Wowza Streaming Engine 4.8.8+ versions require Wrench 2.1.x
Wowza Streaming Engine 4.8.x and 4.7.x require Wrench 2.0.x
Custom builds for earlier WSE versions back to 3.x are possible upon custom request
Release date: 2023.01.20
Extend the outgoing pay-per-minute JSON messages with stream names
Include IP address in the outgoing token resolver HTTP request
Release date: 2021.03.39
Fixed a UI compatiblity issue that can occur with Wowza 4.8.11 (NoSuchMethodError when logging into the UI)
Spark (3rd party dependency) upgrade
Release date: 2021.01.17
Compatible with Wowza Streaming Engine 4.8.8+ due to log4j2 upgrade in WSE
Added support for using bcrypt-ed passwords to log into the manager interface
Removed the default value of wrench.db.url that used to be local mysql specific
Release date: 2020.07.23
Fixed broken web user interface / login redirect issue over HTTPS
Release date: 2020.07.18
Security update of embedded Jetty
built using JDK 9 targeting Wowza 4.8.x
Fixed a UI bug where saving bypass IP addresses caused IllegalArgumentException in the logs
Switch to semantic versioning instead of build date based versioning
Separated jar file and license file
built using JDK 9 targeting Wowza 4.7.8
deprecated wrench.jdbc.driver setting, as modern JDBC drivers self-register. The database driver is determined based on the JDBC URL
error handling added to the scenario where the database pool is depleted. Wrench passes over connections in this scenario to avoid bad user experience.
publication events sent out to external web services now contain the WebRTC flag (isWebRTC)
wrench.switchable.public.mode.filtering
wrench.http.streamer.request.ignore.token
“constant” as a valid public mode setting
HTTP request rate-limiting feature with DB logging and/or dropping clients exceeding request limit (prevents certain “download helpers”)
IP and query string is taken from requests not only from a session when HTTP streamer request checking is enabled
Fixed a bug where the UI was not accessible in certain cases
Initial WebRTC support
REST API for programmatically kicking out a Wowza session based on username or session ID
Supports multiple applications spinning up the web interface without interference
Redirect to preconfigured video if token is missing or authentication fails: wrench.auth.failed.video.http.url
Fixed a bug where the UI was not saving certain numeric values properly
Support for Wowza behind a proxy server: the IP address can be overridden by arbitrary configured HTTP header, e.g. X-Forwarded-For with wrench.ip.override.http.header setting
Bitrate limitation: token resolution can now return a bitrate limit for the user which is if exceeded, Wrench disconnects the user
Fixed a bug where the token was not properly parsed out from certain MPEG-DASH requests
Added support for the http streamer request checking feature for MPEG-DASH
Database connection is tested upon startup
Minor logging tweaks
Fixed occasional NPE when the stream was rejected
Fixed the bug where certain SQL exceptions got logged as NPE hiding the root cause
Removed slf4j from the build
New option: wrench.dbcp.max.idle.size that allows more control on the connection pool
Fixed duplicate Content-Type header issue on certain outgoing messages that caused problems on IIS
Web user interface for configuration and management (list sessions, kick user)
IP parameter available in token resolver query
Java 8 is mandatory
applicationName and applicationInstanceName available in MDC (so you can display it in your log4j configuration)Introduced wrench.server.logical.name (available in lifecycle hooks as parameter)
IP bypassing also supports subnets with CIDR notation
Stream name and session id available as parameter in the disconnect SQL hook
New convencience parameter: wrench.bypass.publish.allowed
Fixed the HTTP Accept header of outgoing POSTs, they are now application/json
Configuration fully cleared out after reading it on startup, to address a security issue
Fixed java.lang.NullPointerException at certain circumstances in the PPM engine
IP address is also available in token resolver web service request
wrench.force.secure.transport option to force secure transport
Introduced web service based token resolution mechanism
Optional encoder flag checking upon publishing
New attribute “eventType” in the JSON messages sent upon play and publish, that helps decision in the auth web service
Fixed Content-Type headers in the outgoing JSON messages, application/json; charset=UTF-8 has been added
Fixed a bug in drop duplicate mechanism that caused dropping the newcomer instead of an existing player
PPM/PPV HTTP event publishing feature
wrench.duplicate.check.sql allows concurrency checking in multi-edge setupRepackaging from com.wowzatoolbox to com.streamtoolbox
wrench.bypass.ip option allows specifying a list of IP addresses that can bypass any check. This can be used for some hardware encoders that don’t allow passing the tokenwrench.connect.authorization.url allows hooking up external web services that are asked if the current connection should be accepted or not
New lifecycle hook wrench.duplicate.drop.sql
wrench.http.streamer.request.check.enable option to validate every single HTTP request received (only works with Wowza Streaming Engine 4.1.x)
wrench.rtp.check.enable switch allows disabling the RTP protocol checking which is needed if using IP camerasFixed a bug that caused wrong concurrency limit calculation, had to set n+1 if you wanted n
Released wrench.duplicate.drop.other toggle for kicking off existing user if a new user comes with the same username over the limit
Introduced plain as an option for wrench.token.hasher to support users who deliberately want less security
Added encoder as a SQL parameter in wrench.connect.authorization.sql
Introduced wrench.http.referrer.whitelist and wrench.http.referrer.blacklist features
that allow limiting player access based on this HTTP header
Introduced wrench.verbose.logging switch that is on by default, but if switched off, the amount of logging is reduced
Publish stream events (start, stop, play, pause) by calling arbitrary HTTP endpoint POSTing JSON messages
Introduced wrench.user.agent.whitelist and wrench.user.agent.blacklist features
Introduced wrench.publish.authentication.query which enables per stream / per user permission checking upon RTMP and RTP publishing
Allow using :username in token invalidation query
Fixed NPE when RTP client starts streaming from Wowza GoCoder on iPhone
Fixed query param parsing, trailing slashes are now handled properly
Added :hashedtoken parameter to PPM/PPV sql queries
The client type (is encoder or not) can be determined by the token resolver query’s new optional return column
Better error handling in the monitor job
Fixed a bug that prevented PPM queries to be executed in case of Flash clients and VOD
Added :stream as a parameter to wrench.connect.authorization.sql, so per stream user authentication is possible
Fixed a bug that caused wrench.connect.authorization.sql not to work under certain conditions
Fixed a bug that caused concurrency checking mechanism not being configured properly under certain conditions
Minor improvements in logging
Dynamic public/secured mode switching via file or SQL query based switch
Minor bugfixes
Added support for RTP and MPEG-DASH streaming
New DBCP parameters can be configured (maxWaitTime, etc.)
New lifecycle hook wrench.ppm.disconnect.sql that allows dynamically dropping players if their PPM balance goes down
Bugfix: token invalidation query was not performed if logging was not on debug level
Free version’s player limit decreased to 25 (sorry)
Added support for HTTP-based streaming such as San Jose, Cupertino and Smooth streaming
Concurrent playing is cross-checked between RTMP and HTTP based streams
Token IP address checking
Token expiration time checking
Duplicate player filtering
Bugfix
Param substitution changed from pure JDBC to :param style for the update SQL run when disconnect
Easier SQL parameter binding everywhere by using the :paramname notation instead of ? marks
No need to add any external dependencies to lib manually except the JDBC driver, everything is packed into a single fat jar
Introduced pay-per-minute and pay-per-view features
Initial launch of Wowza Wrench with the basic user authentication and SQL hook based authorization functionality.
Quick Links