v1.19.1

Fixes and improvements

General

• support using regexp groups in every part of a source URL (#5766) (#5779)
• improve anti-brute force mechanism (#5835) delay authentication failure responses by a random amount of time, use the same anti-brute force mechanism with all users.
• limit size of HTTP requests shown in debug logs (#5858)
• print body of selected HTTP responses when log level is debug (#5859)

Media-over-QUIC

• fix race condition when closing server (#5836) some sessions were hanging if they were concurrently being closed by the remote peer.
• rename moqHTTPS2Address into moqHTTP2Address, moqHTTPS3Address into moqHTTP3Address (#5841)

RTSP

• support PROXY protocol (#5754) Support PROXY protocol v1/v2 on RTMP, RTMPS, RTSP, and RTSPS TCP listeners so real client IPs are visible when running behind L4 proxies (nginx stream, HAProxy, AWS NLB).
• restore support for H264 packetization-mode 0 (#5846) (#5857) H264 streams with packetization-mode=0 cannot be routed with UDP since packets are too big. Inbound streams with packetization-mode=0 are blocked by the server since v1.19.0 but this caused compatibility issues with some cameras. The server is now able to receive such streams with TCP, and automatically remuxes them in streams with packetization-mode=1, which can be routed freely.

RTMP

• support PROXY protocol (#5754) Support PROXY protocol v1/v2 on RTMP, RTMPS, RTSP, and RTSPS TCP listeners so real client IPs are visible when running behind L4 proxies (nginx stream, HAProxy, AWS NLB).

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.74.0 to v0.76.0
• github.com/bluenviron/gortsplib/v5 updated from v5.5.4 to v5.6.0
• github.com/pion/ice/v4 updated from v4.2.7 to v4.2.8-0.20260604162030-72f5001c4596
• github.com/pion/webrtc/v4 updated from v4.2.14 to v4.2.15
• github.com/quic-go/quic-go updated from v0.59.0 to v0.60.0
• golang.org/x/crypto updated from v0.52.0 to v0.53.0
• golang.org/x/net updated from v0.55.0 to v0.56.0
• golang.org/x/sync updated from v0.20.0 to v0.21.0
• golang.org/x/sys updated from v0.45.0 to v0.46.0
• golang.org/x/term updated from v0.43.0 to v0.44.0
• github.com/pion/dtls/v3 updated from v3.1.3 to v3.1.4
• github.com/pion/stun/v3 updated from v3.1.4 to v3.1.5
• github.com/pion/turn/v5 updated from v5.0.7 to v5.0.9
• golang.org/x/text updated from v0.37.0 to v0.38.0
• github.com/pires/go-proxyproto v0.12.0 added

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.19.0

New major features

Media-over-QUIC

• support reading and publishing with Media-over-QUIC (#5815) Media-over-QUIC is a streaming protocol built upon cutting edge protocols (QUIC, HTTP3) and browser APIs (WebTransport, WebCodecs). It's slightly faster than WebRTC, has an advanced data recovery mechanism, it supports additional codecs (FLAC) and is less complicated to route. Check the documentation for instructions and details.

RTMP

• support reading and writing FLAC (#5778) (#5789)

HLS

• support reading and publishing FLAC (#5778) (#5791)

Fixes and improvements

General

• Add user agent field to RTMP, RTSP, WebRTC, and HLS (#5753)
• add --check-version command line flag (#5786) this allows to check whether a new version is available without upgrading.
• use file name suffix for OS-specific code wherever possible (#5787)
• fix two hot reloading cases (#5817) * reload SRT server when metrics server is reloaded * reload API server when RTMPS server is reloaded

RTSP

• client: trigger TCP timeout only if nothing is received (bluenviron/gortsplib#1002) (bluenviron/gortsplib#968) (bluenviron/gortsplib#1067) Previously, a data packet was required, now a keepalive response from the server is enough.
• sdp: support non-standard 'meta' media type (bluenviron/gortsplib#1068)
• forbid H264 packetization mode zero (bluenviron/gortsplib#1072) Packetization mode zero requires allowing inefficient and brittle fragmented UDP packets, which we are not.

