jPlayer 2.4.0

[Mark Panaghiston]

jPlayer 2.4.0 has been released on http://jplayer.org/

Download the latest version here:
http://jplayer.org/download/

The release notes for the changes from the previous release are here:
http://jplayer.org/latest/release-notes/

Upgrading is seamless. Simply add the new jquery.jplayer.min.js and Jplayer.swf files to your site.

It is recommended that you update to this version to remove a minor vulnerability with the Flash SWF that enabled Cross Site Scripting (XSS) on your domain. Remember to delete any old copies of the Jplayer.swf file you might have on your site to eliminate the vulnerability.

Basically, the 2.3.0 XSS enabled the SWF to generate a confirm or prompt popup from your site, but it was benign. In 2.4.0 we have closed the hole for now and any future changes in the JavaScript and DOM language. After discussion with security pros, it is now strongly believed that the Jplayer.swf file is secure. Direct access is detected and blocks any event generation. All url parameters are checked with a character whitelist. The jQuery parameter is restricted to strings containing jQuery.
See: Security Restrictions and the noConflict option.

New features:

• Security fixed the SWF once and for all!
• Added Zepto 1.0 with data module support.
  
• Added events to Flash MP3 player:
  
  • waiting
  • playing
  • canplay
  • canplaythrough.
• Fix: Changing cssSelectorAncestor now updates new GUI with state.
• Fix: Multiple GUI progress/volume bars now work.
  

The jPlayer GitHub repo has had a v2.4 branch created.

jPlayer is now listed in the official jQuery plugins:
http://plugins.jquery.com/jplayer/

This thread continues on from the previous development log for jPlayer 2.3.0, found here:
https://groups.google.com/d/topic/jplayer/oGNS234o8CA/discussion

The development log of jPlayer 2.4.0 will continue in this thread.

Please start a new thread for support requests.

[Mark Panaghiston]

jPlayer 2.4.1 pushed to GitHub:
https://github.com/happyworm/jPlayer

• [2.4.1] Bug Fix: The Flash SWF had a problem with more than 8 instances on Firefox OSX. This was due to the TraceOut() class being instanced. The class is now only instanced in debug mode.

Additional:

This bug crept in at jPlayer 2.2.0. This will teach me to check others code to a higher degree before merging with jPlayer. The code causing the problem was purely for debugging purposes and could have been removed entirely... But I changed it so it is only instanced when the AS is compiled with the debug variable set true.

[Mark Panaghiston]

Spoke with @rhall on twitter. The TraceOut() class and associated code can be removed. It was purely for a custom tester he developed, but never released.

I will clean up the code next week since it will have no functional effect.

[Robert M. Hall II]

Hi all - quick follow up.

Sorry that this code caused problems for anyone - it was indeed leftover code that allowed the jplayer.swf to connect locally with a local Adobe AIR app that could run and float in front of all windows and catch all the trace statements in realtime. I had made it for a client to enable to see trace output from Flash instead of having to have a debug Flash player installed and tailing the flashlog.txt file when they wanted to diagnose any issues they might be seeing with the player, specifically for live RTMP streams which can be a bit more involved to debug due to all the extra variables that go into a live stream versus an on demand or canned file. It was purely for diagnostic - testing purposes and can totally be safely removed. I had plans on releasing the client but just never got around to it as my personal workflow is just to use a debug Flash player install and use tail from the command line to watch the flashlog.txt output in realtime - essentially what this traceOut class was doing, but a little easier for a non-developer to follow along.

It still however should not have caused an issue like this - it looks like this exposed a lower level Flash player bug with the localConnection API, so I'll be submitting this to Adobe.  Older versions of the Flash player, and older versions of browsers used to have a combined bug where you would lose audio if a certain number of SWF's were simultaneously using audio - which sounded really similar to this issue - but that bug has long been since fixed as far as I know, so this is a new one with similar results.

