LoginSign Up
← Back to all sparks
A

Ant Media Server

MEETINGS
Velocity6.3

Real-time streaming engine for live video, WebRTC, RTMP, and SRT.

antmedia.io

Ant Media crossed the 3.0 line with AV1, eight CVE patches, and a breaking API cleanup.

live streamingwebrtcav1 codecssai-scte35cve patchingbroadcaster-grade
Current state
Ant Media Server has just shipped its 3.0 series. The cut version, 3.0.1, packed an AV1 codec path, removed long-deprecated methods (potentially breaking integrations), patched roughly eight CVEs in the parent and management console, and added Strict-Transport-Security headers and daily SSL renewal checks. Two follow-up tags (3.0.2, 3.0.3) appear to be quick rebuilds rather than feature releases. The recent 2.17.x line had introduced server-side ad insertion (SSAI with SCTE-35), a v2 WebRTC web SDK, and LL-HLS cluster play.
Where it's heading
The product is in a 'broadcaster-grade plus security hardening' arc. SSAI/SCTE-35 is a clear push toward live-event monetization use cases, while AV1 and v2 WebRTC SDK target streaming infrastructure that competes with managed services. The CVE volume across recent releases (2.16.2 was nothing but patches; 2.17.1 and 3.0.1 each carried multiple) suggests an active third-party security review or fuzzing program is feeding the queue.
Prediction
Expect 3.0.x point releases focused on stabilizing AV1 in production, mopping up regressions from the deprecated-method removals, and continued CVE patching. The next functional bet to watch is whether SSAI gets enterprise-grade analytics or whether AV1 gets hardware-accelerated encode paths.

Recent moves

  1. 16d ago

    Community 3.0.3: rebuild tag with no published changelog

    3.0.3 is tagged a day after 3.0.2 with no listed changes — looks like an artifact rebuild on top of the 3.0.1 feature cut. Operators can treat it as a numbering bump rather than new functionality.

    View source ↗
  2. 17d ago

    Community 3.0.2: SNAPSHOT version bump and quality items

    3.0.2's changelog amounts to internal version-string bumps to 4.0.0-SNAPSHOT and a vague quality/security/stability line — the artifact name still references 3.0.1. Effectively a packaging cut, not a feature release.

    View source ↗
  3. 1mo ago

    Community 3.0.1: AV1 codec, breaking API cleanup, eight CVE patches

    ⚡ SPARK

    3.0.1 is the real 3.0 cut: AV1 codec support across server and enterprise, the removal of long-deprecated methods (the changelog flags this as potentially breaking), HSTS headers, daily systemd SSL renewal checks, and roughly eight CVEs patched in the parent and management console. This is the foundation the 3.0.x line will build on.

    View source ↗
  4. 3mo ago

    Community 2.17.1: WebRTC timing fixes, SRT restream endpoints, local license server

    2.17.1 polishes the 2.17.0 cut — proper WebRTC timing conversion from non-WebRTC sources, auto start/stop playlists by demand, restream-to-SRT endpoints, and a local license server option for air-gapped enterprise deployments. Two more CVEs patched in the parent.

    View source ↗
  5. 3mo ago

    Community 2.17.0: SSAI with SCTE-35 and WebRTC Web SDK v2

    ⚡ SPARK

    2.17.0 introduces server-side ad insertion with SCTE-35 markers and ships a v2 WebRTC web SDK alongside LL-HLS cluster play improvements. SSAI is the kind of feature operators specifically migrate from managed broadcasters to get.

    View source ↗
  6. 5mo ago

    Community 2.16.2: five CVE patches in the parent

    2.16.2 is almost entirely security patching — five CVEs closed in the parent project plus a small dashboard tweak. The cadence of these CVE-only releases is part of the observable pattern feeding into the 3.0 hardening posture.

    View source ↗