11/8/2016 - Release - Flash Player 23
in today's release, we've updated flash player important bug fixes , security updates. current flash player customers have selected "allow adobe install updates (recommended)" update mechanism automatically updated latest version of flash player on next 24 hours.
the recent flash player security bulletin can found here: security bulletin (apsb16-37)
features flash player 23:
mozilla npapi asyncdrawing support
async drawing refers method browser , flash player use exchange bitmap surface flash player draws swf content. used when stage composited rest of content in browser window. feature allows wmode “direct” (wmode opaque , transparent) behave “windowless” in hardware accelerated async drawing. not used in fullscreen mode, or in windowed mode plugin draws directly own window. if asynchronous drawing unavailable reason, plugin falls using existing synchronous drawing model.
asyncdrawing supported in npapi plugin on windows desktop platforms only. available fp version 23.0 in firefox nightly 51.0a1, firefox versions supporting feature yet announced. choice of async drawing path used (hardware or software) depends on whether browser supports hardware or software async drawing modes.
the following table describes asynchronous drawing availability wmode:
window | none | none |
transparent | non-accelerated/software async drawing | none |
opaque | non-accelerated/software async drawing | none |
direct | hardware accelerated async drawing | none |
gpu | non-accelerated surfaces | none |
to disable asynchronousdrawing support in firefox, go “about:config” in search bar of browser , set “dom.ipc.plugins.asyncdrawing.enabled” false.
hsts support in flash player
beginning flash player 23, have introduced support hsts (http strict transport security). hsts ietf standard, enforces user agents (browsers) use https communication instead of http. https response may have strict-transport-security(sts) header field requests user agent make further requests in https. flash player acknowledge sts header in https response.
this particularly helpful when swf calls swf (child swf) present in hsts enabled server. flash player acknowledge sts header in response , further request same domain https. feature helpful in mitigating protocol hijacking attacks , cookie hijacking.
disabling local-with-filesystem access in flash player default
beginning flash player 23, local-with-network permissions applied local swf content, regardless of preference chosen @ compile time.
background:
when playing flash (swf) content local filesystem, developers have historically been able configure content exclusively read filesystem, or communicate network. when functionality introduced on decade ago, enabled interesting array of use-cases ranging simple games interactive kiosks. in context of modern web security, believe time retire local filesystem functionality in browser plugin. @ same time, adobe air has been established robust, mature solution delivering actionscript-based content standalone application.
vast majority of flash player users , content unaffected change. change impacts flash content played local filesystem, using browser. flash content hosted on internet , local webservers, standalone flash player remains unaffected.if user requires functionality, these files can added list of trusted locations in flash player.
workarounds legacy content:
we highly recommend circumvent these controls enable content sources trust.
for individuals:
for internet explorer, edge, firefox, opera , safari:
on affected system, go flash player settings manager:
• mac: system preferences > flash player
• windows: control panel > flash player
select advanced tab
in developer tools section, click trusted location settings button
click "add..." button , add relevant files , folders list
for google chrome (and similar ppapi browsers):
navigate settings manager page
choose edit locations > add locations popup list
in text field appears, type or paste file/folder path you'd trust
click "confirm" button
note: please aware "browse files" , "browse folder" buttons not function properly. must manually type or copy/paste path text field above buttons add file or folder trusted list.
for system administrators:
the legacy behavior can restored applying enableinsecurelocalwithfilesystem=1 flag mms.cfg.
video , camera support stage3d videotexture flash player (release)
in flash player 20 or earlier, use of video in stage3d required use of video object, not hardware accelerated. involved copying video frame bitmapdata object , loading data onto gpu, made cpu-intensive.
to address limitation, video texture object introduced. allows use hardware decoded video in stage 3d content. further, extending capability in flash player 23 release, texture objects have been introduced support use of netstream , cameras in manner similar use of stagevideo. these textures can used source textures in stage3d rendering pipeline. can use them rectangular, rgb, or no mipmap textures in rendering of scene. treated argb texture shaders implies agal shaders not have bother yuv rgb conversion now. shaders treat these textures argb textures. allows use standard shaders static images without need modification. when render using these textures, image used rendering pipeline the latest frame @ time. though, there no tearing in video frame, if use same texture many times, of these instances may picked different timestamps.
with use of videotexture object, work gets optimized internally - yuv rgb conversion , texture loading can moved gpu. see videotexture devnet article implementation details.
note: video texture existing feature in air. introduced in air 17.0 version.
for complete information please see our release notes.
fixed issues
stability bugs , security fixes
known issues
resizing embedded flash video player turn interface black in xulrunner(4186134)
"alt gr+0" not return @ on french layout keyboard(4196791)
performance drop observed on firefox 49.0.2 when async drawing enabled (4197072)
current flash player users have enrolled in "allow adobe install updates (recommended)" update mechanism automatically updated flash player 23 on next 24 hours.
users have selected "notify me install updates" receive update notification dialog within 7 days today. please note windows users need restart system or log out , in activate update notification dialog.
customers using google chrome receive updates through google update mechanisms. please note release not available activex flash player on windows 8.1 , windows 10.
if install update immediately, please use 1 of links below:
flash player 23 windows internet explorer - activex: 23.0.0.207
flash player 23 windows firefox , other netscape compatible browsers - npapi: 23.0.0.207
flash player 23 windows opera , chromium based browsers - ppapi: 23.0.0.207
flash player 23 windows google chrome - ppapi: 23.0.0.207
flash player 23 internet explorer on windows 8.1 (64-bit machine): 23.0.0.207
flash player 23 internet explorer on windows 8.1 (32-bit machine): 23.0.0.207
flash player 23 windows internet explorer , edge on windows 10 - activex: 23.0.0.207
flash player 23 mac safari, firefox , other netscape compatible browsers - npapi: 23.0.0.207
flash player 23 mac opera 26 , chromium based browsers - ppapi: 23.0.0.207
flash player 23 mac google chrome - ppapi: 23.0.0.207
flash player 11.2 desktop linux (npapi): 11.2.202.644
previous versions of flash player can found on flash player archive page
if encounter problem broken or missing links, please clear browser cache , try again. if problem persists, please create new post in our forum or send email ccampbel@adobe.com or mkumarjh@adobe.com.
More discussions in Flash Runtime Announcements
adobe
Comments
Post a Comment