Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Older Release Notes

The table below lists the release and the respective features/improvements in 2023 and older.

The latest release notes can be found here.

Widevine API 6.23.0 (December 20, 2023)​

  • Added "allow_playback" license configuration setting (for advanced scenarios).
  • Added Widevine-specific "allow_persistence" setting/override (for advanced scenarios).
  • Added Widevine-specific "duration" setting/override (for advanced scenarios).
  • Added HDCP level "2.3" to the list of supported HDCP restrictions.
  • Added "real_time_duration_expiration" and "real_time_playback_expiration" settings. They’ve effectively been "true" before; now they’re configurable.
  • Added "Release" and "Renewal" license support for clients that use "keyboxes" for trust (a deprecated mechanism which a few relatively modern clients still use).
  • Corrected the handling of the license "Duration" setting in the Entitlement Message (EM). Previously, it relied on the now-deprecated "license duration" Widevine SDK setting; now it maps to the equivalent "hard-enforced rental duration" native setting. Previously, due to the use of the deprecated setting some old and new clients (roughly pre-2021 and 2021+) may have behaved differently and the behaviour of new clients may have not exactly matched the documentation of the "Duration" EM setting, depending on the license type (offline / streaming) and playback duration. For example, previously, in case of new clients and persistent licenses, a Duration of 3600 (1h) would start ticking on first playback (similar to playback duration), while it is expected to start ticking already when license is acquired. Now the behaviour of "Duration" is once more in line with the existing documentation, both for "new" and "old" clients.

FairPlay API 6.20.0 (October 12, 2023)​

  • License Request Info Message now returns the following new information: recommended_client_id, session_id, streaming_indicator, playback_state, license_protocol_version and supported_license_protocol_version in the License Request Info Message.
  • Added FairPlay-specific duration field to the Entitlement Message.

PlayReady API 6.20.0 (September 28, 2023)​

  • PlayReady Server SDK upgraded from v4.5.7218 to v4.6.7604.
  • Added support to return "recommended_client_id" to license request info message.
  • Added PlayReady-specific "duration" field to the Entitlement Message.
  • Added PlayReady-specific "allow_persistence" to the Entitlement Message.

Key Service 1.18.3 (September 14, 2023)​

  • PlayReady "CHECKSUM" is now included in all PlayReady signalling data, where applicable (it applies only to 'cenc' / "AES-CTR" keys). This includes, Anevia, Broadpeak, Harmonic, Speke, SpekeV2 and WidevineProtectionInfo responses. Previously, it was only included in the dedicated "checksum" field in WidevineProtectionInfo responses.

Widevine API 6.21.1 (August 31, 2023)​

  • Added license renewal support. Note: for FairPlay and PlayReady, renewal depends mostly on client-side support/implementation and the basic support from Axinom side has always existed.
  • Added support for license requests containing "keyboxes", by proxying such requests to Google Widevine cloud license service (these can’t be handled by Widevine SDKs). While "keybox" clients are deprecated by Google, there are still some out there. NOTE: Currently "release" and "renewal" requests are not supported for "keybox" clients, but this should not affect majority of workflows. This support will come in an upcoming release.
  • Added support for configuring VMP (Verified Media Path) restrictions. Until now, Google’s defaults were always used, which are very permissive. Now the relevant settings can be configured. These include: "MinVmpLevel", "AllowNonVmpPlatforms" and "AllowTamperedPlatforms". Several additions to the License Request Info message:
  • Added "request_type" field to allow proxies to more easily differentiate between e.g., "new", "release" and "renewal" license requests.
  • Added "platform" field to provide a reliable identifier for taking selective action in case of a particular playback platform or, for example, to choose the most suitable device identifier for that platform.
  • Added "recommended_client_id" field. It contains the recommended identifier to use for device management for the current device, out of several that Widevine exposes, to simplify the selection process.
  • Fixed a server error (500 response) caused by trying to generate licenses without any content keys (which Widevine SDK no longer allows). Now a client error with a descriptive error message is returned instead. Previously, it could happen, for example, when a license request referenced no content keys (and potentially specified a content ID instead).
  • Various fixes related to the use of the Google Cloud Proxy operation mode (this feature is not yet publicly available).
  • Various client errors were previously misinterpreted as server errors. Now they’re properly client errors (4xx).
  • Fixed an issue where setting HDCP or CGMS-A settings in the Entitlement Message would result in server errors.
  • Fixed an issue with requests without Key IDs in PSSHs where not properly processed when the IgnoreKeysInLicenseRequest EM setting was "true" and the required keys were properly listed in the EM.

