[Live-devel] SETUP with an existing Session id bypasses authentication

Ross Finlayson finlayson at live555.com
Mon Jul 6 12:14:15 PDT 2026


Qingyang,

Thanks for the note.  Protection against the use of ’stolen’ session ids was added to the code back in April, but at the time I forgot to do so for “SETUP” commands.  I’ve just released a new version (2026.07.06) of the code that fixes this.


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/




More information about the live-devel mailing list