RTMP

• client: add FLAC fourCC (bluenviron/gortmplib#73)
• do not exit in case of undocumented Flash control messages (#5512) (bluenviron/gortmplib#75)

HLS

• remove redundant JavaScript argument (#5806)
• muxer: fix race condition when generating playlist (bluenviron/gohlslib#359) (bluenviron/gohlslib#360) Max age of playlist depends on segments, so it needs to be covered by the segment mutex.
• muxer: use coherent version in all playlists (#5781) (bluenviron/gohlslib#363)

WebRTC

• make JavaScript internal variables private (#5804)
• fix connectivity after network changes (#5097) (#5818)

RPI Camera

• use timestamp of frame in text overlay (#2733) (bluenviron/mediamtx-rpicamera#103)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.72.0 to v0.74.0
• github.com/abema/go-mp4 updated from v1.5.0 to v1.6.0
• github.com/bluenviron/gohlslib/v2 updated from v2.3.2 to v2.4.0
• github.com/bluenviron/gortmplib updated from v0.3.2 to v0.4.0
• github.com/bluenviron/gortsplib/v5 updated from v5.5.3 to v5.5.4
• github.com/bluenviron/mediacommon/v2 updated from v2.8.3 to v2.9.0
• github.com/go-git/go-git/v5 updated from v5.19.0 to v5.19.1
• github.com/matthewhartstonge/argon2 updated from v1.5.3 to v1.5.4
• github.com/pion/ice/v4 updated from v4.2.5 to v4.2.7
• github.com/pion/transport/v4 updated from v4.0.1 to v4.0.2
• github.com/pion/webrtc/v4 updated from v4.2.12 to v4.2.14
• golang.org/x/crypto updated from v0.51.0 to v0.52.0
• golang.org/x/net updated from v0.54.0 to v0.55.0
• golang.org/x/sys updated from v0.44.0 to v0.45.0
• github.com/pion/dtls/v3 updated from v3.1.2 to v3.1.3
• github.com/pion/sctp updated from v1.9.5 to v1.10.0
• github.com/pion/srtp/v3 updated from v3.0.10 to v3.0.11
• github.com/pion/stun/v3 updated from v3.1.2 to v3.1.4
• github.com/pion/turn/v5 updated from v5.0.3 to v5.0.7
• github.com/quic-go/webtransport-go v0.10.0 added
• golang.org/x/sync v0.20.0 added
• github.com/dunglas/httpsfv v1.1.0 added
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.7 to v2.6.0

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.18.2

Fixes and improvements

RTSP

• fix compatibility with Verint.Vms.MediaGateway (#5292) (bluenviron/gortsplib#1061)
• fix crash when stream is closing (bluenviron/gortsplib#1062) when ServerStream.Close() is called, stream readers might have their setuppedTransport set to nil, causing the server to crash. Prevent this.
• fix race condition when tearing down connection (bluenviron/gortsplib#1063) ServerConn.session was not properly protected.
• fix leak in case of failure during multicast initialization (bluenviron/gortsplib#1064)

RTMP

• prevent nil / unconfigured tracks from appearing (bluenviron/gortmplib#66) (#5724) (#5729)

HLS

• fix error 500 caused by in-stream params (bluenviron/gohlslib#355) (#5728) (#5745) PR bluenviron/gohlslib#344 caused a regression. Many codecs (AV1, H264, H265, VP9) use in-stream parameters, that were not taken into consideration anymore when generating init.mp4 and playlists. This has been solved.

WebRTC

• fix checking POST responses (#5758)
• support interacting with servers with no trickle ICE (#5273) (#5757)
• support WHIP ICE restarts (https://github.com/bluenviron/mediamtx/issues/5183) (#5770)

RPI Camera

• support changing text overlay dynamically (#5270) (#5748)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.70.0 to v0.72.0
• github.com/Masterminds/semver/v3 updated from v3.4.0 to v3.5.0
• github.com/bluenviron/gohlslib/v2 updated from v2.3.1 to v2.3.2
• github.com/bluenviron/gortmplib updated from v0.3.1 to v0.3.2
• github.com/bluenviron/gortsplib/v5 updated from v5.5.2 to v5.5.3
• github.com/datarhei/gosrt updated from v0.10.0 to v0.11.0
• github.com/fsnotify/fsnotify updated from v1.10.0 to v1.10.1
• github.com/go-git/go-billy/v5 updated from v5.8.0 to v5.9.0
• github.com/go-git/go-git/v5 updated from v5.18.0 to v5.19.0
• github.com/gookit/color updated from v1.6.0 to v1.6.1
• github.com/matthewhartstonge/argon2 updated from v1.5.2 to v1.5.3
• github.com/pion/rtp updated from v1.10.1 to v1.10.2
• golang.org/x/crypto updated from v0.50.0 to v0.51.0
• golang.org/x/net updated from v0.53.0 to v0.54.0
• golang.org/x/sys updated from v0.43.0 to v0.44.0
• golang.org/x/term updated from v0.42.0 to v0.43.0
• github.com/cyphar/filepath-securejoin updated from v0.4.1 to v0.6.1
• github.com/pjbgf/sha1cd updated from v0.3.2 to v0.6.0
• golang.org/x/text updated from v0.36.0 to v0.37.0
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.6 to v2.5.7

