FFmpeg 5.0 - Yet another blog for JBKempf
www.jbkempf.com
external-link
Page personnelle de Jean-Baptiste Kempf - Site Web

…this FFmpeg 5.0 release is important, because I hope that this release will start a new scheduling of FFmpeg releases.

I’d like to see one major release per year, and a LTS every other year. Which would mean 5.x would be a LTS release…

We’ll see how realistic this is.

Enjoy this release!

Arthur Besse
link
fedilink
73Y

Big ups to the ffmpeg team for making swiss army knife software that probably hundreds of millions of people use every day even though they’ve never heard of it!

Skimming the changelog, though, this caught my eye:

codec/format registration APIs removed, all formats are always registered

This seems like a bad decision to me. Obscure codecs are more likely to have old unnoticed exploitable bugs, so, for defense in depth, websites processing user uploads using ffmpeg-based tools are well advised to disable support for the vast majority of formats that ffmpeg supports. I assume they can still do that at compile time, which I would guess is what big sites with dedicated security teams probably do, but being able to disable codecs through the API would mean that smaller sites could also implement this kind of security posture while still using distro-provided packages (eg without taking on the burden of building ffmpeg themselves). I hope the developers reconsider this!

(Of course you should also still run it in a sandbox…)

Firefox and chromium (two out of three big web engines) use ffmpeg so billions use every day, for sure. In chrome though they disabled the obscure codecs.

Create a post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

  • 0 users online
  • 5 users / day
  • 14 users / week
  • 19 users / month
  • 6 users / 6 months
  • 22 subscribers
  • 584 Posts
  • 1.24K Comments
  • Modlog