From 37eb7a3276479331aafdae7c2ebda016d7e9ec51 Mon Sep 17 00:00:00 2001 From: Raja Subramanian Date: Sat, 16 May 2026 22:11:24 +0530 Subject: [PATCH] Release v1.12.0 (#4529) * Release v1.12.0 Please read the note in the release about TURN related changes and let me know if it is clear enough that projects should update and prepare for backwards compatibility removal in the next release. * space --- CHANGELOG.md | 140 ++++++++++++++++++++++++++++++++++++++++++++- version/version.go | 2 +- 2 files changed, 138 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0133ad195..e5ef3e4b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,11 +2,106 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.12.0] - 2026-05-16 + +## ATTENTION: This releases introduces important changes to how TURN authentication and permissions are handled. These changes make the system more secure. This release maintains backwards compatiblity. However, backwards compatibility will be removed in the next release. So, please plan accordingly. + +### TURN permission handling changes + +By default, TURN will not relay traffic to private IPs. If you need to relay traffic to private IPs, please use `allow_restricted_peer_cidrs` which is explained in config-sample.yaml and replicated below. + +``` +# # list of restricted peer CIDRs (loopback, link-local (unicast, multicast), multicast, private, unspecified) to allow access to. +# # By default (i. e. empty list), all restricted peer CIDRs are denied access. +# # When not empty, only the specified CIDRs are allowed access. +# # Note that this check is applied to restricted peer CIDRs only. +# allow_restricted_peer_cidrs: +# - 10.0.0.0/8 +# - 192.168.0.0/16 +``` + +That list can be paired with a deny list which takes precedence if there is an overlap. + +``` +# # list of peer CIDRs to deny access to. +# # This applies to all peer CIDRs, including restricted ones. +# # Deny list takes precedence over allow list. +# deny_peer_cidrs: +# - 10.0.0.0/8 +# - 192.168.0.0/16 +``` + +Relevant PRs: #4505 + +### TURN authentication handling changes + +TURN credentials now have a TTL (Time-To-Live) beyond which they are not valid to join a room. We recommend rotating your TURN authentication secrets to ensure older credentials are rendered stale and not usable. + +``` +# # TTL of the TURN credentials in seconds - defaults to 300 +# ttl_seconds: 300 +``` + +Please note that the TTL is always used in constructing the credentials. So, a value of 0 will create credentials that expire immediately. + +Relevant PRs: #4505, #4515, #4524, #4526 + +### Added + +- add support for client capabilities (#4461) +- Additional data tracks logging (#4489) +- Add CloseWithReason to agent SignalConn interface (#4492) +- add agent environment (#4498) +- add duration seconds reporting (#4500) +- add helper to check for agent worker endpoint (#4503) +- test: verify upstream and downstream connection stats end-to-end (#4508) +- Add TURN permission handler. (#4505) +- allow setting agent job assignment url (#4512) +- Add expiry to TURN password. (#4505, #4515) +- add AssignmentHook to AssignJob; propagate websocket write errors (#4516) +- Apply room tags from JWT grant room configuration (#4518) +- feat: auto create rooms for tokens with the RoomCreate grant (#4320) +- Add integration test for TURN auth failures (#4524) +- Support SIP auth realm for inbound. (#4522) +- Apply ttl check only when authenticate allocation creating (#4526) + +### Changed + +- feat(pion/ice): replace deprecated NAT1To1 with SetAddressRewriteRules (#4466) +- do not log data track stats if not started (#4468) +- Consolidate RTCP packets and do RTCP callback outside lock. (#4469) +- Keep a shadow copy of tracks for use by different stream allocator state (#4470) +- Avoid stream allocator event data cast to interface and back. (#4471) +- Convert sort.Slice -> slices.SortFunc (#4472) +- Turn off transceiver re-use on Safari. (#4474) +- reduce some heap use in packet path by (#4478) +- Close peer connection unconditionally to unblock set local/remote (#4485) +- Misc optimisations. (#4490) +- report all simulcast layers (#4491) +- Use mediatransportutil/codec package, no functional change (#4497) +- rename agent environment to deployment (#4506) +- Update protocol to support SIP media config. (#4509) +- update protocol for protojson (#4510) +- Populate data track loggers with context (#4514) +- Log large packets receive/send. (#4521) +- Log details of RTCP packets. (#4525) +- Create NACK tracker only once. (#4527) + +### Fixed + +- fix: wrap IPv6 addresses in brackets in UDP TURN URLs (RFC 3986) (#4476) +- Legacy TrackInfo.Simulcast flag. (#4493) +- Fix publish-only limitations being incorrectly applied to receivers (#4495) +- Include reception reoprts in receiver report callback. (#4496) +- Fix sense check in DeltaInfo gathering (#4507) +- Fix SIP media config upgrade. (#4511) + ## [1.11.0] - 2026-04-17 NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/transport/data/data-tracks/) by default. ### Added + - Embedded turn test (#4412) - chore: log API key during worker registration (#4428) - Add some simple data track stats (#4431) @@ -15,6 +110,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Add subscriber stream start event notification (#4449) ### Changed + - Cleaning up some logs and standardising log frequency. (#4420) - Keep subscription synchronous when publisher is