v1.16.3

Fixes and improvements

General

• fill product version of Windows executable (#5167) (#5511)
• improve JSON decoder performance (#5526) avoid decoding JSON twice.
• fix panic when setting writeQueueSize to zero (#5360) (#5527)
• prevent using alwaysAvailableFile and alwaysAvailableTracks together (#5529)
• improve playback precision of alwaysAvailable offline segment (#5530)
• fix MPEG-4 audio configuration not matching error (#5468) (#5533) This happened when using alwaysAvailableFile and a MPEG-4 audio track.
• fix corrupted video with alwaysAvailableFile (#5534) when alwaysAvailableFile points to a file with a H265 or H264 track, server is started, an online stream is published and then closed, video was getting corrupted since the online video was overriding the parameters of the offline video.
• fix audio from alwaysAvailableFile not being streamed (#5535)
• fix alwaysAvailableFile restarting when a publisher fails (#5536) when a publisher try to start an online stream and there's an error, alwaysAvailableFile restarted without any reason.
• revert to Go 1.25 (#5521) (#5538) It seems like Go 1.26 is causing segmentation faults, related to channels, on Windows.
• inherit MPEG-4 audio type from alwaysAvailableFile (#5539)
• mpegts: properly compute PTS of async KLV frames (bluenviron/mediacommon#291) (bluenviron/mediacommon#311) Store last valid PTS as soon as possible, by parsing PES headers in advance, then use this PTS as timestamp of KLV frames without PTS.

HLS

• client: fix initial packet loss after astits upgrade (bluenviron/gohlslib#331)

Dependencies

• Go updated from 1.26 to 1.25
• github.com/asticode/go-astits updated from v1.14.0 to v1.15.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.6 to v2.2.8
• github.com/bluenviron/gortsplib/v5 updated from v5.3.2 to v5.4.0
• github.com/bluenviron/mediacommon/v2 updated from v2.8.0 to v2.8.2
• github.com/gin-gonic/gin updated from v1.11.0 to v1.12.0
• github.com/go-git/go-billy/v5 updated from v5.7.0 to v5.8.0
• github.com/go-git/go-git/v5 updated from v5.16.5 to v5.17.0
• github.com/bytedance/sonic updated from v1.14.0 to v1.15.0
• github.com/bytedance/sonic/loader updated from v0.3.0 to v0.5.0
• github.com/cloudflare/circl updated from v1.6.1 to v1.6.3
• github.com/gabriel-vasile/mimetype updated from v1.4.8 to v1.4.12
• github.com/go-playground/validator/v10 updated from v10.27.0 to v10.30.1
• github.com/quic-go/quic-go updated from v0.57.0 to v0.59.0
• github.com/ugorji/go/codec updated from v1.3.0 to v1.3.1
• golang.org/x/arch updated from v0.20.0 to v0.22.0
• golang.org/x/net updated from v0.50.0 to v0.51.0
• google.golang.org/protobuf updated from v1.36.9 to v1.36.10
• github.com/bytedance/gopkg v0.1.3 added
• go.mongodb.org/mongo-driver/v2 v2.5.0 added

Security

Binaries are compiled from source code by the Release workflow without human intervention.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.16.2

