bluenviron/mediamtx v1.18.0

on GitHub

New major features

HLS

• track sessions (#962) (#5683) sessions are now tracked through cookies or query parameters. This provides the ability to inspect sessions through logs, metrics and API, allows more precise tracking of outbound bytes, decreases load on external HTTP authentication URLs since they are now called once per session and not once per request.
• support serving streams with a CDN (#5696)

Fixes and improvements

General

• improve listener labels (#5635) add a label after every "listener opened on :XXX" message that mentions protocols of every listener.
• dump unencrypted TLS sessions (#5624) when dumpPackets is true, embed TLS master keys into the dump, in a format which is natively compatible with Wireshark.
• use "token" as query parameter key to pass tokens (#5647) the legacy "jwt" query parameter key is still supported.
• deprecate authJWTInHTTPQuery and disable JWTs in query parameters (#5648) This fixes a long standing security flaw. Even though it's a breaking change, few users should be impacted since this feature has been discouraged for some time.
• expose token passed as query parameter to HTTP authentication too (#5649) this allows to parse tokens coming from RTSP and RTMP without additional effort.
• playback: return errors as JSON (#5656) this is aligned with all other HTTP-based services.
• prevent out-of-memory errors (#5674) impose a maximum size on body of incoming HTTP requests and responses.
• metrics: improve performance (#5663) use string.Builder instead of string concatenation
• metrics: add labels to the output (#5687) group metrics under visible, distinct labels.
• metrics: fix filtering by type=rtmp_conns and type=rtmps_conns (#5689)
• metrics: add readerType attribute to the path_readers metric (#5690) this allows to filter path readers by type.
• metrics: use an enum for parsing metrics type (#5692)
• metrics: fix race condition when reloading configuration (#5693)
• docs: add scaling page (#5695)

API

• sort path readers (#5691)

RTSP

• client: fix RTSP-over-HTTP tunnel request target (bluenviron/gortsplib#1041)
• client: support Axis SRTP variant (bluenviron/gortsplib#1033)
• improve SDP parser compatibility with malformed connection information (bluenviron/gortsplib#1025)
• support parsing responses with no status message (bluenviron/gortsplib#1043) (bluenviron/gortsplib#1050)
• client: don't block RTSP-over-HTTP tunnel startup on POST response (bluenviron/gortsplib#1047)

HLS

• return JSON with error message in case path conf is not available (#5655) this behavior is aligned with WebRTC one.
• improve muxer performance (#5660) use a mutex instead of a channel to get current instance.
• fix running linter when there are unstaged git changes (bluenviron/gohlslib#336)
• client: use redirected URL when reloading playlist (bluenviron/gohlslib#340) this allows to store and use tokens and signed URLs.
• client: support reading KLV (bluenviron/gohlslib#337)
• prevent out-of-memory errors (bluenviron/gohlslib#343)
• muxer: generate init segment once (bluenviron/gohlslib#344) Previously, the init segment was regenerated in case of codec parameter changes, but changing the init segment has been proved to cause video and audio discontinuities on iOS. Now the init file contains starting parameters only and never changes during the stream lifetime.
• client: increase size limit of segments and parts (bluenviron/gohlslib#345)
• return a custom error when body size limit is exceeded (bluenviron/gohlslib#346)
• muxer: store non-low-latency playlists and init files on disk (bluenviron/gohlslib#348)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.67.0 to v0.69.0
• github.com/alecthomas/kong updated from v1.14.0 to v1.15.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.9 to v2.3.0
• github.com/bluenviron/gortsplib/v5 updated from v5.5.1 to v5.5.2
• github.com/go-git/go-git/v5 updated from v5.17.2 to v5.18.0
• github.com/matthewhartstonge/argon2 updated from v1.4.6 to v1.5.2
• github.com/pion/ice/v4 updated from v4.2.2 to v4.2.5
• golang.org/x/crypto updated from v0.49.0 to v0.50.0
• golang.org/x/sys updated from v0.42.0 to v0.43.0
• golang.org/x/term updated from v0.41.0 to v0.42.0
• github.com/pion/stun/v3 updated from v3.1.1 to v3.1.2
• github.com/pion/turn/v4 removed
• golang.org/x/net updated from v0.52.0 to v0.53.0
• golang.org/x/text updated from v0.35.0 to v0.36.0
• golang.org/x/time updated from v0.12.0 to v0.14.0
• github.com/pion/turn/v5 v5.0.3 added
• hls.js updated from v1.6.15 to v1.6.16

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check