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.18.1

Fixes and improvements

General

• prevent code injection in case of MTX_QUERY in hooks (#5707) When MTX_QUERY is used explicitly in hooks, for instance "curl http://something/?$MTX_QUERY", it can be used to inject arbitrary commands. MTX_QUERY is now url-encoded to prevent any abuse regardless of the configuration.
• use temporary redirects instead of permanent redirects (#5710) this prevents unwanted caching.

HLS

• prevent open redirect attacks (#5708)
• support reading and writing KLV (#5604)
• add hlsCDNSecret (#5716) this allows to serve HLS streams behind a CDN in a simplified way, compatible with the new HLS session system.
• add public attribute to cache-control header (bluenviron/gohlslib#349)
• allow caching non-low-latency playlists (bluenviron/gohlslib#350)

WebRTC

• prevent open redirect attacks (#5708)

RPI Camera

• Merge request->controls instead of overwriting (bluenviron/mediamtx-rpicamera#97) libcamera 0.7.0 is more strict about changing controls; assignment is no longer allowed since raspberrypi/libcamera@310cd8b Instead, we use the merge call with overwrite.

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.18.0

New major features

HLS

• track sessions (#962) (#5683) sessions are now tracked through cookies or query parameters. This provides the ability to inspect sessions through logs, metrics and API, allows more precise tracking of outbound bytes, decreases load on external HTTP authentication URLs since they are now called once per session and not once per request.
• support serving streams with a CDN (#5696)

Fixes and improvements

General

• improve listener labels (#5635) add a label after every "listener opened on :XXX" message that mentions protocols of every listener.
• dump unencrypted TLS sessions (#5624) when dumpPackets is true, embed TLS master keys into the dump, in a format which is natively compatible with Wireshark.
• use "token" as query parameter key to pass tokens (#5647) the legacy "jwt" query parameter key is still supported.
• deprecate authJWTInHTTPQuery and disable JWTs in query parameters (#5648) This fixes a long standing security flaw. Even though it's a breaking change, few users should be impacted since this feature has been discouraged for some time.
• expose token passed as query parameter to HTTP authentication too (#5649) this allows to parse tokens coming from RTSP and RTMP without additional effort.
• playback: return errors as JSON (#5656) this is aligned with all other HTTP-based services.
• prevent out-of-memory errors (#5674) impose a maximum size on body of incoming HTTP requests and responses.
• metrics: improve performance (#5663) use string.Builder instead of string concatenation
• metrics: add labels to the output (#5687) group metrics under visible, distinct labels.
• metrics: fix filtering by type=rtmp_conns and type=rtmps_conns (#5689)
• metrics: add readerType attribute to the path_readers metric (#5690) this allows to filter path readers by type.
• metrics: use an enum for parsing metrics type (#5692)
• metrics: fix race condition when reloading configuration (#5693)
• docs: add scaling page (#5695)

API

• sort path readers (#5691)

RTSP

• client: fix RTSP-over-HTTP tunnel request target (bluenviron/gortsplib#1041)
• client: support Axis SRTP variant (bluenviron/gortsplib#1033)
• improve SDP parser compatibility with malformed connection information (bluenviron/gortsplib#1025)
• support parsing responses with no status message (bluenviron/gortsplib#1043) (bluenviron/gortsplib#1050)
• client: don't block RTSP-over-HTTP tunnel startup on POST response (bluenviron/gortsplib#1047)