Just recently started following progress again on this and see all the great improvements  that have been made - I plan to spend some time next week reviewing everything and will see if there are any other areas in the RTMP code and sections I contributed that could be improved.

All the best!

Rob

--
You received this message because you are subscribed to the Google Groups "jPlayer: HTML5 Audio & Video for jQuery" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jplayer+u...@googlegroups.com.
To post to this group, send email to jpl...@googlegroups.com.
Visit this group at http://groups.google.com/group/jplayer.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Sandeep G]

Hi Mark,

I have updated jplayer.swf file and jquery.jplayer.min.js 2.4 versions. 

My website should support mp4 video for IE9,IE10,chrome latest, firefox 18 + versions.

I have 2 cases:

first case: mp4 video stored in local server

I tried to use "flash" for "solution" attribute but

Its not working in IE9 + and its working fine if "solution" attribute value is "html".

second case: mp4 video is placed in Akamai ( third party ) and  the url for video will be like rtmp://-------.mp4

This is working in chrome but not working in IE9+

My overall requirement is like 

1) flash support instead of html("solution')

2) should play the video when rtmp url given

3) should only use mp4

4) should play the video when local path given for video

5) should work for browsers which are mentioned above.

Please help me.

Thanks & Regards,

Sandeep G 

[Sandeep G]

Hi Mark,

I have below requirements

1) should only use mp4 videos.

2) video should play if rtmp urls given ( rtmp://------xx.mp4

3) video should play if local path given for video

4) should use flash instead of html for "solution"

5) should support ie9,ie10,chrme 18+,firefox 17+.

Can you please help me.

Thanks & Regards,

Sandeep G

On Wednesday, June 5, 2013 11:43:07 PM UTC+5:30, Mark Panaghiston wrote:

[Sandeep G]

Hi Mark,

          One more clarification required, Is Jplayer will support HTML5 for RTMP URLs?

 

Thanks & Regards,

Sandeep.

 

 

On Wednesday, June 5, 2013 11:43:07 PM UTC+5:30, Mark Panaghiston wrote:

[Mark Panaghiston]

Hello jPlayer Community,

I will be able to spend some time on jPlayer over the next week so hope to implement a few of the Pull Requests and some other features in that time. While I'm sure you all have a list of features that you desire, bear in mind that I want to get the 2.4.1 update official ASAP. I kinda dropped the ball on that one and it is now 4 months overdue.

We are making changes to our GitHub repo:
https://github.com/happyworm/jPlayer

Development will now be performed in the dev branch. The release notes will record these items as [dev] and no longer assign a minor release number to each and every little thing I do.

Each major/minor release will have their own branch, such as v2.3 and v2.4, and these branches will have bug fixes applied to them while they are the latest version. For example, v2.3 will not have any bug fixes applied to it, however, the v2.4 branch will have the bug fixes applied to it until v2.5 is released. So currently, v2.4 branch is 2.4.1, which is currently identical to the master branch.

So... Over the next period of development, the changes will be occurring in the dev branch and when 2.5 is ready we will merge those developments into the master branch and update all the other bits and bobs that go with a minor release. ie., Tagging, incrementing versions in the JSON files and creating a version branch.

And, for example, if a bug fix is issued during this period, it would be applied to the v2.4 branch, then merges with the master and dev branches. That bug fix would be called jPlayer 2.4.2.

This may seem a little complicated, but the idea here is that we have a development area that is free to grow with loose checks, while the master and latest version branch contain important bug fixes for the latest official version.

References:
http://nvie.com/posts/a-successful-git-branching-model/
https://www.atlassian.com/git/tutorial

Summary of development areas being considered:
1) Adding currentTime(t) command, to compliment the play(t) and pause(t) commands.
2) Adding extra format types, HLS/M3U8, M3U and maybe even PLS... But PLS has very limited support and even Apple don't advertise that it can work in their docs.
3) Time display types... currentTime/duration versus remainingTime. Envisage that clicking on currentTime GUI switches between currentTime and remainingTime... And probably have an option for enabling it and its initial state.
4) Look at the PRs on github and either merge, integrate or close them. And clean up the issues, since most are support requests and not issues.