Fixes and improvements

General

• support X-Forwarded-Proto in playback server (#4970) (#5445) allow reverse proxies to change the schema of URLs returned by the server through the X-Forwarded-Proto header.
• make config file YAML 1.2 compliant (#5345) (#5456)
• replace YAML parser (#5461) switch from the unmaintained gopkg.in/yaml to goccy/go-yaml
• deprecate unix+rtp (#5318) (#4999) (#5351) (#5470) Unix socket are stream-based connections, while RTP requires packet-based connections. While packet-based Unix sockets exist (unixgram), no client supports them. Consequently we are forced to deprecate unix+rtp.
• fix codec parameters not being loaded from alwaysAvailableFile (#5484)
• warn when alwaysAvailableFile is not MP4 (#5483)
• suggest using JWTs in query parameters for RTSP and RTMP (#5267) (#5493) In case of RTSP and RTMP, JWTs cannot be used as passwords since there's a size limit. Therefore, documentation is updated to suggest passing JWT through query parameters, and authJWTInHTTPQuery is updated to act on HTTP requests only.
• fix error 400 with parallel describe and publish requests (#5095) (#5502) When a path is dynamic, and the path receives multiple describe and publish requests in parallel, describe requests might cause the path to be deleted, and this might cause pending publish requests to fail, since the path has been deleted. This patch improves the situation by checking for pending requests before deleting a path.
• add integrated packet dumper (#5488) this allows to dump any incoming and outgoing packet, to disk, in pcapng format.
• log packet sizes if UDPMaxPayloadSize is exceeded (#4668)
• improve video/audio sync of alwaysAvailable (#5443) (#5508) store elapsed time once for the entire stream and start PTS of sub streams from there.
• improve pmp4 and fmp4 parser robustness (bluenviron/mediacommon#299)
• mp4: fix H265 + iOS compatibility (bluenviron/mediacommon#290) On iOS, H265 requires the hvc1 box instead of the hev1 box.
• h264: prevent Annex-B from decoding more NALUs than MaxNALUsPerAccessUnit (bluenviron/mediacommon#303)
• improve H264 and MPEG-4 video performance (#4971) (bluenviron/mediacommon#304)
• mp4: fill reserved fields properly (bluenviron/mediacommon#307)
• mpegts: parse Opus channel configuration (#5002) (bluenviron/mediacommon#309)

API

• add conns to RTSP Sessions (#5454) this allows to find connections associated with a RTSP session.

RTMP

• prevent legacy clients from reading multiple video/audio tracks (#5478)
• fix marshaling H264 VideoExCodedFrames (#4996) (bluenviron/gortmplib#46) These messages were marshaled wrongly, causing errors when trying to read H264 tracks with an ID >= 1.
• support reading H265 with video codec id 12 (#5105) (bluenviron/gortmplib#48)

HLS

• client: support storing and sending cookies (#5444)

WebRTC

• allow tuning WHEP timeouts (#5027) (#5479) add whepHandshakeTimeout, whepTrackGatherTimeout, whepSTUNGatherTimeout
• add whepBearerTokenParameter (#3796) (#5486) this allows to pass Authorization: Bearer to servers that require it.

SRT

• set timeout of idle peers to readTimeout (#5489)

RPI Camera

• fix cross-compilation (bluenviron/mediamtx-rpicamera#89)
• fix kernel warning when closing camera (#4988) (bluenviron/mediamtx-rpicamera#88) close camera and encoder handlers properly.

Dependencies

• Go updated from 1.25 to 1.26
• code.cloudfoundry.org/bytefmt updated from v0.63.0 to v0.64.0
• github.com/MicahParks/keyfunc/v3 updated from v3.7.0 to v3.8.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.5 to v2.2.6
• github.com/bluenviron/gortmplib updated from v0.2.1 to v0.3.0
• github.com/bluenviron/gortsplib/v5 updated from v5.3.1 to v5.3.2
• github.com/bluenviron/mediacommon/v2 updated from v2.7.1 to v2.8.0
• github.com/datarhei/gosrt updated from v0.9.0 to v0.10.0
• github.com/go-git/go-git/v5 updated from v5.16.4 to v5.16.5
• github.com/matthewhartstonge/argon2 updated from v1.4.5 to v1.4.6
• github.com/pion/ice/v4 updated from v4.2.0 to v4.2.1
• github.com/pion/sdp/v3 updated from v3.0.17 to v3.0.18
• github.com/pion/webrtc/v4 updated from v4.2.3 to v4.2.9
• golang.org/x/crypto updated from v0.47.0 to v0.48.0
• golang.org/x/sys updated from v0.40.0 to v0.41.0
• golang.org/x/term updated from v0.39.0 to v0.40.0
• gopkg.in/yaml.v2 removed
• github.com/goccy/go-yaml updated from v1.18.0 to v1.19.2
• github.com/pion/dtls/v3 updated from v3.0.10 to v3.1.2
• golang.org/x/net updated from v0.49.0 to v0.50.0
• golang.org/x/text updated from v0.33.0 to v0.34.0
• github.com/google/gopacket v1.1.19 added
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.3 to v2.5.4