HLS

• return JSON with error message in case path conf is not available (#5655) this behavior is aligned with WebRTC one.
• improve muxer performance (#5660) use a mutex instead of a channel to get current instance.
• fix running linter when there are unstaged git changes (bluenviron/gohlslib#336)
• client: use redirected URL when reloading playlist (bluenviron/gohlslib#340) this allows to store and use tokens and signed URLs.
• client: support reading KLV (bluenviron/gohlslib#337)
• prevent out-of-memory errors (bluenviron/gohlslib#343)
• muxer: generate init segment once (bluenviron/gohlslib#344) Previously, the init segment was regenerated in case of codec parameter changes, but changing the init segment has been proved to cause video and audio discontinuities on iOS. Now the init file contains starting parameters only and never changes during the stream lifetime.
• client: increase size limit of segments and parts (bluenviron/gohlslib#345)
• return a custom error when body size limit is exceeded (bluenviron/gohlslib#346)
• muxer: store non-low-latency playlists and init files on disk (bluenviron/gohlslib#348)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.67.0 to v0.69.0
• github.com/alecthomas/kong updated from v1.14.0 to v1.15.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.9 to v2.3.0
• github.com/bluenviron/gortsplib/v5 updated from v5.5.1 to v5.5.2
• github.com/go-git/go-git/v5 updated from v5.17.2 to v5.18.0
• github.com/matthewhartstonge/argon2 updated from v1.4.6 to v1.5.2
• github.com/pion/ice/v4 updated from v4.2.2 to v4.2.5
• golang.org/x/crypto updated from v0.49.0 to v0.50.0
• golang.org/x/sys updated from v0.42.0 to v0.43.0
• golang.org/x/term updated from v0.41.0 to v0.42.0
• github.com/pion/stun/v3 updated from v3.1.1 to v3.1.2
• github.com/pion/turn/v4 removed
• golang.org/x/net updated from v0.52.0 to v0.53.0
• golang.org/x/text updated from v0.35.0 to v0.36.0
• golang.org/x/time updated from v0.12.0 to v0.14.0
• github.com/pion/turn/v5 v5.0.3 added
• hls.js updated from v1.6.15 to v1.6.16

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.17.1

Fixes and improvements

General

• prevent directory traversal attacks (#5602) Path names are used as part of paths in several components: in the recorder, in the playback server and in every HTTP-based component (WebRTC, HLS, API). Special characters that allow to escape from the intended directory are now forbidden in order to prevent directory traversal attacks.

RTSP

• client: fill server name indication (SNI) of TLS connections (bluenviron/gortsplib#1038)

RTMP

• implement AbortMessage (#4673) (bluenviron/gortmplib#59)
• client: fill server name indication (SNI) of TLS connections (bluenviron/gortmplib#63)

WebRTC

• fix random absolute timestamps with Opus, G711 and LPCM (#5597) When rewriting audio RTP timestamps in WebRTC egress, NTP was derived using regenerated packet timestamps minus the incoming RTP base timestamp. That mixed timestamp domains and could shift absolute time by an arbitrary offset while still exposing mapping as available. Fix by using a consistent outgoing RTP domain in rewritten audio paths
• strip TWCC extension of incoming RTP packets (#5146) (#5605) The TWCC extension is used as part of the WebRTC congestion control algorithm placed between the publisher and the server. If this extension is routed untouched from the server to readers, it messes with the congestion control algorithm present between the server and each reader. Remove it.

RPI Camera

• restore Docker compatibility with armv6 devices (#5590) (#5595)
• restore compatibility with armv6 devices (#5590) (bluenviron/mediamtx-rpicamera#95)

Dependencies

• github.com/bluenviron/gortmplib updated from v0.3.0 to v0.3.1
• github.com/bluenviron/gortsplib/v5 updated from v5.5.0 to v5.5.1
• github.com/gin-contrib/pprof updated from v1.5.3 to v1.5.4
• github.com/go-git/go-git/v5 updated from v5.17.0 to v5.17.2
• github.com/pion/ice/v4 updated from v4.2.1 to v4.2.2
• github.com/pion/webrtc/v4 updated from v4.2.9 to v4.2.11
• github.com/pion/sctp updated from v1.9.2 to v1.9.4
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.4 to v2.5.5

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.17.0

New major features

WebRTC

• support publishing multiple video/audio renditions (#5573) this allows to receive multiple video tracks from OBS Studio with the new WebRTC Simulcast feature introduced in v32.1.0.

