Version: Wowza Streaming Engine™ 4.11.0+24 build 20260615125033 released June 17, 2026.
Java support: Wowza Streaming Engine 4.11.0 is compiled using Java 17 (OpenJDK Java SE JRE 17.0.12) but can be used with Java versions 17 or 21. For more details, see Java version information.
Contents
Detailed list of changes in Wowza Streaming Engine 4.11.0
Known issues with Wowza Streaming Engine 4.11.0
New features and functionality in Wowza Streaming Engine 4.11.0
This release introduces a modernized WebRTC stack with broader standards support, more reliable connectivity, and a number of fixes.The existing WebRTC implementation continues to work unchanged.
New capabilities
- WHIP and WHEP support — publish to and play from Wowza Streaming Engine using the standard WHIP (ingest) and WHEP (egress) protocols, enabling interoperability with third-party tools such as OBS, FFmpeg, and GStreamer.
- Configurable STUN and TURN servers — set STUN and TURN servers (with TURN authentication) per application from Wowza Streaming Engine Manager or in
Application.xmlto improve connection success across NATs and restrictive firewalls. - Improved connectivity (ICE) — full ICE candidate gathering and connectivity checks, trickle ICE for faster connection setup, and TCP ICE candidate support for networks where UDP is blocked.
- Expanded codec support — added HEVC (H.265) and VP9 for WebRTC, with automatic codec negotiation.
- Multiple IP / NIC support — WebRTC now works on secondary public IP addresses and additional host ports, not just the primary network interface.
- Edge/Origin playback — WebRTC playback is supported from Edge applications repeating streams from Origin applications.
- Secure token protection — WebRTC streams can be protected using secure tokens.
- Connection monitoring — the Application Monitoring page now displays the current WebRTC connection count.
- Updated example pages — the WebRTC publish and playback example pages were modernized, including WHIP/WHEP selection, STUN/TURN configuration fields, and trickle ICE support.
Resolved issues
- Fixed WebRTC publishing failures from Firefox.
- Fixed WebRTC connection failures on servers using ECC (Elliptic Curve) SSL certificates.
- Fixed Safari (iOS and macOS) playback failures for transcoded WebRTC streams delivered over HLS/LL-HLS.
- Fixed missing video on certain 720p streams published over WebRTC.
- Fixed WebRTC failures when using a server's secondary public IP address.
- Fixed video artifacts and interruptions when transcoding RTMP sources to WebRTC.
- Fixed missing audio when publishing WebRTC from certain mobile devices.
- Fixed severe frame-rate drops when publishing higher-resolution WebRTC from Firefox.
Detailed list of changes in Wowza Streaming Engine 4.11.0
Security
- Upgraded Apache Log4j Core to version 2.25.4 to resolve CVE-2026-34478 and CVE-2026-34480.
- Upgraded Jetty to version 12.1.9 to resolve CVE-2026-2332.
- Updated Apache Tomcat to version 10.1.55 to address the following security vulnerabilities: CVE-2026-34483, CVE-2026-34486, CVE-2026-34487.
Improvements
- Added built-in PDT support for HLS streams. Users can now configure PDT tags directly in the
Application.xmlfile and no longer need to install theModuleCupertinoProgramDateTimemodule. The PDT tags can be configured with the following properties:cupertinoEnableProgramDateTime: Emit a PDT on the first chunk and at discontinuitiescupertinoEnableProgramDateTimePerSegment: Emit a PDT on every segment- Note: This implementation is backward compatible—custom timestamps assigned via the
ModuleCupertinoProgramDateTimemodule or thechunk.setProgramDateTime(...)function will override the auto-populated wall-clock.
- Fixed a bug related to the HLS
cupertinoClosedCaptionValueproperty that prevented the subtitle button on iOS players from being disabled. - UX Improvement: A GPUID field has been added to the Decode section in WSE Manager. Users can now configure GPU transcoding workflows without editing XML.
- The default TCP send and receive buffer values for newly created vhosts and newly created host ports have been updated.
- Suppressed verbose Log4j configuration startup messages in the update tool by changing the status log level from INFO to WARN.
- Improved Transcoder stability under mixed CPU/GPU workloads.
- Optimized GPU Transcoder performance for workflows that involve Overlays and Watermarks.
- WebRTC improvements:
- Added support for WHIP/WHEP WebRTC streams, including support for bearer tokens. Once a bearer token is configured for an application, WSE will validate the Authorization header of incoming WHIP/WHEP requests against it. To require a bearer token on WHIP/WHEP streams you may:
- Generate a bearer token using WSE Manager
- Generate your own bearer token and add it to the application's configuration file (
Application.xml). - (Note: For independent access control, WHIP and WHEP must use separate tokens.)
- A new element was added to
VHost.xml. The new<SelectedVersion>element is nested within the existing<WebRTC>element. It allows apps to select WSE's default WebRTC implementation. The<SelectedVersion>is set tov2by default. To support legacy RTC streams, you may change<SelectedVersion>to either of the following values:legacy: All WebRTC streams will use the legacy (v1) WebRTC implementation.dynamic: Support bothv1andv2WebRTC implementations.
Include?webrtcImplementation=v2in HTTP requests to usev2; otherwise defaults tov1.- Note: In previous versions of WSE,
VHost.xmldoes not contain a<SelectedVersion>element.
In this case, WSE will automatically default todynamicmode, ensuring backward compatibility without requiring configuration changes.
- Added support for WHIP/WHEP WebRTC streams, including support for bearer tokens. Once a bearer token is configured for an application, WSE will validate the Authorization header of incoming WHIP/WHEP requests against it. To require a bearer token on WHIP/WHEP streams you may:
Bug Fixes
- Fixed out-of-memory errors in push-publish workflows when CDN becomes unreachable. Time-based cleanup purges segments after timeout, with discontinuity tags maintaining stream integrity.
- Fixed a bug causing memory exhaustion and CPU spikes when MediaCaster sources are unavailable. DNS lookups are now cached to reduce connection overhead. Connection timeouts and per-source bind address settings are now properly honored.
- Fixed memory leaks in HTTP playback sessions caused by incomplete session cleanup. Idle worker errors are now caught and logged, ensuring proper session cleanup when playback ends.
- Fixed a memory leak in
RTPDePacketizerWrapperPacketSorteraffecting streams with intentional packet duplication. In high-latency streams configured with jitter buffer, duplicate RTP packets caused unbounded heap growth, resulting in server crashes. - Fixed a bug in MainConcept CPU transcoding, in which the transcoded video was slightly darker than the source video.
- Fixed an issue decoding RTSP published H.265/HEVC video streams.
- Fixed a bug causing video quality degradation when using a combination of: CUDA scaling, NVCUVID decoding, and NVENC GPU encoding.
- Fixed a parameter alignment issue in MainConcept transcoder initialization causing incorrect encoding parameters (affecting H.265 encoding, in particular).
- Fixed an issue where transcoder sessions were not being properly removed from the session map. In some cases, duplicate entries caused accounts to reach their transcode session limit prematurely.
- Fixed LL-HLS CMAF playlist generation to correctly report rendition information, resolving Apple
mediastreamvalidatorvalidation errors. - The application-specific directory
content/[AppName]/is now created during new application setup. Previously, this directory was not created, resulting in a 'Streaming File Directory does not exist' error. - Fixed a bug introduced in WSE v4.9.7 that produced a false "Untracked publisher stream" warning for each transcoder output stream. These false alarms have been eliminated.
Known issues with Wowza Streaming Engine 4.11.0
For a detailed list of currently known issues, see Known issues with Wowza Streaming Engine.