Security

Binaries are compiled from source code by the Release workflow without human intervention.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.16.1

Fixes and improvements

General

• fix typo in error message ('alwaysAvailableVideo' -> 'alwaysAvailableFile') (#5417)
• emit structured logs with nanosecond precision (#4924) (#5404)
• set default udpMaxPayloadSize to an IPv6 compatible value (#4882) (#5402) When using IPv6, there are 20 bytes less available for UDP payload, which has been adjusted accordingly.
• add authHTTPFingerprint (#5413) (#5422)
• add additional checks on always-available streams (#5408) make sure that published streams match MPEG-4 audio, G711 and LPCM parameters declared in configuration or used by the offline file.
• improve JSON error message (#5412) (#5433)
• pmp4: improve compatibility (#5423) (bluenviron/mediacommon#298)

RTSP

• rtpreceiver: fix panic (bluenviron/gortsplib#994)
• support Amatek AR-N3222F NVR (bluenviron/gortsplib#989)
• rtpreceiver: fix TotalReceived computation (bluenviron/gortsplib#995) one packet was missing.

RPI Camera

• fix unsetting rpiCameraAWBGains (#4935) (bluenviron/mediamtx-rpicamera#85)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.62.0 to v0.63.0
• github.com/alecthomas/kong updated from v1.13.0 to v1.14.0
• github.com/bluenviron/gortsplib/v5 updated from v5.3.0 to v5.3.1
• github.com/bluenviron/mediacommon/v2 updated from v2.7.0 to v2.7.1
• github.com/pion/interceptor updated from v0.1.43 to v0.1.44
• github.com/pion/rtp updated from v1.10.0 to v1.10.1
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.2 to v2.5.3

Security

Binaries are compiled from source code by the Release workflow without human intervention.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.16.0

New major features

General

• add always available streams (#5335) When the publisher or source of a stream is offline, the server can be configured to fill gaps in the stream with a video that is played on repeat until a publisher comes back online. This allows readers to stay connected regardless of the state of the stream. The offline video and any future online stream are concatenated without decoding or re-encoding packets, using the original codec.

API

• add available, availableTime, online, onlineTime properties (#5391) these replace ready and readyTime and allow to monitor the new "always-available" feature.

WebRTC

• support reading KLV tracks (#4722)

Fixes and improvements

General

• move away from balenalib Docker images (#5313)
• print OS and Arch in first log line (#5315)
• print last decode error (#5319) decode errors are still grouped together, but the last one is now printed.
• print last processing error (#5323)
• use the same filtering process for every codec (#5324) this allows to apply features that were previously implemented for single codecs (like RTP packet resizing), to any codec, and simplifies future development.
• prevent several configuration errors (#5368)
• fix typos in documentation (#5370)
• fix overriding default user with environment variables (#5371) MTX_AUTHINTERNALUSERS_0_USER and MTX_AUTHINTERNALUSERS_0_PASS are now working even when the configuration file is present.
• prevent setting empty usernames with environment variables (#5373)
• fix panic with environment variables (#5374) this happened when loading deprecated slices of structs with environment variables.
• prevent setting slices to null (#5375) In Golang, slices can be set to nil, while in most other languages they cannot. This causes compatibility issues, especially because the OpenAPI definition of the API does not allow slices to be nil. This prevents slices from being set to nil through JSON/YAML, and also sets default slices to an empty list instead of nil.
• Update hlsEncryption documentation on Low-Latency HLS requirements (#5379)
• fix race condition when closing HTTP servers (#5390) when a HTTP server is closed, open connections are now immediately closed and open routines are waited before the server is considered closed.
• deprecate fallback (#5388) The fallback feature worked with RTSP only and did not allow readers to resume the original stream. It has been replaced by alwaysAvailable.
• mpegts: add E-AC-3 (Dolby Digital Plus) codec support (bluenviron/mediacommon#272)
• mpeg4audio: support channel_config=0 (bluenviron/mediacommon#273)
• mpeg4audio: in ASC, prefer marshaling legacy ChannelConfig when available (bluenviron/mediacommon#280)
• pmp4: increase compatibility (bluenviron/mediacommon#293)
• pmp4: support MP4s with data before track definitions (bluenviron/mediacommon#294)