Best regards,
Mark P.

[Mark Panaghiston]

jPlayer 2.4.2 pushed to GitHub:
https://github.com/happyworm/jPlayer

Both branches v2.4 and master have been updated:

• [2.4.2] Bug Fix: The Flash SWF had a problem with relative URLs when using the MP4 player (m4a/m4v). Now all media URLs are converted to absolute URLs. The converted URLs are stored in the event.jPlayer.status.media object, even if you supplied relative URLs.

The dev branch has 2.4.2 merged into it and has the following developments so far:

• [dev] New Feature: Added consoleAlerts option (default:true) which forces the alerts generated by errorAlerts and warningAlerts to be written to the console instead. When the console is not supported and this option is enabled, no alert will occur. This feature was proposed here Added an option for console logging errors... by adamwaite

And here is jPlayer's record on the jQuery plugin site:
http://plugins.jquery.com/jplayer/

[Mark Panaghiston]

jPlayer 2.5.0 pushed to GitHub:
https://github.com/happyworm/jPlayer

Created v2.5 branch. Currently master, v2.5 and dev are identical.

• [dev] Added Support: Merged Pull Request m3u8 support by rickvanderzwet. Edited to create the audio m3u8a and video m3u8v format definitions. Be aware that, only a few HTML browsers support this format and the Flash does not support it.
• [dev] Added Support: For the M3U format by creating the audio m3ua and video m3uv format definitions. Be aware that, only a few HTML browsers support this format and the Flash does not support it.
• [dev] Added Support: Merged Pull Request Add opus codec for ogg, add flac by StefanBruens.
• [dev] New Feature: Added tellOthers(command[,conditions][,args]) method. This method enables an instance to issue commands to the other instances. The optional conditions(invoker) function executes with the other instance's context (this) and returns true or false, controlling whether the other instance is commanded. The invoker parameter is the jPlayer instance that is issuing the commands. Both this and invoker are the jPlayer JavaScript object. For example: this.status.srcSet or invoker.options.muted.
• [dev] New Feature: Added time parameter to pauseOthers(time) method. This feature was proposed here Added stopOthers similar to pauseOthers by harvest.
• [dev] New Feature: Added the globalVolume option (default:false) which causes the volume option to be shared with other jPlayer instances that have the globalVolume option enabled.
• [dev] New Feature: Enhanced the globalVolume option to causes the muted option to be shared with other jPlayer instances that have the globalVolume option enabled.
• [dev] Bower Support: Added bower.json file to the jPlayer Repository. This addition was proposed here bower component file by popol1991.
• [dev] Added Support: Added the allowInsecureDomain("*") command to the Flash. This addition was proposed here Use allowInsecureDomain in order to support serving the SWF over HTTPS by prekageo.
• [dev] Added Support: The Flash RTMP player now supports an Amazon CloudFront Signature URL. This addition was proposed here Update JplayerRtmp.as by iking0980.
• [dev] Bug Fix: The volume was not restored after a flashreset event. This fix was given here Recovering from "flash reset" does not restore volume by marcn.

[Mark Panaghiston]

The development log will continue in the jPlayer 2.5.0 thread:
https://groups.google.com/d/topic/jplayer/cmJYspHnBUE/discussion

[Mark Panaghiston]

Omitted this development in the release notes:

[dev] New Feature: Added the playbackRate option for the HTML solution. This option works with these other options: defaultPlaybackRate, minPlaybackRate and maxPlaybackRate. The GUI cssSelectors have been added for a control bar. The status object has the status.playbackRateEnabled flag to indicate support. This feature varies cross-browser, see the dev guide for more information.