10/19/2016 - Beta - Flash Player 23.0.0.198

Welcome to the latest Flash Runtime version 23 beta!  We've been hard at work adding new features to Flash Player and we're looking forward to receiving feedback from our Flash Player community.

This beta release includes new features as well as enhancements and bug fixes related to security, stability, performance, and device compatibility for Flash Player 23.  For full details, please see our release notes.

Note:

• The ActiveX Flash Player in this release is not compatible with Windows® 8.x or 10
• Flash Player for Windows® 8.x/10 is available as part of the generally available Windows® 8.x/10 update

New and Updated Features

Extended Beta - Flash Player NPAPI for Linux

Linux users have access to both NPAPI and PPAPI versions of Flash Player. However, for the last four years, the NPAPI version has been held at 11.2 and regularly updated with only security fixes while the PPAPI version (used in Chrome and Chromium based browsers), is in line with the standard Windows and Mac releases. 

Today we are updating the beta channel with Linux NPAPI Flash Player by moving it forward and in sync with the modern release branch (currently version 23).  We have done this significant change to improve security and provide additional mitigation to the Linux community.

In the past, we communicated that NPAPI Linux releases would stop in 2017.  However, this is no longer the case, and once we have performed sufficient testing and received community feedback, we will release both NPAPI and PPAPI Linux with their major version numbers in sync and on a regular basis.

Because this change is primarily a security initiative, some features (like GPU 3D acceleration and premium video DRM) will not be fully implemented.

If you require this functionality, we recommend that you use the PPAPI version of Flash Player.  That said, we believe that the new NPAPI build represents a significant step forward in functionality, stability, and security and look forward to hearing your feedback.

Currently we are distributing 32 and 64 bit binaries only, we will package these in proper installers after testing and feedback. Users should manually back-up their existing Flash Player plugin file from the appropriate system plug-in folder and copy the new binaries into place to use them.

HSTS Support in Flash Player

Beginning with Flash Player 23, we have introduced support for HSTS (HTTP Strict Transport Security). HSTS is an IETF standard, which enforces user agents (browsers) to use HTTPS for communication instead of HTTP. HTTPS response may have a Strict-Transport-Security(STS) header field that requests the user agent to make further requests in HTTPS. Flash Player will now acknowledge the STS header in HTTPS response.

This is particularly helpful when a SWF calls another SWF (child SWF) that is present in HSTS enabled server. Flash Player will acknowledge the STS header in the response and further request that the same domain will always be HTTPS. This feature is helpful in mitigating protocol hijacking attacks and cookie hijacking.

Disabling local-with-filesystem access in Flash Player by default

Beginning with Flash Player 23, local-with-network permissions will now be applied to all local SWF content, regardless of the preference chosen at compile time.

Background

When playing Flash (SWF) content from local filesystem, developers have historically been able to configure content to exclusively read from the filesystem, or communicate to the network. When this functionality was introduced over a decade ago, it enabled an interesting array of use-cases ranging from simple games to interactive kiosks.  In context of modern web security, it is time to retire local filesystem functionality in the browser plugin.  At the same time, Adobe AIR has been established as a robust, mature solution for delivering ActionScript-based content as a standalone application. 

Vast majority of Flash Player users and content will be unaffected by this change. This change only impacts Flash content played from the local filesystem, using the browser.  Flash content hosted on the internet and local webservers, as well as the Standalone Flash Player remains unaffected.

If you are a user who requires this functionality, these files can be added to the list of Trusted Locations in Flash Player.

Workarounds for Legacy Content

We highly recommend that you only circumvent these controls to enable content from sources that they trust.

For Individuals:

For Internet Explorer, Edge, Firefox, Opera and Safari:

• On the affected system, go to: Control Panel > Flash Player > Advanced > Developer Tools > Trusted Location Settings
• Click the icon and add relevant SWF(s) to the list

For Google Chrome (and similar PPAPI browsers):

• Navigate to the page: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
• Choose Edit Locations > Add Locations from the list.

For System Administrators:

The legacy behavior can be restored by applying the EnableInsecureLocalWithFileSystem=1 flag to mms.cfg. 

Video and Camera support for Stage3D by VideoTexture for Flash Player (Release)

In Flash Player 20 or earlier, use of video in Stage3D required use of the Video object, which is not hardware accelerated. It involved copying the video frame to a BitmapData object and then loading data onto the GPU, which made it CPU-intensive.

To address this limitation, Video texture object was introduced. It allows you to use hardware decoded video in Stage 3D content. This capability is further extended in Flash Player 23 release, and texture objects have been introduced to support the use of NetStream and Cameras in a manner similar to the use of StageVideo. These textures can be used as source textures in stage3D rendering pipeline. You can use them as rectangular, RGB, or no mipmap textures in rendering of a scene. They are treated as ARGB texture by the shaders which implies that the AGAL shaders do not have to bother about YUV to RGB conversion now. The shaders treat these textures as ARGB textures. This allows you to use the standard shaders with static images without any need for modification. When you render using these textures, the image that is used by the rendering pipeline is the the latest frame at that time. Though, there is no tearing in the video frame, if you use the same texture many times, some of these instances may be picked from different timestamps.

With the use of a VideoTexture object, all this work gets optimized internally - YUV to RGB conversion and texture loading can be completely moved to the GPU. See the VideoTexture devnet article for implementation details.

Note: Video Texture is an existing feature in AIR. It was introduced in AIR 17.0 version.

Mozilla NPAPI AsyncDrawing Support

Async Drawing refers to the method that the browser and Flash Player use to exchange a bitmap surface where Flash Player draws the SWF content. It is used only when the stage is composited with rest of the content in the browser window.

This feature allows wmode “direct” (wmode opaque and transparent) to behave as “windowless” in hardware accelerated async drawing. It is not used in fullscreen mode, or in windowed mode where the plugin draws directly to its own window.

If asynchronous drawing is unavailable for any reason, the plugin falls back to using the existing synchronous drawing model.

AsyncDrawing is supported in NPAPI Plugin on Windows desktop platforms only. It is currently available from FP version 23.0 in Firefox Nightly 51.0a1, the Firefox versions supporting the feature is yet to be announced.

The choice of which Async Drawing path is used (hardware or software) depends on whether the browser supports hardware or software Async Drawing modes.

Following table describes Asynchronous drawing availability by WMODE:

To disable AsynchronousDrawing support in Firefox, go to “about:config” in the search bar of the browser and set “dom.ipc.plugins.asyncdrawing.enabled” to false.

Known Issues

• None

Fixed Issues

• None

System Requirements

For system requirements of the current release of Flash Player in production, please visithttp://www.adobe.com/products/flashplayer/systemreqs/

About the Beta Channel

To get the latest Beta build of Flash Player visit Adobe labs

Beta versions of Flash Player are also available for automatic installation via our Background Update service.  Please subscribe to automatically receive update notifications for future Flash Runtime announcements.

Note: If you are having issues downloading Flash Player, it may be because of a cache or locale issue. Wait for 24 hours before retrying and if you still face issues, please post the issue in Flash Player forum