API

• improve OpenAPI definition (#5380) add uint64, uint, uuid, move WebRTCICEServer into dedicated schema

RTSP

• fix log labels of RTSPS listeners (#5367) use "TCP/RTSPS", "UDP/SRTP", "UDP/SRTCP" to refer to secure listeners
• add rtspUDPSourcePortRange param (#5363) (#5397)

HLS

• fix playback starting point for VOD streams without EXT-X-PLAYLIST-TYPE (bluenviron/gohlslib#308)
• client: return every unit before an error (bluenviron/gohlslib#314) In case of an error, downloaded unit that were not processed yet were discarded. Now they are returned before the client exits.

WebRTC

• print incoming data channel messages (#5357)

RPI Camera

• move away from balenalib Docker images (bluenviron/mediamtx-rpicamera#82)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.59.0 to v0.62.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.4 to v2.2.5
• github.com/bluenviron/gortmplib updated from v0.2.0 to v0.2.1
• github.com/bluenviron/gortsplib/v5 updated from v5.2.2 to v5.3.0
• github.com/bluenviron/mediacommon/v2 updated from v2.6.0 to v2.7.0
• github.com/golang-jwt/jwt/v5 updated from v5.3.0 to v5.3.1
• github.com/matthewhartstonge/argon2 updated from v1.4.4 to v1.4.5
• github.com/pion/ice/v4 updated from v4.1.0 to v4.2.0
• github.com/pion/interceptor updated from v0.1.42 to v0.1.43
• github.com/pion/rtp updated from v1.9.0 to v1.10.0
• github.com/pion/transport/v3 removed
• github.com/pion/webrtc/v4 updated from v4.2.1 to v4.2.3
• golang.org/x/crypto updated from v0.46.0 to v0.47.0
• golang.org/x/sys updated from v0.39.0 to v0.40.0
• golang.org/x/term updated from v0.38.0 to v0.39.0
• github.com/pion/datachannel updated from v1.5.10 to v1.6.0
• github.com/pion/dtls/v3 updated from v3.0.9 to v3.0.10
• github.com/pion/sctp updated from v1.9.0 to v1.9.2
• github.com/pion/srtp/v3 updated from v3.0.9 to v3.0.10
• github.com/pion/stun/v3 updated from v3.0.2 to v3.1.1
• github.com/pion/turn/v4 updated from v4.1.3 to v4.1.4
• golang.org/x/net updated from v0.48.0 to v0.49.0
• golang.org/x/text updated from v0.32.0 to v0.33.0
• github.com/pion/transport/v4 v4.0.1 added
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.1 to v2.5.2

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.15.6

Fixes and improvements

General

• add structured logging (#5219)
• fix 1-minute offset when recording a H264 WebRTC track (#5275) (#5278)
• disable syslog logging on macOS (#5005) (#5295)
• set syslog priority and do not write level and date to syslog (#4923) (#5296) When writing log entries to syslog, pass the level (WARN, INFO, etc) directly to syslog. Avoid writing level and date. This provides a better integration and allows to use syslog search tools.