API

• provide track details (#5307) (#5333) (#1726) (#5585)
• add user field to RTSP, RTMP, SRT, WebRTC conns and sessions (https://github.com/bluenviron/mediamtx/issues/5104) (#5565)
• add RTSP reported lost packets (#5198) (#5579) The new outboundRtpPacketsReportedLost property allows to track RTP packets that have been reported lost by readers. Furthermore, stats now have a "inbound" or "outbound" prefix to improve readability.
• rename WebRTC stats to match RTSP ones (#5581)
• add new stats (#5582) - RTSPSession.outboundRTPPacketsDiscarded - Path.inboundFramesInError - SRTConn.outboundFramesDiscarded - WebRTCSession.outboundFramesDiscarded - RTMPConn.outboundFramesDiscarded - HLSMuxer.outboundFramesDiscarded

Fixes and improvements

General

• avoid buffering HTTP response body in loggerWriter (#5552) loggerWriter was shadow-copying every response byte into a bytes.Buffer to report the body size, causing the entire response to be accumulated in memory for the lifetime of each request. Replace the buffer with a plain int counter since dump() only ever reported the byte count anyway.
• optionally validate JWT iss and aud claims (#5569)
• metrics: add two missing SRT stats (#5580)

API

• add deprecated fields to the OpenAPI definition (#5575)
• add missing enums and move all enums in dedicated components (#5576)

RTSP

• fix rtsps scheme not being used in requests (#5236) (#5544)
• support unwrapping MPEG-TS tracks (#5476) this allows to use MPEG-TS tracks with other protocols and with the recording system
• client: fix support for hostnames in source and dest headers (bluenviron/gortsplib#1009) (#5304) (bluenviron/gortsplib#1014)
• allocate a rtp sender for each server session (bluenviron/gortsplib#1021) this produces more realistic statistics and in the future will allow to implement per-session statistics and packet retransmission.
• store reported lost RTP packets in stats (#5198) (bluenviron/gortsplib#1023)

HLS

• muxer: support muxing KLS with MPEG-TS (bluenviron/gohlslib#327)
• client: fix deadlock when processing fMP4s (bluenviron/gohlslib#333) (bluenviron/gohlslib#334)

WebRTC

• fix panic with WHIP POST authentication failures (#5566)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.64.0 to v0.67.0
• github.com/abema/go-mp4 updated from v1.4.1 to v1.5.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.8 to v2.2.9
• github.com/bluenviron/gortsplib/v5 updated from v5.4.0 to v5.5.0
• github.com/bluenviron/mediacommon/v2 updated from v2.8.2 to v2.8.3
• golang.org/x/crypto updated from v0.48.0 to v0.49.0
• golang.org/x/sys updated from v0.41.0 to v0.42.0
• golang.org/x/term updated from v0.40.0 to v0.41.0
• golang.org/x/net updated from v0.51.0 to v0.52.0
• golang.org/x/text updated from v0.34.0 to v0.35.0

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.16.3

Fixes and improvements

General

• fill product version of Windows executable (#5167) (#5511)
• improve JSON decoder performance (#5526) avoid decoding JSON twice.
• fix panic when setting writeQueueSize to zero (#5360) (#5527)
• prevent using alwaysAvailableFile and alwaysAvailableTracks together (#5529)
• improve playback precision of alwaysAvailable offline segment (#5530)
• fix MPEG-4 audio configuration not matching error (#5468) (#5533) This happened when using alwaysAvailableFile and a MPEG-4 audio track.
• fix corrupted video with alwaysAvailableFile (#5534) when alwaysAvailableFile points to a file with a H265 or H264 track, server is started, an online stream is published and then closed, video was getting corrupted since the online video was overriding the parameters of the offline video.
• fix audio from alwaysAvailableFile not being streamed (#5535)
• fix alwaysAvailableFile restarting when a publisher fails (#5536) when a publisher try to start an online stream and there's an error, alwaysAvailableFile restarted without any reason.
• revert to Go 1.25 (#5521) (#5538) It seems like Go 1.26 is causing segmentation faults, related to channels, on Windows.
• inherit MPEG-4 audio type from alwaysAvailableFile (#5539)
• mpegts: properly compute PTS of async KLV frames (bluenviron/mediacommon#291) (bluenviron/mediacommon#311) Store last valid PTS as soon as possible, by parsing PES headers in advance, then use this PTS as timestamp of KLV frames without PTS.