Key Service 1.18.2 (August 22, 2023)​

  • Enabled more verbose logging for the api/Broadpeak endpoint.
  • Fixed a bug where uploading keys with duplicate IDs via the api/Import/ContentKeys endpoint was incorrectly considered a server error. It is now a client error.
  • Fixed an issue related to the SPEKE v1 endpoint (api/Speke) when key ID overriding was enabled. Previously the "kid" of the ContentKeyUsageRule elements was not correctly overridden. This fixes AWS encoders erroring out whenever this element was utilized.
  • Fixed an issue related to the SPEKE v1 endpoint, where the SmoothStreaming-related ProtectionHeader data was not returned. Now SmoothStreaming content can be created using AWS encoders and the SPEKEv1 protocol.

Widevine API 6.20.1 (May 03, 2023)​

  • Added the WidevineDataSets endpoint, which can be used to manage user-provided Widevine license service certificates and related data. This can be useful when working simultaneously with multiple DRM providers. Contact Axinom support for more information.

License / Management API 6.12.0 (May 02, 2023)​

  • Added the WidevineDataSets endpoint, which can be used to manage user-provided Widevine license service certificates and related data.

License / Management API 6.11.1 (December 21, 2022)​

  • Added "Access-Control-Expose-Headers" header to responses to enable the reading of informational headers, such as "X-AxDrm-ErrorMessage", for CORS clients, like browsers. more details on error handling.

Widevine API 6.19.2 (November 29, 2022)​

  • Refactored source code and performance upgrades.

Key Service 1.18.1 (November 28, 2022)​

  • Fixed an issue where content key creation ("POST api/Import/ContentKeys", "POST/PUT api/ContentKeys") could result in duplicate database entries under high concurrency. This also fixes a related issue with GET api/ContentKeys returning 500 internal error, caused by duplicate entries.
  • Content key "name" uniqueness is no longer enforced as this is a purely descriptive field that can be freely set by users.

FairPlay API 6.19.0 (October 25, 2022)​

  • Added X-AxDrm-ErrorMessage header, containing the error message, to error responses. This provides a means for HTTP/2 clients, which do not support the HTTP Reason Phrase, to read error details.
  • Added "Access-Control-Expose-Headers" header to responses to enable the reading of informational headers, such as X-AxDrm-ErrorMessage, for CORS clients.

Widevine API 6.18.0 (October 20, 2022)​

  • Added X-AxDrm-ErrorMessage header, containing the error message, to error responses. This provides a means for HTTP/2 clients, which do not support the HTTP Reason Phrase, to read error details.
  • Added "Access-Control-Expose-Headers" header to responses to enable the reading of informational headers, such as X-AxDrm-ErrorMessage, for CORS clients.

PlayReady API 6.19.0 (October 06, 2022)​

  • Added X-AxDrm-ErrorMessage header to all HTTP responses with the error message, whenever an error occurs. This provides an additional way to obtain error messages, which so far in PlayReady responses have only been available inside the "faultstring" element of a PlayReady SOAP response. Note: related to this, a previously existing but undocumented "X-AxDrm-Error" header that provided similar functionality, has been removed. If you happened to rely on this, please switch to "X-AxDrm-ErrorMessage" instead.
  • Added "Access-Control-Expose-Headers" header to responses to enable reading of informational headers, such as X-AxDrm-ErrorMessage, to CORS clients.
  • Fixed the handling of license requests involving CBCS keys. Previously the keys returned in response to requests for CBCS keys were not correctly marked as "CBCS". This would have prevented the playback of CBCS content at least on some platforms. A known affected platform was browser-based players on Windows 10.
  • Removed "LicenseRequestSucceedsOverHttps" check from the self-test "Checks API". Note: this has no effect on cloud service users; and should not have any effect on On-board services, as the Checks API is not a documented feature.
  • Improved error handling - previously, in some corner cases, it was possible that an empty 200 OK response without a body was returned instead of an error response.