RTSP

• avoid setupping back channels (#5074) (#5289)
• Support URI format sent by HappyTime ONVIF and RTSP clients during (bluenviron/gortsplib#964)
• fix medias wrongly marked as back channels (#5074) (bluenviron/gortsplib#970) Some cameras mark medias as back channels even though they are not. Try to detect this by checking whether in full the SDP there are both back channels and standard channels, unmarking back channels otherwise.
• when there are back channels, add recvonly attribute to standard channels (bluenviron/gortsplib#971)

SRT

• fix broken connections in case of high latency (#3756) (#5282) When listening and accepting an incoming connection request, the response might be received by the peer with some delay due to latency. This causes the peer to send a second connection request, that is not detected as duplicate because the first connection request has already been removed from the map that is used to check for duplicates (connReqs), so it is treated as a brand new connection request, breaking the first connection. This patch fixes the issue by introducing another map (connByPeer) that is used to check whether a connection request is associated to an already-accepted connection.

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.58.0 to v0.59.0
• github.com/bluenviron/gortmplib updated from v0.1.2 to v0.2.0
• github.com/bluenviron/gortsplib/v5 updated from v5.2.1 to v5.2.2
• github.com/bluenviron/mediacommon/v2 updated from v2.5.3 to v2.6.0
• github.com/matthewhartstonge/argon2 updated from v1.4.3 to v1.4.4
• github.com/pion/ice/v4 updated from v4.0.13 to v4.1.0
• github.com/pion/rtp updated from v1.8.26 to v1.9.0
• github.com/pion/sdp/v3 updated from v3.0.16 to v3.0.17
• github.com/pion/webrtc/v4 updated from v4.1.7 to v4.2.1
• golang.org/x/crypto updated from v0.45.0 to v0.46.0
• golang.org/x/sys updated from v0.38.0 to v0.39.0
• golang.org/x/term updated from v0.37.0 to v0.38.0
• github.com/pion/dtls/v3 updated from v3.0.8 to v3.0.9
• github.com/pion/sctp updated from v1.8.41 to v1.9.0
• github.com/pion/stun/v3 updated from v3.0.1 to v3.0.2
• github.com/quic-go/qpack updated from v0.5.1 to v0.6.0
• github.com/quic-go/quic-go updated from v0.54.1 to v0.57.0
• go.uber.org/mock removed
• golang.org/x/mod removed
• golang.org/x/net updated from v0.47.0 to v0.48.0
• golang.org/x/sync removed
• golang.org/x/text updated from v0.31.0 to v0.32.0
• golang.org/x/time updated from v0.9.0 to v0.12.0
• golang.org/x/tools removed

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.15.5

Fixes and improvements

General

• apidocs: fix compatibility with OpenAPI 3.0 (#5210) double-precision numbers are now represented as double.
• playback: support concatenating segments with long gaps (#5172) Thanks to the new mtxi MP4 box, it's possible to check whether two segments are consecutive without involving dates or timestamps. When the new mtxi box is present in both segments, do not check if the end of the first segment corresponds to the start of the second segment.
• recorder: reset when absolute time drifts from stream time (#4778) (#5239) the server now detects when system time changes too much and restarts recordings when that happens.
• playback: fix crash (#5240) (#5250) when requesting a recording with the mp4 format, if there are two tracks and the second track has no samples, the server crashed. This fixes the issue.
• fix panic when changing log file to a nonexisting directory (#5132) (#5249)
• h264: fix regression in DTS extractor (#5207) (bluenviron/mediacommon#263)
• h264: increase MaxNALUsPerAccessUnit (bluenviron/mediacommon#262) Some parrot drones use slice-encoding with 45 independent slices, resulting in frames consisting of 48 NALUs.
• pmp4: fix crash when unmarshaling and there are no samples (#5240) (bluenviron/mediacommon#267)
• fmp4: Correctly parse trun v0 sample composition time offset (bluenviron/mediacommon#268)
• h265: fix DTS extraction with multiple slices (#5071) (bluenviron/mediacommon#269)

API

• always reply with JSON in case of success or failure (#5252) Reply with "status": "ok" in case of success, and with "status": "error" in case of error. This makes the API more accessible and user friendly.