expected to resume. (#4424, #4425) - Do not close publisher peer connection to aid migration. (#4426, #4427) @@ -24,6 +120,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Store concrete ICE candidate for remote candidates. (#4458) ### Fixed + - clear track notifier observers on subscription teardown (#4413) - Guard against timestamp inversion in RED -> Opus conversion. (#4414, #4415, #4418) - ensure participant init is correctly serialized for logging (#4417) @@ -38,15 +135,18 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## [1.10.1] - 2026-03-30 ### Added + - add packet trailer stripping support (#4361) - Path check helpers (#4392) - add deadline to dtls connect context (#4395) - feat(agent-dispatch): add job restart policy (#4401) ### Changed + - Close both peer connections to aid migration. (#4382) ### Fixed + - Fix TURN server URL (#4389) - AV1 parser overflow fix. (#4405) - Address malformed H264/H265 parsing issues (#4407) @@ -56,14 +156,17 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## PLEASE NOTE: The logging key for participant session ID (a.k.a participant SID) has been changed from `pID` to `participantID` in this release for the sake of clarity. Hence the minor version bump. ### Added + - Add option to require media sections when participant joining (#4347, #4354) - Support originating calls from custom domains (#4349) - Add StopEgress function to the EgressLauncher interface (#4353) - Add option to not re-use transceiver in e2ee. (#4356) - Add API to restart lite stats. (#4366, #4368) + * handle AGENT_ERROR disconnect reason (#4339) ### Changed + - Mark last run of grow bucket outside goroutine. (#4348) - Refine ipv6 support (#4352) - Sample data send error logging. (#4358) @@ -75,11 +178,13 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Update grpc to address CVE-2026-33186 (#4381) ### Fixed + - Fix repair stream ID reporting for RTX pairing. (#4369) ## [1.9.12] - 2026-03-05 ### Added + - Add silent frame for pcmu/a (#4258) - adds a test to ensure agent worker errors cause disconnection (#4273) - Populate client_protocol field in ParticipantInfo (#4293) @@ -89,6 +194,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - feat: make INSTALL_PATH overridable in install script (#3954) ### Changed + - Defer setting clock rate in RTPStats module till codec is bound. (#4250) - Wrapping SIP errors for invalid argument and not found (#4253) - Ignore parse addr error when add remote candidate (#4264) @@ -103,6 +209,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Send participant left event after track unpublished for moved (#4334) ### Fixed + - Fix receiver restart race (#4248) - require participant broadcast when metadata/attributes are set in token (#4266) - Create buffer if needed when a PLI is requested. (#4282) @@ -121,12 +228,14 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## PLEASE NOTE: The previous release tag v1.9.10 hit a panic under some conditions. Sincerely regret the inconvenience caused. Although we do test rigorously, it is not guaranteed to cover all scenarios. We request you to report any issues you encounter. Thank you. ### Added + - Support OpenTelemetry tracing. Add Jaeger support. (#4222) - Add option to force simuclast codec. (#4226) - Log timeout in API (#4231, #4232) - Add participant option for data track auto-subscribe. (#4240) ### Changed + - Remove enable arrival time forwarding method. (#4217) - sfu/receiver and sfu/buffer refactor (#4221, #4224, #4225) - Change some logs to debugw (#4229) @@ -135,6 +244,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Wrapping the invalid request errors for CreateSipParticipant (#4239) ### Fixed + - Swap result sink atomically rather than closing and setting (#4216) - Address crash in v1.9.10 (#4219, #4220) - Return on SDP fragment read error. (#4228) @@ -144,6 +254,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## WARNING: Please do not use this release. There is a run time issue which causes the server to panic. The issue has been addressed in #4219 and #4220. ### Added + - add explicit room exists servicestore op (#4175) - Add support for TURN static auth secret credentials (#3796) - Make new path for signalling v1.5 support. (#4180) @@ -151,6 +262,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Support preserving external supplied time. (#4212) ### Changed + - Use published track for model access in data down track. (#4176) - Refactor receiver and buffer into Base and higher layer. (#4185, #4186, #4187, #4189, #4196, #4198, #4207) - Update pion/webrtc to v4.2.1 (#4191) @@ -158,6 +270,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Do not warn about track not bound if participant is not ready. (#4205, #4206) ### Fixed + - Flush ext packets on restart/close and release packets. (#4179) - Resolve RTX pair via OnTrack also. (#4190) - Handle repair SSRC of simulcast tracks during migration. (#4193) @@ -166,10 +279,12 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## [1.9.9] - 2025-12-18 ### Added + - Add support for RTP stream restart. (#4161) ### Changed -- Avoid duplicate track add to room track manager. (#4152, #4153) + +- Avoid duplicate track add to room track manager. (#4152, #4153) - Consistently undo update to sequence number and timestamp when the incoming packet cannot be sequenced. (#4156) - deregister observability function when participant is closed (#4157) - Ensure subscribe data