HLS

• client: fix initial packet loss after astits upgrade (bluenviron/gohlslib#331)

Dependencies

• Go updated from 1.26 to 1.25
• github.com/asticode/go-astits updated from v1.14.0 to v1.15.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.6 to v2.2.8
• github.com/bluenviron/gortsplib/v5 updated from v5.3.2 to v5.4.0
• github.com/bluenviron/mediacommon/v2 updated from v2.8.0 to v2.8.2
• github.com/gin-gonic/gin updated from v1.11.0 to v1.12.0
• github.com/go-git/go-billy/v5 updated from v5.7.0 to v5.8.0
• github.com/go-git/go-git/v5 updated from v5.16.5 to v5.17.0
• github.com/bytedance/sonic updated from v1.14.0 to v1.15.0
• github.com/bytedance/sonic/loader updated from v0.3.0 to v0.5.0
• github.com/cloudflare/circl updated from v1.6.1 to v1.6.3
• github.com/gabriel-vasile/mimetype updated from v1.4.8 to v1.4.12
• github.com/go-playground/validator/v10 updated from v10.27.0 to v10.30.1
• github.com/quic-go/quic-go updated from v0.57.0 to v0.59.0
• github.com/ugorji/go/codec updated from v1.3.0 to v1.3.1
• golang.org/x/arch updated from v0.20.0 to v0.22.0
• golang.org/x/net updated from v0.50.0 to v0.51.0
• google.golang.org/protobuf updated from v1.36.9 to v1.36.10
• github.com/bytedance/gopkg v0.1.3 added
• go.mongodb.org/mongo-driver/v2 v2.5.0 added

Security

Binaries are compiled from source code by the Release workflow without human intervention.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.16.2

Fixes and improvements

General

• support X-Forwarded-Proto in playback server (#4970) (#5445) allow reverse proxies to change the schema of URLs returned by the server through the X-Forwarded-Proto header.
• make config file YAML 1.2 compliant (#5345) (#5456)
• replace YAML parser (#5461) switch from the unmaintained gopkg.in/yaml to goccy/go-yaml
• deprecate unix+rtp (#5318) (#4999) (#5351) (#5470) Unix socket are stream-based connections, while RTP requires packet-based connections. While packet-based Unix sockets exist (unixgram), no client supports them. Consequently we are forced to deprecate unix+rtp.
• fix codec parameters not being loaded from alwaysAvailableFile (#5484)
• warn when alwaysAvailableFile is not MP4 (#5483)
• suggest using JWTs in query parameters for RTSP and RTMP (#5267) (#5493) In case of RTSP and RTMP, JWTs cannot be used as passwords since there's a size limit. Therefore, documentation is updated to suggest passing JWT through query parameters, and authJWTInHTTPQuery is updated to act on HTTP requests only.
• fix error 400 with parallel describe and publish requests (#5095) (#5502) When a path is dynamic, and the path receives multiple describe and publish requests in parallel, describe requests might cause the path to be deleted, and this might cause pending publish requests to fail, since the path has been deleted. This patch improves the situation by checking for pending requests before deleting a path.
• add integrated packet dumper (#5488) this allows to dump any incoming and outgoing packet, to disk, in pcapng format.
• log packet sizes if UDPMaxPayloadSize is exceeded (#4668)
• improve video/audio sync of alwaysAvailable (#5443) (#5508) store elapsed time once for the entire stream and start PTS of sub streams from there.
• improve pmp4 and fmp4 parser robustness (bluenviron/mediacommon#299)
• mp4: fix H265 + iOS compatibility (bluenviron/mediacommon#290) On iOS, H265 requires the hvc1 box instead of the hev1 box.
• h264: prevent Annex-B from decoding more NALUs than MaxNALUsPerAccessUnit (bluenviron/mediacommon#303)
• improve H264 and MPEG-4 video performance (#4971) (bluenviron/mediacommon#304)
• mp4: fill reserved fields properly (bluenviron/mediacommon#307)
• mpegts: parse Opus channel configuration (#5002) (bluenviron/mediacommon#309)

API

• add conns to RTSP Sessions (#5454) this allows to find connections associated with a RTSP session.