RTSP

• fix crash when setupping tracks between stream changes (#5253) (#5257)
• Allow 1 byte of extra padding at mikey message (bluenviron/gortsplib#953)

RTMP

• prevent dropping initial video and audio frames (bluenviron/gortmplib#26)

Dependencies

• github.com/bluenviron/gortmplib updated from v0.1.1 to v0.1.2
• github.com/bluenviron/gortsplib/v5 updated from v5.2.0 to v5.2.1
• github.com/bluenviron/mediacommon/v2 updated from v2.5.1 to v2.5.3
• github.com/go-git/go-billy/v5 updated from v5.6.2 to v5.7.0
• github.com/go-git/go-git/v5 updated from v5.16.3 to v5.16.4
• github.com/pion/ice/v4 updated from v4.0.10 to v4.0.13
• github.com/pion/rtp updated from v1.8.25 to v1.8.26
• github.com/pion/webrtc/v4 updated from v4.1.6 to v4.1.7
• github.com/pion/dtls/v3 updated from v3.0.7 to v3.0.8
• github.com/pion/mdns/v2 updated from v2.0.7 to v2.1.0
• github.com/pion/sctp updated from v1.8.40 to v1.8.41
• github.com/pion/srtp/v3 updated from v3.0.8 to v3.0.9
• github.com/pion/stun/v3 updated from v3.0.0 to v3.0.1
• github.com/pion/turn/v4 updated from v4.1.1 to v4.1.3

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.15.4 "San Francisco"

Fixes and improvements

General

• support multiple CORS origins (#5150)
• add udpReadBufferSize parameter (#5129) this allows to set a global UDP read buffer, applied to every UDP socket.
• extend udpReadBufferSize to WebRTC UDP sockets (#5130) this allows to decrease packet losses without touching system parameters.
• recorder: prevent FMP4 durations from overflowing (#4711) (#5126) the timestamp difference between two samples was put inside an unsigned integer that, when negative, caused an overflow.

RTP

• reorder packets before ingestion (#5194)

RTSP

• support RTSP responses with empty status message (bluenviron/gortsplib#807) (bluenviron/gortsplib#928)
• server: fix timeout when reading with Media Foundation (#5090) (bluenviron/gortsplib#932)
• fix SP payload of MIKEY messages (bluenviron/gortsplib#827) (bluenviron/gortsplib#935) fill PayloadSPPolicyParamTypeAuthTagLen andPayloadSPPolicyParamTypeSessionAuthKeyLen properly.
• support formats with dynamic SSRC (bluenviron/gortsplib#687) (bluenviron/gortsplib#940)
• improve performance by decoding RTP header once (bluenviron/gortsplib#941)

HLS

• muxer: prevent FMP4 durations from overflowing (#5126) (bluenviron/gohlslib#290)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.55.0 to v0.58.0
• github.com/alecthomas/kong updated from v1.12.1 to v1.13.0
• github.com/asticode/go-astits updated from v1.13.0 to v1.14.0
• github.com/bluenviron/gohlslib/v2 updated from v2.2.3 to v2.2.4
• github.com/bluenviron/gortsplib/v5 updated from v5.1.1 to v5.2.0
• github.com/matthewhartstonge/argon2 updated from v1.4.1 to v1.4.3
• github.com/pion/interceptor updated from v0.1.41 to v0.1.42
• github.com/pion/rtp updated from v1.8.23 to v1.8.25
• golang.org/x/crypto updated from v0.43.0 to v0.45.0
• golang.org/x/sys updated from v0.37.0 to v0.38.0
• golang.org/x/term updated from v0.36.0 to v0.37.0
• github.com/pion/transport/v3 updated from v3.0.8 to v3.1.1
• golang.org/x/mod updated from v0.29.0 to v0.30.0
• golang.org/x/net updated from v0.46.0 to v0.47.0
• golang.org/x/sync updated from v0.17.0 to v0.18.0
• golang.org/x/text updated from v0.30.0 to v0.31.0
• golang.org/x/tools updated from v0.38.0 to v0.39.0
• hls.js updated from v1.6.13 to v1.6.15

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.15.3

Fixes and improvements

General

• h264: fix DTS estimation of some HikVision cameras (#4617) (bluenviron/mediacommon#252)