Key Service 1.18.0 (October 05, 2022)​

  • Added X-AxDrm-ErrorMessage header for compatibility with HTTP/2 clients, and HTTP 1.x clients that do not support reading error messages from the HTTP response ReasonPhrase field.

FairPlay API 6.18.0 (July 28, 2022)​

  • The FairPlay-specific license configuration section now has a new "ignore_keys_in_license_request" setting, which, when set to "true", causes the service to ignore Asset IDs in the license request and utilize only the keys specified in the Entitlement Message. If there are many keys, only the first is used. This is intended to be used only as a workaround in scenarios where it’s not possible to provide an Axinom-compatible Asset ID in the license request. Note: using this feature makes it impossible for the license service to cross-reference if the returned key is actually the one the client needs to use.

Widevine API 6.17.0 (July 27, 2022)​

  • Widevine SDK updated to v17.0.1. This enables license delivery to upcoming Android T devices.

License / Management API 6.11.0 (July 26 2022)​

  • Added api/BlockedUsers endpoint. Tenants now can add their end-users user ID to the database when they want to deny a license for a particular user.

PlayReady API 6.18.2 (July 25, 2022)​

  • Improved error messages.
  • Performance enhancements.

Key Service 1.17.0 (May 26, 2022)​

  • Import/ContentKeys and Export/ContentKeys (when CPIX version is set to 2) endpoints now allow storage and retrieval of content key IVs along with the content keys.
  • Import/ContentKeys now supports CPIX based content keys import.

FairPlay API 6.17.0 (May 25, 2022)​

  • Asset IDs in license requests are now allowed to contain "skd://" to support FairPlay browser playback using standard EME. In the new EME case (contrary to Webkit-EME), the "skd://" part can no longer be removed from the InitData on the player side and therefore it must be allowed on the license service side.
  • Stability and performance improvements.

Widevine API 6.16.2 (March 16, 2022)​

  • When a request is made from a permanently revoked device, the response is now treated as a user error instead of a server error.
  • The app now uses WV SDK 16.5.0.

License / Management API 6.10.1 (February 28 2022)​

  • Service stability improvements.

Key Service 1.15.0 (February 14, 2022)​

  • Added support for Broadpeak Encoder CPIX API (/api/Broadpeak) according to Broadpeak REST DRM Key Management BEIF14a v1.3 specification.

FairPlay API 6.16.2 (January 12, 2022)​

  • HDCP enforcement can now be specified via Entitlement Message v2.
  • Added an ID field to the DRM message that can be used to track token re-use.
  • Improved error messages related to license requests containing content keys not present in the Entitlement Message (un-entitled keys) – the first missing key is now reported in the error message.
  • Fixed a memory leak in the FairPlay native module.

PlayReady API 6.18.1 (December 08, 2021)​

  • The application now uses PlayReady Server SDK v4.5.7218 (updated from v4.4.6222.1480). Immediate benefits include the ability to limit playback to internal screens of devices. For more info, see PlayReady Compliance Rules: https://www.microsoft.com/playready/licensing/compliance/
  • Improved error messages related to license requests containing content keys not present in the Entitlement Message.
  • Added an ID field to the DRM message that can be used to track token re-use.
  • Fixes to job scheduling that could cause recurring data download tasks to be offset from the intended timepoint (with interval remaining correct).

Key Service 1.14.1 (November 11, 2021)​

  • Added version 2 of the Harmonic endpoint ("api/Harmonic/V2"). This add multi-key and key-rotation support, and the ability to read the encryption scheme from the "commonEncryptionScheme" attribute in the request CPIX. This also brings changes to the key ID override algorithm, meaning the same content will be encrypted with different keys, compared to the v1 endpoint. This may make it incompatible with any existing encoding jobs. This is now the recommended endpoint to use for any new encoding jobs.
  • SPEKEv2 endpoint now supports Key ID overriding.
  • Users can now fully manage their Widevine CENC API credentials via the api/WidevineProtectionInfoCredentials endpoint. Previously it was only possible for users to retrieve the existing credentials generated by Axinom (via GET). Now also POST, PUT and DELETE methods are enabled. See the API help pages for more information and samples.
  • The Widevine CENC API endpoint now generates "cbcs" signalling for PlayReady with v4.3.0.0 header, when requested. Previously, the requested scheme was ignored and it defaulted to "cenc" with v4.0.0.0 header.

