6d6ebee80d
deprecate authJWTInHTTPQuery and disable JWTs in query parameters ( #5648 )
...
This fixes a long standing security flaw. Even though it's a breaking
change, few users should be impacted since this feature has been discouraged
for some time.
2026-04-06 18:03:22 +02:00
4472bcfc4b
use "token" as query parameter key to pass tokens ( #5647 )
...
the legacy "jwt" query parameter key is still supported.
2026-04-06 17:51:59 +02:00
141b789fa9
docs: further decrease Keycloak JWT length ( #5646 )
...
this helps a lot in using JWTs with players with URL limitations.
2026-04-06 17:23:10 +02:00
33f12816cd
docs: update ( #5598 )
2026-03-22 10:38:53 +01:00
12687e5abb
improve documentation ( #5586 )
2026-03-18 09:47:46 +01:00
f98c9c59ca
rtsp: support unwrapping MPEG-TS tracks ( #5476 )
...
this allows to use MPEG-TS tracks with other protocols and with the recording system.
---------
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com >
2026-03-17 19:14:04 +01:00
9a485119ec
docs: clarify jwt in query option for rtsp and rtmp ( #5577 )
2026-03-16 21:41:05 +01:00
9b36d50b8d
optionally validate JWT iss and aud claims ( #5569 )
2026-03-13 22:38:40 +01:00
e59fbd4590
docs: update ( #5567 )
2026-03-12 13:48:35 +01:00
549300cbd4
prevent using alwaysAvailableFile and alwaysAvailableTracks together ( #5529 )
2026-02-28 18:31:41 +01:00
35e1f486c9
add integrated packet dumper ( #5488 )
...
this allows to dump any incoming and outgoing packet, to disk, in
pcapng format.
2026-02-22 13:34:05 +01:00
28b0e21910
suggest using JWTs in query parameters for RTSP and RTMP ( #5267 ) ( #5493 )
...
In case of RTSP and RTMP, JWTs cannot be used as passwords since
there's a size limit. Therefore, documentation is updated to suggest
passing JWT through query parameters, and authJWTInHTTPQuery is updated
to act on HTTP requests only.
2026-02-20 22:16:56 +01:00
87fbfebf06
webrtc: add whepBearerTokenParameter ( #3796 ) ( #5486 )
...
this allows to pass Authorization: Bearer to servers that require it.
2026-02-19 11:57:39 +01:00
d492db6114
docs: update ( #5471 )
2026-02-19 11:57:07 +01:00
f991821a5f
webrtc: allow tuning WHEP timeouts ( #5027 ) ( #5479 )
...
add whepHandshakeTimeout, whepTrackGatherTimeout, whepSTUNGatherTimeout
2026-02-18 16:29:25 +01:00
cb69d64fac
deprecate unix+rtp ( #5318 ) ( #4999 ) ( #5351 ) ( #5470 )
...
Unix socket are stream-based connections, while RTP requires
packet-based connections. While packet-based Unix sockets exist
(unixgram), no client supports them. Consequently we are forced to
deprecate unix+rtp.
2026-02-15 13:02:18 +01:00
9793f90453
make config file YAML 1.2 compliant ( #5345 ) ( #5456 )
2026-02-12 15:46:06 +01:00
c250e34075
support X-Forwarded-Proto in playback server ( #4970 ) ( #5445 )
...
allow reverse proxies to change the schema of URLs returned by the
server through the X-Forwarded-Proto header.
2026-02-11 21:47:02 +01:00
2c93262635
update documentation ( #5418 )
2026-02-07 19:41:43 +01:00
4f859fb40b
add authHTTPFingerprint ( #5413 ) ( #5422 )
2026-02-05 16:51:29 +01:00
4dc09e1d51
set default udpMaxPayloadSize to an IPv6 compatible value ( #4882 ) ( #5402 )
...
When using IPv6, there are 20 bytes less available for UDP payload,
which has been adjusted accordingly.
2026-02-05 16:32:02 +01:00
74eaa11d3a
rtsp: add rtspUDPSourcePortRange param ( #5363 ) ( #5397 )
2026-01-31 16:21:53 +01:00
92f9ee7b78
deprecate fallback ( #5388 )
...
The fallback feature worked with RTSP only and did not allow readers to
resume the original stream. It has been replaced by alwaysAvailable.
2026-01-31 15:29:24 +01:00
115dab1533
api: add available, availableTime, online, onlineTime properties ( #5391 )
...
these replace ready and readyTime and allow to monitor the new
"always-available" feature.
2026-01-31 14:54:10 +01:00
a56408db19
add always available streams ( #5335 )
...