RTSP

• fix timeout when recording with FFmpeg and UDP (#5100) (bluenviron/gortsplib#921)
• fix crash when calling PAUSE (bluenviron/gortsplib#922) this happened when playing and protocol is UDP-multicast.
• use AVP profile when scheme is RTSPS and protocol is TCP (bluenviron/gortsplib#916)

RTMP

• fix freeze when reading source (#5117) tracks were read without deadlines, freezing the server if they were not present. This patch also allows to close the server immediately during track reading.
• client: fix compatibility with SRS (#4630) (bluenviron/gortmplib#9)

RPI Camera

• Added missing AnalogueGainMode (bluenviron/mediamtx-rpicamera#71)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.54.0 to v0.55.0
• github.com/bluenviron/gortmplib updated from v0.1.0 to v0.1.1
• github.com/bluenviron/gortsplib/v5 updated from v5.1.0 to v5.1.1
• github.com/bluenviron/mediacommon/v2 updated from v2.5.0 to v2.5.1
• github.com/pion/rtcp updated from v1.2.15 to v1.2.16
• github.com/pion/webrtc/v4 updated from v4.1.4 to v4.1.6
• github.com/pion/sctp updated from v1.8.39 to v1.8.40
• github.com/pion/transport/v3 updated from v3.0.7 to v3.0.8
• golang.org/x/mod updated from v0.28.0 to v0.29.0
• golang.org/x/tools updated from v0.37.0 to v0.38.0
• github.com/bluenviron/mediamtx-rpicamera updated from v2.5.0 to v2.5.1

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.15.2

Fixes and improvements

General

• add self-upgrader (#3501) (#5035) this allows to upgrade MediaMTX to latest version by running ./mediamtx --upgrade
• on Windows, do not look for configuration in linux paths (#5036)
• do not include recorder and HLS muxer in sent bytes (#4380) (#5039) in API (/paths/list, /paths/get) and metrics (paths_bytes_sent), the amount of sent bytes was increased even in case of writes to the recorder and HLS muxer, which are not generating network traffic. This fixes the issue.
• add read and write timeouts in HTTP servers (#5056) this prevents zombie connections from piling up.
• estimate absolute timestamp more precisely (#5078) When the absolute timestamp of incoming frames was not available, it was filled with the current timestamp, which is influenced by latency over time. This mechanism is replaced by an algorithm that detects when latency is the lowest, stores the current timestamp and uses it as reference throughout the rest of the stream.
• prevent estimated absolute timestamp from drifting too much (#5080)
• recorder: reset fMP4 sequence number during segment switch (#5082) It's useless to make sequence numbers unique across the entire stream.
• replace incoming absolute timestamps of any source (#5081) Absolute timestamps are used to generate recording segments, so users should not be able to change them, unless explicitly allowed. Parameter useAbsoluteTimestamp allowed to re-enable absolute timestamps with RTSP and WebRTC, now it is extended to all protocols.
• recorder: write additional infos inside segments (#5083) write stream ID, segment number, DTS, NTP in a dedicated box. This allows to improve the merge algorithm in the playback server.
• playback: improve segment merging algorithm (#5084) * merge segments only if they belong to the same stream and are consecutive. * compute DTS without using NTP timestamp, increasing robustness against NTP fluctuations.

API

• add /info endpoint (#945) (#5045)

RTSP

• Fix: invalid SDP: sdp: invalid syntax c=IN (bluenviron/gortsplib#906)
• server: add idle timeout (bluenviron/gortsplib#912) this prevents idle connections and sessions from stacking up.

HLS

• improve web page performance (#5062) load hls.js in parallel with the page.

WebRTC

• fix clippy audio when reading Opus (#3878) (#5047) Opus timestamp is now recomputed from scratch.
• fix packet corruption when reading G711 (#5048) when a reader is reading a G711 track, stream units are modified globally, affecting every other reader. This fixes the issue.

