🏠

Working from home

Paul Gregoire mondain

🏠

Working from home

I am a Java geek and all around technology nerd; I am also a core developer on the Red5 project.

192 followers · 173 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

mondain / for red5 pro live app.md

Last active September 19, 2025 19:24

Web Application Authentication in Red5

To provide exclusion for WISH URI, add this to your web.xml as well if you're adding security to live

<!-- Public resources: explicitly marked as accessible -->
<security-constraint>
    <web-resource-collection>
        <web-resource-name>No auth area</web-resource-name>
        <url-pattern>/whip/*</url-pattern>
        <url-pattern>/whep/*</url-pattern>

mondain / red5-ws-leak.md

Created April 23, 2025 17:05

Red5 WsSession leak fix

Change log for WsSession leak in Red5; new version 2.0.16 released 4/23/2025

The leak was primarily seen during regular use of Red5 Pro's RTC client which uses a WebSocket for the initial connection with a switch to DataChannel if accepted / configured in the RTC client during startup.

Classes modified:

org.red5.net.websocket.WebSocketConnection - local reference to the connected scope was modified from a WeakReference to the WebSocketScope itself and marked final. In the ctor the scope is also added to the WsSession user properties for consolidated access within Tomcat. Several timeout properties were also added from the latest Tomcat 11.x documentation: BLOCKING_SEND_TIMEOUT our default to 8000ms, ABNORMAL_SESSION_CLOSE_SEND_TIMEOUT our default 10000ms, SESSION_CLOSE_TIMEOUT our default 5000ms. The properties are standard for Tomcat and may be modified at-will via system property override; all values are long type in milliseconds. The maximum idle timeout is now configured to use the largest

mondain / WHIP-SDP-Offers.md

Created January 17, 2025 16:30

WHIP-SDP-Offers as of Jan 2025

WHIP SDP Offers

List of SDP offers from current browser versions.

Chrome on Linux

v=0
o=- 2163966416233761195 2 IN IP4 127.0.0.1
s=-

mondain / red5pro-client-API-old.md

Last active October 31, 2024 15:02

Old - WebRTC client API for Red5 Pro

Client API

Defines communication between a browser client using Javascript and a server listening on a WebSocket. Requests and responses are communicated using JSON.

Author

Paul Gregoire

Prerequisites

Chrome or Firefox

mondain / logger-update.md

Created April 29, 2024 17:12

Address SLF4J logger update

Red5 updated its slf4j and logback libraries recently to address security vulnerabilities; in doing so, this broke the old code in Red5 open source logging that allowed the separation of logging into additional contexts such as those used by custom webapps and Red5 Pro cloudstorage. The symptom of which was difficult to catch since it just prevented logging without any indication. Currently, the only work-arounds are to replace the logger libraries with the older versions or replace every use of Red5LoggerFactory with the SLF4J default interface LoggerFactory; the SLF4J factory does not accept a context. Here is an example:

/*
 * The recent updates for SLF4J prevents Red5 logger factory use of a context,
 * it does not work in the latest Red5 open source libraries. We suggest a 
 * replacement in the interim.
 */

mondain / proscope-handler.md

Created April 22, 2024 17:55

Updating a custom Red5 application to newer Red5 Pro Server before handler patch is available

This document assumes that you've upgraded to 12.x of Red5 Pro prior to any patches addressing custom Red5 application scope handling. To get your application working, follow the steps below:

Add the dependency to your pom for red5pro-commons:

	<dependency>
		<groupId>com.red5pro</groupId>
		<artifactId>red5pro-common</artifactId>
		<version>12.0.1.0</version>
		<scope>compile</version>

mondain / migration-to-red5-1.3.32.md

Created March 28, 2024 15:34

Migration to Red5 1.3.32

In conf/red5-common.xml the MP3 and M4A entries must be removed to prevent startup exceptions, unless an MP3/M4A support jar is included in the classpath (Not yet available). Remove or comment out the following entries from the streamableFileFactory bean:

  <bean id="mp3FileService" class="org.red5.server.service.mp3.impl.MP3Service"/>
  <bean id="m4aFileService" class="org.red5.server.service.m4a.impl.M4AService"/>

Remove this entire bean entry:

mondain / SBOM-01102024.md

Last active January 11, 2024 16:59

Vulnerabilities in Red5

Addressing of critical and high vulerability alerts

The following three updates will cover the majority of issues detected; this report is for Red5 open source specifically and should apply to implementations utilizing the server.

Spring 5.3.31
Slf4j 2.0.11
Logback 1.4.14

The update to Spring 6.0.x is delayed due to its requirement on JDK 17.

mondain / obs-2-red5pro.md

Created July 3, 2023 17:50

OBS with libdatachannel to Red5 Pro version 11.0

Offer from OBS with libdatachannel:

v=0
o=rtc 1749923962 0 IN IP4 127.0.0.1
s=-
t=0 0
a=msid-semantic:WMS *
a=group:BUNDLE 0 1
a=setup:actpass

mondain / whip-ideas.md

Last active April 19, 2023 15:39

WHIP

WHIP with trickle:

sequenceDiagram
    participant wc as WHIP Client
    participant ws as WHIP Server
    wc->>+ws: OPTIONS /whip/endpoint/stream1
    ws-->>wc: HTTP Response with headers and optional Link header containing ICE servers
    wc->>ws: POST /whip/endpoint/stream1 with SDP Offer
 ws--&gt;&gt;wc: HTTP Response with SDP Answer with candidates and Location header "/whip/resource/stream1"

NewerOlder