RTMP

• prevent legacy clients from reading multiple video/audio tracks (#5478)
• fix marshaling H264 VideoExCodedFrames (#4996) (bluenviron/gortmplib#46) These messages were marshaled wrongly, causing errors when trying to read H264 tracks with an ID >= 1.
• support reading H265 with video codec id 12 (#5105) (bluenviron/gortmplib#48)

HLS

• client: support storing and sending cookies (#5444)

WebRTC

• allow tuning WHEP timeouts (#5027) (#5479) add whepHandshakeTimeout, whepTrackGatherTimeout, whepSTUNGatherTimeout
• add whepBearerTokenParameter (#3796) (#5486) this allows to pass Authorization: Bearer to servers that require it.

SRT

• set timeout of idle peers to readTimeout (#5489)

RPI Camera

• fix cross-compilation (bluenviron/mediamtx-rpicamera#89)
• fix kernel warning when closing camera (#4988) (bluenviron/mediamtx-rpicamera#88) close camera and encoder handlers properly.

Dependencies

• Go updated from 1.25 to 1.26
• code.cloudfoundry.org/bytefmt updated from v0.63.0 to v0.64.0
• github.com/MicahParks/keyfunc/v3 updated from v3.7.0 to v3.8.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.5 to v2.2.6
• github.com/bluenviron/gortmplib updated from v0.2.1 to v0.3.0
• github.com/bluenviron/gortsplib/v5 updated from v5.3.1 to v5.3.2
• github.com/bluenviron/mediacommon/v2 updated from v2.7.1 to v2.8.0
• github.com/datarhei/gosrt updated from v0.9.0 to v0.10.0
• github.com/go-git/go-git/v5 updated from v5.16.4 to v5.16.5
• github.com/matthewhartstonge/argon2 updated from v1.4.5 to v1.4.6
• github.com/pion/ice/v4 updated from v4.2.0 to v4.2.1
• github.com/pion/sdp/v3 updated from v3.0.17 to v3.0.18
• github.com/pion/webrtc/v4 updated from v4.2.3 to v4.2.9
• golang.org/x/crypto updated from v0.47.0 to v0.48.0
• golang.org/x/sys updated from v0.40.0 to v0.41.0
• golang.org/x/term updated from v0.39.0 to v0.40.0
• gopkg.in/yaml.v2 removed
• github.com/goccy/go-yaml updated from v1.18.0 to v1.19.2
• github.com/pion/dtls/v3 updated from v3.0.10 to v3.1.2
• golang.org/x/net updated from v0.49.0 to v0.50.0
• golang.org/x/text updated from v0.33.0 to v0.34.0
• github.com/google/gopacket v1.1.19 added
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.3 to v2.5.4

Security

Binaries are compiled from source code by the Release workflow without human intervention.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.16.1

Fixes and improvements

General

• fix typo in error message ('alwaysAvailableVideo' -> 'alwaysAvailableFile') (#5417)
• emit structured logs with nanosecond precision (#4924) (#5404)
• set default udpMaxPayloadSize to an IPv6 compatible value (#4882) (#5402) When using IPv6, there are 20 bytes less available for UDP payload, which has been adjusted accordingly.
• add authHTTPFingerprint (#5413) (#5422)
• add additional checks on always-available streams (#5408) make sure that published streams match MPEG-4 audio, G711 and LPCM parameters declared in configuration or used by the offline file.
• improve JSON error message (#5412) (#5433)
• pmp4: improve compatibility (#5423) (bluenviron/mediacommon#298)

RTSP

• rtpreceiver: fix panic (bluenviron/gortsplib#994)
• support Amatek AR-N3222F NVR (bluenviron/gortsplib#989)
• rtpreceiver: fix TotalReceived computation (bluenviron/gortsplib#995) one packet was missing.

RPI Camera

• fix unsetting rpiCameraAWBGains (#4935) (bluenviron/mediamtx-rpicamera#85)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.62.0 to v0.63.0
• github.com/alecthomas/kong updated from v1.13.0 to v1.14.0
• github.com/bluenviron/gortsplib/v5 updated from v5.3.0 to v5.3.1
• github.com/bluenviron/mediacommon/v2 updated from v2.7.0 to v2.7.1
• github.com/pion/interceptor updated from v0.1.43 to v0.1.44
• github.com/pion/rtp updated from v1.10.0 to v1.10.1
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.2 to v2.5.3

Security

Binaries are compiled from source code by the Release workflow without human intervention.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check