent directory traversal attacks.
fix random absolute timestamps with Opus, G711 and LPCM (#5597) When rewriting audio RTP timestamps in WebRTC egress, NTP was derived using regenerated packet timestamps minus the incoming RTP base timestamp. That mixed timestamp domains and could shift absolute time by an arbitrary offset while still exposing mapping as available. Fix by using a consistent outgoing RTP domain in rewritten audio paths
strip TWCC extension of incoming RTP packets (#5146) (#5605) The TWCC extension is used as part of the WebRTC congestion control algorithm placed between the publisher and the server. If this extension is routed untouched from the server to readers, it messes with the congestion control algorithm present between the server and each reader. Remove it.
RPI Camera
restore Docker compatibility with armv6 devices (#5590) (#5595)
github.com/bluenviron/gortmplib updated from v0.3.0 to v0.3.1
github.com/bluenviron/gortsplib/v5 updated from v5.5.0 to v5.5.1
github.com/gin-contrib/pprof updated from v1.5.3 to v1.5.4
github.com/go-git/go-git/v5 updated from v5.17.0 to v5.17.2
github.com/pion/ice/v4 updated from v4.2.1 to v4.2.2
github.com/pion/webrtc/v4 updated from v4.2.9 to v4.2.11
github.com/pion/sctp updated from v1.9.2 to v1.9.4
github.com/bluenviron/mediamtx-rpicamera updated from v2.5.4 to v2.5.5
Security
Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.
Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
support publishing multiple video/audio renditions (#5573) this allows to receive multiple video tracks from OBS Studio with the new WebRTC Simulcast feature introduced in v32.1.0.
add RTSP reported lost packets (#5198) (#5579) The new outboundRtpPacketsReportedLost property allows to track RTP packets that have been reported lost by readers. Furthermore, stats now have a "inbound" or "outbound" prefix to improve readability.
avoid buffering HTTP response body in loggerWriter (#5552) loggerWriter was shadow-copying every response byte into a bytes.Buffer to report the body size, causing the entire response to be accumulated in memory for the lifetime of each request. Replace the buffer with a plain int counter since dump() only ever reported the byte count anyway.
optionally validate JWT iss and aud claims (#5569)
allocate a rtp sender for each server session (bluenviron/gortsplib#1021) this produces more realistic statistics and in the future will allow to implement per-session statistics and packet retransmission.
fix panic with WHIP POST authentication failures (#5566)
Dependencies
code.cloudfoundry.org/bytefmt updated from v0.64.0 to v0.67.0
github.com/abema/go-mp4 updated from v1.4.1 to v1.5.0
github.com/bluenviron/gohlslib/v2 updated from v2.2.8 to v2.2.9
github.com/bluenviron/gortsplib/v5 updated from v5.4.0 to v5.5.0
github.com/bluenviron/mediacommon/v2 updated from v2.8.2 to v2.8.3
golang.org/x/crypto updated from v0.48.0 to v0.49.0
golang.org/x/sys updated from v0.41.0 to v0.42.0
golang.org/x/term updated from v0.40.0 to v0.41.0
golang.org/x/net updated from v0.51.0 to v0.52.0
golang.org/x/text updated from v0.34.0 to v0.35.0
Security
Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.
Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
fix panic when setting writeQueueSize to zero (#5360) (#5527)
prevent using alwaysAvailableFile and alwaysAvailableTracks together (#5529)
improve playback precision of alwaysAvailable offline segment (#5530)
fix MPEG-4 audio configuration not matching error (#5468) (#5533) This happened when using alwaysAvailableFile and a MPEG-4 audio track.
fix corrupted video with alwaysAvailableFile (#5534) when alwaysAvailableFile points to a file with a H265 or H264 track, server is started, an online stream is published and then closed, video was getting corrupted since the online video was overriding the parameters of the offline video.
fix audio from alwaysAvailableFile not being streamed (#5535)
fix alwaysAvailableFile restarting when a publisher fails (#5536) when a publisher try to start an online stream and there's an error, alwaysAvailableFile restarted without any reason.
revert to Go 1.25 (#5521) (#5538) It seems like Go 1.26 is causing segmentation faults, related to channels, on Windows.