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.52.0 to v0.54.0
• github.com/MicahParks/keyfunc/v3 updated from v3.6.2 to v3.7.0
• github.com/bluenviron/gortsplib/v5 updated from v5.0.1 to v5.1.0
• github.com/bluenviron/mediacommon/v2 updated from v2.4.3 to v2.5.0
• github.com/go-git/go-git/v5 updated from v5.16.2 to v5.16.3
• github.com/matthewhartstonge/argon2 updated from v1.4.0 to v1.4.1
• github.com/pion/interceptor updated from v0.1.40 to v0.1.41
• github.com/pion/rtp updated from v1.8.22 to v1.8.23
• golang.org/x/crypto updated from v0.42.0 to v0.43.0
• golang.org/x/sys updated from v0.36.0 to v0.37.0
• golang.org/x/term updated from v0.35.0 to v0.36.0
• github.com/pion/srtp/v3 updated from v3.0.7 to v3.0.8
• github.com/quic-go/quic-go updated from v0.54.0 to v0.54.1
• golang.org/x/net updated from v0.44.0 to v0.46.0
• golang.org/x/text updated from v0.29.0 to v0.30.0
• github.com/Masterminds/semver/v3 v3.4.0 added
• github.com/minio/selfupdate v0.6.0 added
• aead.dev/minisign v0.2.0 added

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

v1.15.1

Fixes and improvements

General

• fix authentication failure reason not being displayed (#5007)
• fix reading JWT when it is passed through the password field (#5009) Usernames and passwords must be requested explicitly to clients, but they were not requested when JWT is meant to be passed as password. This fixes the issue.
• stop accepting JWTs from query parameters unless allowed in conf (#5010) This is the first step into removing support for JWTs in query parameters, which is a security flaw.
• docs: explain how to decrease JWT length in Keycloak (#5012) this prevents errors when passing JWT with FFmpeg and GStreamer.
• log authentication errors of API, metrics, pprof (#4641) (#5015)
• allow changing record parameters without disconnecting readers (#4663) (#5018)

API

• fix crash in rtspsessions/list and /rtspsessions/get (#5030) (#5031) sometimes sessions have an empty associated path, and this caused a crash.

RTSP

• log authentication failure reason (#4641) (#5017)
• sdp: fix compatibility with a Uniview camera (#5008) (bluenviron/gortsplib#903)

Dependencies

• code.cloudfoundry.org/bytefmt updated from v0.51.0 to v0.52.0
• github.com/MicahParks/jwkset updated from v0.10.0 to v0.11.0
• github.com/MicahParks/keyfunc/v3 updated from v3.6.1 to v3.6.2
• github.com/bluenviron/gortsplib/v5 updated from v5.0.0 to v5.0.1
• github.com/gin-gonic/gin updated from v1.10.1 to v1.11.0
• github.com/bytedance/sonic updated from v1.13.2 to v1.14.0
• github.com/bytedance/sonic/loader updated from v0.2.4 to v0.3.0
• github.com/cloudwego/base64x updated from v0.1.5 to v0.1.6
• github.com/gin-contrib/sse updated from v1.0.0 to v1.1.0
• github.com/go-playground/validator/v10 updated from v10.26.0 to v10.27.0
• github.com/klauspost/cpuid/v2 updated from v2.2.10 to v2.3.0
• github.com/pelletier/go-toml/v2 updated from v2.2.3 to v2.2.4
• github.com/ugorji/go/codec updated from v1.2.12 to v1.3.0
• golang.org/x/arch updated from v0.16.0 to v0.20.0
• google.golang.org/protobuf updated from v1.36.6 to v1.36.9
• github.com/goccy/go-yaml v1.18.0 added
• github.com/quic-go/qpack v0.5.1 added
• github.com/quic-go/quic-go v0.54.0 added
• go.uber.org/mock v0.5.0 added
• golang.org/x/mod v0.28.0 added
• golang.org/x/sync v0.17.0 added
• golang.org/x/tools v0.37.0 added
• hls.js updated from v1.6.12 to v1.6.13

Security

Binaries are compiled from source through the Release workflow without human intervention, preventing any external interference.

You can verify that binaries have been produced by the workflow by using GitHub Attestations:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify the binaries checksum by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check