Important: You do not need to update to Wowza Streaming Engine 4.8.17 to get the latest fixes for Apache Log4j2-related issues. You can simply run our Log4j2 Updater to get the latest Log4j2 files. Please note:
- Wowza Streaming Engine 4.8.17 does not contain a fix for CVE-2021-45105, which was fixed with Log4j 2.17.0. It only updates files to Log4j 2.16.0 for CVE-2021-44228 and CVE-2021-45046.
- Addressing recent Apache Log4j2 issues is a dynamic situation that we will continue to respond to based on Apache updates.
Version: Wowza Streaming Engine™ 4.8.17+1 build 20211216162410 released on December 21, 2021.
Java support: Wowza Streaming Engine 4.8.17 is built on Java 9 (OpenJDK Java SE JRE 9.0.4), but can be used with Java versions 9-12. For more information, see Manually install and troubleshoot Java on Wowza Streaming Engine.
New features and functionality in Wowza Streaming Engine 4.8.17
Wowza Streaming Engine is a robust, customizable, and scalable media server software that powers reliable streaming of high-quality video and audio to any device, anywhere. Wowza Streaming Engine 4.8.17 includes an upgrade to Log4j 2.16.0 to address security vulnerabilities in Apache Log4j2 versions 2.15.0 and earlier (CVE-2021-44228 & CVE-2021-45046).
Logging in Wowza Streaming Engine 4.8.8.01 through 4.8.16 uses a version of Apache Log4j2 with security vulnerabilities involving JNDI functionality that is not protected against attacker-controlled LDAP and other JNDI-related endpoints.
Installation and update considerations for Wowza Streaming Engine 4.8.17
Wowza Streaming Engine 4.8.5 and later installs a custom packaged version of OpenJDK Java SE JRE 9.0.4 that includes the java.scripting module. This module is required for Wowza Streaming Engine 4.8.17 but is not added by the Wowza Streaming Engine 4.8.17 updater. If you are updating to Wowza Streaming Engine 4.8.17 from a base installation of Wowza Streaming Engine 4.8.0 or earlier, before you update, you need to install a supported version of Java that contains the java.scripting module, such as Java 9-12 or the custom version of OpenJDK Java SE JRE 9.0.4 installed with Wowza Streaming Engine 4.8.17 (available from the Downloads tab of My Account). Then instruct Wowza Streaming Engine to use that version of Java according to the instructions in Manually install and troubleshoot Java on Wowza Streaming Engine.
When using the Wowza Streaming Engine 4.8.17 installer to install a new instance of Wowza Streaming Engine on Windows, you may need to install additional dependencies in order to ingest SRT MediaCaster streams or use the generic SRT stream targets destination to publish an SRT stream. To address this, install the latest version of the Microsoft Visual C++ Redistributable for Visual Studio appropriate to your operating system.
For step-by-step instructions on how to install or update Wowza Streaming Engine, see the following articles:
- Install – Install and configure Wowza Streaming Engine
- Update – Update your Wowza Streaming Engine installation
Detailed list of changes in Wowza Streaming Engine 4.8.17
Changes since Wowza Streaming Engine 4.8.16
- Upgraded to Log4j 2.16.0 to address security vulnerabilities in Apache Log4j2 versions 2.15.0 and earlier (CVE-2021-44228 & CVE-2021-45046).
Known issues with Wowza Streaming Engine 4.8.17
For a detailed list of known issues that are still in effect, see Known issues with Wowza Streaming Engine.
Patch updates to Wowza Streaming Engine 4.8.17
Between production releases, Wowza occasionally provides patches to fix bugs or regressions in the latest production release, which can be deployed in production environments and workflows for long-term stability.
There is no available patch release for Wowza Streaming Engine 4.8.17 at this time.