inherit MPEG-4 audio type from alwaysAvailableFile (#5539)
mpegts: properly compute PTS of async KLV frames (bluenviron/mediacommon#291) (bluenviron/mediacommon#311) Store last valid PTS as soon as possible, by parsing PES headers in advance, then use this PTS as timestamp of KLV frames without PTS.
support X-Forwarded-Proto in playback server (#4970) (#5445) allow reverse proxies to change the schema of URLs returned by the server through the X-Forwarded-Proto header.
make config file YAML 1.2 compliant (#5345) (#5456)
replace YAML parser (#5461) switch from the unmaintained gopkg.in/yaml to goccy/go-yaml
deprecate unix+rtp (#5318) (#4999) (#5351) (#5470) Unix socket are stream-based connections, while RTP requires packet-based connections. While packet-based Unix sockets exist (unixgram), no client supports them. Consequently we are forced to deprecate unix+rtp.
fix codec parameters not being loaded from alwaysAvailableFile (#5484)
suggest using JWTs in query parameters for RTSP and RTMP (#5267) (#5493) In case of RTSP and RTMP, JWTs cannot be used as passwords since there's a size limit. Therefore, documentation is updated to suggest passing JWT through query parameters, and authJWTInHTTPQuery is updated to act on HTTP requests only.
fix error 400 with parallel describe and publish requests (#5095) (#5502) When a path is dynamic, and the path receives multiple describe and publish requests in parallel, describe requests might cause the path to be deleted, and this might cause pending publish requests to fail, since the path has been deleted. This patch improves the situation by checking for pending requests before deleting a path.
add integrated packet dumper (#5488) this allows to dump any incoming and outgoing packet, to disk, in pcapng format.
log packet sizes if UDPMaxPayloadSize is exceeded (#4668)
improve video/audio sync of alwaysAvailable (#5443) (#5508) store elapsed time once for the entire stream and start PTS of sub streams from there.
add conns to RTSP Sessions (#5454) this allows to find connections associated with a RTSP session.
RTMP
prevent legacy clients from reading multiple video/audio tracks (#5478)
fix marshaling H264 VideoExCodedFrames (#4996) (bluenviron/gortmplib#46) These messages were marshaled wrongly, causing errors when trying to read H264 tracks with an ID >= 1.
fix typo in error message ('alwaysAvailableVideo' -> 'alwaysAvailableFile') (#5417)
emit structured logs with nanosecond precision (#4924) (#5404)
set default udpMaxPayloadSize to an IPv6 compatible value (#4882) (#5402) When using IPv6, there are 20 bytes less available for UDP payload, which has been adjusted accordingly.
add additional checks on always-available streams (#5408) make sure that published streams match MPEG-4 audio, G711 and LPCM parameters declared in configuration or used by the offline file.
add always available streams (#5335) When the publisher or source of a stream is offline, the server can be configured to fill gaps in the stream with a video that is played on repeat until a publisher comes back online. This allows readers to stay connected regardless of the state of the stream. The offline video and any future online stream are concatenated without decoding or re-encoding packets, using the original codec.
API
add available, availableTime, online, onlineTime properties (#5391) these replace ready and readyTime and allow to monitor the new "always-available" feature.
use the same filtering process for every codec (#5324) this allows to apply features that were previously implemented for single codecs (like RTP packet resizing), to any codec, and simplifies future development.
fix overriding default user with environment variables (#5371) MTX_AUTHINTERNALUSERS_0_USER and MTX_AUTHINTERNALUSERS_0_PASS are now working even when the configuration file is present.
prevent setting empty usernames with environment variables (#5373)
fix panic with environment variables (#5374) this happened when loading deprecated slices of structs with environment variables.
prevent setting slices to null (#5375) In Golang, slices can be set to nil, while in most other languages they cannot. This causes compatibility issues, especially because the OpenAPI definition of the API does not allow slices to be nil. This prevents slices from being set to nil through JSON/YAML, and also sets default slices to an empty list instead of nil.