track handles are unique (#4162) @@ -178,6 +293,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - skip lost sequence number ranges in getIntervalStats (#4166, #4169) ### Fixed + - chore: fix a large number of spelling issues (#4147) - Handle case of sequence number jump just after start. (#4150) - Drop run away receiver reports. (#4170) @@ -186,46 +302,55 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## [1.9.8] - 2025-12-10 ### Added + - Mark RTCP buffer Write as noinline. (for better heap attribution) (#4138) - add debug metric for tracking references (#4134) ### Changed + - Use isEnding to indicate if down track could be resumed. (#4132) - switch participant callbacks to room to listener interface (#4136) - protocol deps to get inactive file adjusted memory usage. (#4137) - update webrtc to 4.1.8 to pick up DTLS fingerprint check during handshake (#4140) ### Fixed + - Do not pause rid in SDP to prevent race with adaptive streaming (#4129) - leak fixes (#4131, #4141, #4142, #4143, #4144) ## [1.9.7] - 2025-12-05 ### Added + - Data tracks (experimental and not ready for use) (#4089) ### Changed + - log bucket growth (#4122) - Update pion/ice to stop gather first on close (#4123) - move utils.WrapAround to mediatransportutil (#4124) - Let participant close remove the published tracks. (#4125) ### Fixed + - Fix concurrent map access for https://github.com/livekit/livekit/issues/4126. (#4127) ## [1.9.6] - 2025-12-01 ### Added + - Control latency of lossy data channel (#4088) - logger proto redaction. (#4090) - Record join/publish/subscribe cancellations (#4102, #4104) ### Fixed + - Fix "address" typo in transport logs (addddress → address) (#4097) - Clear stereo=1 if stereo is not enabled. (#4101) - Participant session close deadlock fixes (#4107, #4113, #4116) ### Changed + - Switch forwarding latency log to Debugw (#4098) - Update mediatransportutil to get OWD estimator relocation (#4115) @@ -234,13 +359,16 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## [1.9.4] - 2025-11-15 ### Added + - Log reason for subscriber not being able to determine codec. (#4071) - Kind details for connector (#4072) ### Fixed + - Prevent invalid track access while peer connection is shutting down. (#4054) ### Changed + - Update PsRPC to get redis pipeliner implementation (#4055) - Forwarding latency measurement. (#4056. #4057, #4059, #4061, #4062, #4067, #4080) - Update pion/transport to v3.1.1 (to get batch I/O ping-pong buffer) (#4070) @@ -250,6 +378,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## [1.9.3] - 2025-11-02 ### Added + - Opportunistic video layer allocation on setting max spatial layer. (#4003, #4030, #4031, #4033) - use env var for GOARCH. (#4012) - Use simulcast codec as default policy for audio track. (#4040) @@ -257,6 +386,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Add prom histogram for forwarding latency and jitter. (#4044, #4045) ### Fixed + - Correct direction for request/response for prom counters. (#4027) - Do not bind buffer if codec is invalid. (#4028) - Remove ~ from rid which indicates disabled layer to get the actual rid. (#4032) @@ -264,6 +394,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - fix: add missing Unlock() in AddReceiver. (#4036) ### Changed + - Some golang modernisation bits. (#4106) - Use rtp converter from protocol/utils. (#4019, #4020) - High forwarding latency. (#4034, #4038) @@ -273,6 +404,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans ## [1.9.2] - 2025-10-17 ### Added + - Use gzip reader pool (#3903) - Rpcs for ingress proxy WHIP (#3911) - Include agent_name as a participant attribute (#3914) @@ -296,6 +428,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Include mid -> trackID in both SDP offer and answer. (#4007) ### Fixed + - add incoming request id to request response message (#3912) - Simulcast audio fixes (#3925) - Fix dynacast subscriber node clearing on move participant. (#3926) @@ -312,6 +445,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - Update pion/webrtc to prevent GetStats panic. (#4004) ### Changed + - update protocol for sip api change (#3902) - Refactor subscribedTrack + mediaTrackSubscriptions. (#3908) - Set publisher codec preferences after setting remote description (#3913) @@ -322,7 +456,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - More debugging of DD jump (#3934) - Use difference in key frame counter to stop seeder. (#3936) - Update protocol for SipCreateParticipant (#3939) -- mediatransportutil to log local address when validating external IP (#3942) +- mediatransportutil to log local address when validating external IP (#3942) - Use microseconds for forwarding stats. (#3943) - Tweaks tresholds for logging high forwarding latency/jitter. (#3945) - Flush stats when there are no packets. (#3947) @@ -446,7 +580,7 @@ NOTE: Minor version bump that enables data tracks (https://docs.livekit.io/trans - [🤖 readme-manager] Update README (#3808) - [🤖 readme-manager] Update README (#3809) - Rename RTCRest -> WHIP (#3829) -- Delete v2 signalling (#3835) +- Delete v2 signalling (#3835) - Clean up missed v2 pieces (#3837) - Update go deps (#3849) - Populate SDP cid in track info when available. (#3845) diff --git a/version/version.go b/version/version.go index 3fc40047c..0abeb937f 100644 --- a/version/version.go +++ b/version/version.go @@ -14,4 +14,4 @@ package version -const Version = "1.11.0" +const Version = "1.12.0"