Widevine API 6.16.1 (November 09, 2021)​

  • Added include_all_entitled_keys option to Entitlement Message v2
  • Added ID field to the DRM message to support debugging
  • Using a CDM signed with a development certificate now results in a user error instead of an internal error

Widevine API 6.15.5 (September 13, 2021)​

  • Security improvement. We noticed the Widevine license service endpoint in some cases would include encryption keys authorized only for devices that support Widevine Security Level 1 in responses sent to devices that do not support this Security Level. The fix changes the place where errors occur. Previously, the attempt to play content encrypted with encryption keys that require Widevine Security Level 1 on a device that only supports Widevine Security Level 3 would trigger an error on the client-side. Now the behavior is as follows: when a device that only supports Widevine Security Level 3 sends a license request then the request will be rejected if it references only keys that require Widevine Security Level 1. If the request references a mixture of keys that are authorized for different Widevine Security Levels then the response will include only the keys authorized for Widevine Security Level 3. This fix improves security in a case when a Content Decryption Module (CDM) implementation on a device supporting Widevine Security Level 3 would be hacked and encryption keys revealed to an attacker. In such a case any key included in a license delivered to such a hacked device would have to be considered compromised. This would have potentially included keys intended only for devices supporting Widevine Security Level 1. We are not aware of a case where this potential vulnerability was actively exploited, however.

License / Management API 6.10.0 (September 09, 2021)​

  • Removed the deprecated /Logs/LicenseRequests and /Logs/LicenseRequests/Stats endpoints. Logs and stats are already accessible from the Axinom Portal.
  • Security improvements

Key Service 1.12.0 (August 31, 2021)​

  • Added support for Harmonic CPIX-level certificate-based security features: CPIX request signature checks, response signing and content key data encryption in the CPIX responses. The protection levels can be configured via the new /HarmonicConfiguration endpoint.
  • SPEKEv1 endpoint now supports "KeyID override feature"
  • SPEKEv1 API help page now contains valid example requests and responses.

Widevine API 6.15.4 (July 22, 2021)​

  • Security improvements for the On-board x64 version.
  • Improved error messages related to license requests containing content keys not present in the Entitlement Message (un-entitled keys) – the first missing key is now reported in the error message.

Widevine API 6.15.3 (June 1, 2021)​

  • Health checks no longer failing due to revoked device certificates.

Widevine API 6.15.2 (May 26, 2021)​

  • ExecuteAllChecks endpoint added.
  • ARM64 support provided.
  • Upgrade to the Widevine License SDK 16.4.2.
  • Invalid Entitlement Message no longer incorrectly reported as an internal error.
  • Invalid License Request no longer incorrectly reported as an internal error.

PlayReady API 6.15.0 (April 8, 2021)​

  • Minor security fixes and stability improvements.

Key Service 1.11.0 (April 7, 2021)​

  • The SPEKE 2.0 endpoint now also adds error messages into HTTP response bodies.

License / Management API 6.9.0 (March 24, 2021)​

  • The Device Certificate Status List endpoint is updated to use Google’s new endpoint.

Key Service 1.10.0 (March 10, 2021)​

Widevine API 6.15.1 (March 2, 2021)​

  • ARM32 support provided.

Key Service 1.9.0 (February 03, 2021)​

  • New endpoint for customers using Google’s Widevine key exchange protocol with Axinom DRM Key Service: /api/WidevineProtectionInfoCredentials - returns all Widevine Protection Info credentials that belong to the requesting tenant.
  • Performance optimizations for reduced latency.

Widevine API 6.15.0 (November 26, 2020)​

  • Upgrade to the Widevine License SDK 16.4.1 as recommended by Google.
  • Updated the Cryptography Module to the latest version.
  • Upgraded the Cloud service.
  • The release for Intel 64-bit is provided as a Docker Image for DRM On-board customers.

Widevine API 6.14.3 (November 20, 2020)​

  • The WidevineLicenseRequestInfo message now returns the device certificate serial number of the device that made the request.
  • When using Entitlement Message v2, Widevine licenses can now be restricted based on the client’s device certificate serial number.
  • A signed message with an invalid signature is now reported as a client error, instead of an internal error.