Update hlsEncryption documentation on Low-Latency HLS requirements (#5379)
fix race condition when closing HTTP servers (#5390) when a HTTP server is closed, open connections are now immediately closed and open routines are waited before the server is considered closed.
deprecate fallback (#5388) The fallback feature worked with RTSP only and did not allow readers to resume the original stream. It has been replaced by alwaysAvailable.
fix playback starting point for VOD streams without EXT-X-PLAYLIST-TYPE (bluenviron/gohlslib#308)
client: return every unit before an error (bluenviron/gohlslib#314) In case of an error, downloaded unit that were not processed yet were discarded. Now they are returned before the client exits.
set syslog priority and do not write level and date to syslog (#4923) (#5296) When writing log entries to syslog, pass the level (WARN, INFO, etc) directly to syslog. Avoid writing level and date. This provides a better integration and allows to use syslog search tools.
fix medias wrongly marked as back channels (#5074) (bluenviron/gortsplib#970) Some cameras mark medias as back channels even though they are not. Try to detect this by checking whether in full the SDP there are both back channels and standard channels, unmarking back channels otherwise.
when there are back channels, add recvonly attribute to standard channels (bluenviron/gortsplib#971)
SRT
fix broken connections in case of high latency (#3756) (#5282) When listening and accepting an incoming connection request, the response might be received by the peer with some delay due to latency. This causes the peer to send a second connection request, that is not detected as duplicate because the first connection request has already been removed from the map that is used to check for duplicates (connReqs), so it is treated as a brand new connection request, breaking the first connection. This patch fixes the issue by introducing another map (connByPeer) that is used to check whether a connection request is associated to an already-accepted connection.
Dependencies
code.cloudfoundry.org/bytefmt updated from v0.58.0 to v0.59.0
github.com/bluenviron/gortmplib updated from v0.1.2 to v0.2.0
github.com/bluenviron/gortsplib/v5 updated from v5.2.1 to v5.2.2
github.com/bluenviron/mediacommon/v2 updated from v2.5.3 to v2.6.0
github.com/matthewhartstonge/argon2 updated from v1.4.3 to v1.4.4
github.com/pion/ice/v4 updated from v4.0.13 to v4.1.0
github.com/pion/rtp updated from v1.8.26 to v1.9.0
github.com/pion/sdp/v3 updated from v3.0.16 to v3.0.17
github.com/pion/webrtc/v4 updated from v4.1.7 to v4.2.1
golang.org/x/crypto updated from v0.45.0 to v0.46.0
golang.org/x/sys updated from v0.38.0 to v0.39.0
golang.org/x/term updated from v0.37.0 to v0.38.0
github.com/pion/dtls/v3 updated from v3.0.8 to v3.0.9
github.com/pion/sctp updated from v1.8.41 to v1.9.0
github.com/pion/stun/v3 updated from v3.0.1 to v3.0.2
github.com/quic-go/qpack updated from v0.5.1 to v0.6.0
github.com/quic-go/quic-go updated from v0.54.1 to v0.57.0
go.uber.org/mock removed
golang.org/x/mod removed
golang.org/x/net updated from v0.47.0 to v0.48.0
golang.org/x/sync removed
golang.org/x/text updated from v0.31.0 to v0.32.0
golang.org/x/time updated from v0.9.0 to v0.12.0
golang.org/x/tools removed
Security
Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.
You can verify that binaries have been produced by the workflow by using GitHub Attestations:
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
You can verify checksums of binaries by downloading checksums.sha256 and running:
apidocs: fix compatibility with OpenAPI 3.0 (#5210) double-precision numbers are now represented as double.
playback: support concatenating segments with long gaps (#5172) Thanks to the new mtxi MP4 box, it's possible to check whether two segments are consecutive without involving dates or timestamps. When the new mtxi box is present in both segments, do not check if the end of the first segment corresponds to the start of the second segment.
recorder: reset when absolute time drifts from stream time (#4778) (#5239) the server now detects when system time changes too much and restarts recordings when that happens.
playback: fix crash (#5240) (#5250) when requesting a recording with the mp4 format, if there are two tracks and the second track has no samples, the server crashed. This fixes the issue.
fix panic when changing log file to a nonexisting directory (#5132) (#5249)
h264: increase MaxNALUsPerAccessUnit (bluenviron/mediacommon#262) Some parrot drones use slice-encoding with 45 independent slices, resulting in frames consisting of 48 NALUs.
always reply with JSON in case of success or failure (#5252) Reply with "status": "ok" in case of success, and with "status": "error" in case of error. This makes the API more accessible and user friendly.
RTSP
fix crash when setupping tracks between stream changes (#5253) (#5257)
Log in