When the publisher or source of a stream is offline, the server can be
configured to fill gaps in the stream with a video that is played on
repeat until a publisher comes back online. This allows readers to stay
connected regardless of the state of the stream. The offline video and
any future online stream are concatenated without decoding or
re-encoding packets, using the original codec.
2026-01-31 14:44:58 +01:00
69fdd18d86
docs: update ( #5308 )
2026-01-28 11:52:42 +01:00
e34f978860
Update hlsEncryption documentation on Low-Latency HLS requirements ( #5379 )
2026-01-28 11:25:02 +01:00
9e9fae9a10
add structured logging ( #5219 )
...
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com >
2025-12-27 20:42:06 +01:00
3692b2448a
set syslog priority and do not write level and date to syslog ( #4923 ) ( #5296 )
...
When writing log entries to syslog, pass the level (WARN, INFO, etc)
directly to syslog. Avoid writing level and date. This provides a
better integration and allows to use syslog search tools.
2025-12-27 14:06:26 +01:00
ade0cddeb3
support multiple CORS origins ( #5150 )
...
Co-authored-by: aler9 <46489434+aler9@users.noreply.github.com >
2025-11-21 02:00:46 +01:00
adc4a6ceb6
add udpReadBufferSize parameter ( #5129 )
...
this allows to set a global UDP read buffer, applied to every UDP socket.
2025-10-29 11:28:22 +01:00
ccaccc51b4
replace incoming absolute timestamps of any source ( #5081 )
...
Absolute timestamps are used to generate recording segments, so users
should not be able to change them, unless explicitly allowed.
Parameter useAbsoluteTimestamp allowed to re-enable absolute timestamps
with RTSP and WebRTC, now it is extended to all protocols.
2025-10-13 12:23:51 +02:00
85f57b90db
stop accepting JWTs from query parameters unless allowed in conf ( #5010 )
...
This is the first step into removing support for JWTs in
query parameters, which is a security flaw.
2025-09-22 10:04:51 +02:00
0b635617c7
docs: update ( #4994 )
2025-09-18 18:41:51 +02:00
f81c50ee68
rtsp: support reading streams tunneled with HTTP or WebSocket ( #4986 )
2025-09-17 22:31:20 +02:00
35aceaa4a9
send server name (SNI) when opening TLS connections ( #4973 )
2025-09-15 19:38:36 +02:00
462fb2bd0f
allow setting UDP read buffer size ( #3308 ) ( #4846 )
...
new parameters: rtspUDPReadBufferSize, rtpUDPReadBufferSize, mpegtsUDPReadBufferSize
2025-08-11 12:21:00 +02:00
d0430d8ea5
support ingesting RTP streams ( #1515 ) ( #4843 )
2025-08-09 16:12:10 +02:00
7feff1d1dc
support MPEG-TS over unix sockets ( #4388 ) ( #4389 ) ( #4828 )
2025-08-08 18:03:38 +02:00
7ac752097b
rpi: allow setting software H264 profile and level ( #3965 ) ( #4786 )
2025-07-25 13:40:15 +02:00
0fe12f8bf6
rpi: rename rpiCameraProfile into rpiCameraH264Profile, rpiCameraLevel into rpiCameraH264Level ( #3965 ) ( #4785 )
2025-07-25 11:44:55 +02:00
1cabc382b0
rpi: rename rpiCameraJPEGQuality in rpiCameraMJPEGQuality ( #4784 )
2025-07-25 11:40:09 +02:00
94e001e736
rpi: add validity checks on rpiCameraProfile and rpiCameraLevel ( #4783 )
2025-07-25 11:36:40 +02:00
9ddcbf5c97
recorder: limit maximum part size ( #4674 ) ( #4760 )
...
this prevents RAM exhaustion.
2025-07-20 19:16:33 +02:00
c475f84e5d
rtsp: support encrypting UDP and UDP-multicast streams ( #4690 )
2025-07-05 13:46:59 +02:00
42a39716a9
update documentation ( #4626 )
2025-06-08 10:36:12 +02:00
dbc38a7aa6
record: support storing timezone in recording segments ( #3566 ) ( #4597 )
2025-06-02 20:47:29 +02:00
e0ad33320e
update docs ( #4520 )
2025-05-11 11:20:03 +02:00
74bfb988d7
allow disabling JWT in HTTP query parameters ( #4518 )
2025-05-11 10:21:08 +02:00
f97213ae6e
support passing JWTs through the password field ( #4516 )
...
This is safer than passing JWTs through query parameters, unfortunately support is limited.
2025-05-10 22:54:24 +02:00
Alessandro Ros