PlayReady API 6.14.1 (July 1, 2020)​

  • Updated PlayReady Server SDK to v4.4.6222 (from v4.2.5596).
  • From this release, it is possible to provide an empty list of "inline" content keys in the entitlement message.
  • Fixed reporting logging to correctly log all license requests were a tenant can be authenticated.

Widevine API 6.14.2 (May 22, 2020)​

  • Fixed Sync/DeviceCertificateStatusList endpoint to accept the updated Widevine Device Certificate Status List format.
  • Fixed reporting logging to correctly log all license requests where a tenant can be authenticated.

FairPlay API 6.14.3 (April 8, 2020)​

  • ARM builds are now supported. Supported platforms are: Raspberry Pi 2 or compatible (ARMv7-A, VFPv3) with a 32-bit hard-float Linux OS.

Widevine API 6.14.1 (March 24, 2020)​

  • Fixed a crash with service certificate requests that could happen after a license request encrypted with the wrong service certificate was received.
  • Fixed incorrect user agent logging when the string contained a comma.
  • Fixed an issue where Inline Content Keys source couldn’t be empty.

FairPlay API 6.14.2 (March 19, 2020)​

  • Fixed an error involving managing native code calls. Previously, the app could crash under load when multiple simultaneous requests were processed.

FairPlay API 6.14.1 (March 13, 2020)​

  • Added Global FairPlay Data Sets feature. This means that if a Tenant is missing the FairPlay data set required for processing a license request, then the global data sets ar additionally searched. This feature is used in Testing environments. Axinom Test Credentials are now available for all Tenants by default.
  • Content ID in persistent licenses is now unique, calculated based on the Asset ID.
  • It is now possible to provide an empty list of "inline" content keys in the entitlement message.

PlayReady API 6.14.0 (February 18, 2020)​

  • Updated PlayReady Server SDK to v4.2.5596 (from v3.0.2769). This adds support for PlayReader Header v4.3 and makes it possible to request CBCS content keys.

Widevine API 6.14.0 (February 4, 2020)​

  • The code from the Cryptography Module branch was merged. The app now uses the Cryptography Module library to handle sensitive data, leading to better security. This also allows encrypted license requests to be handled more efficiently.
  • Extended TracedRequests and ClientErrors logs.
  • Log fields are now always logged even if null or empty.
  • Forward slashes are no longer escaped in log fields.
  • Optimized logging code.
  • Updated device certificate status list.
  • Fixed an issue where the AxDrmMessage could be logged incorrectly.

FairPlay API 6.14.0 (february 4, 2020)​

  • Extended TracedRequests and ClientErrors logs.
  • Log fields are now always logged even if null or empty.
  • Forward slashes are no longer escaped in log fields.
  • Optimized logging code.
  • Fixed an issue where the AxDrmMessage could be logged incorrectly.

PlayReady API 6.13.0 (February 4, 2020)​

  • Extended TracedRequests and ClientErrors logs.
  • Log fields are now always logged even if null or empty.
  • Forward slashes are no longer escaped in log fields.
  • Optimized logging code.
  • Updated revocation data.
  • Fixed an issue where the AxDrmMessage could be logged incorrectly.
  • Fixed an issue where the reasonPhrase in the HTTP response was being logged incorrectly.

Widevine API 6.13.0 (January 23, 2020)​

  • Extended TracedRequests, ClientErrors, and Reporting logs.

FairPlay API 6.13.0 (January 23, 2020)​

  • Extended TracedRequests, ClientErrors and Reporting logs.

PlayReady API 6.12.0 (January 23, 2020)​

  • Updated production FrontendDataSyncApiKey.
  • Extended TracedRequests, ClientErrors and Reporting logs.

Widevine API 6.12.0 (January 13, 2020)​

  • The original request URL is now logged for customer identification purposes, even when the app is behind one or more proxies.
  • Updated production FrontendDataSyncApiKey.

FairPlay API 6.12.0 (January 13, 2020)​

  • The original request URL is now logged for customer identification purposes, even when the app is behind one or more proxies.
  • Updated production FrontendDataSyncApiKey.