Change log for WsSession leak in Red5; new version 2.0.16 released 4/23/2025
The leak was primarily seen during regular use of Red5 Pro's RTC client which uses a WebSocket for the initial connection with a switch to DataChannel if accepted / configured in the RTC client during startup.
Classes modified:
-
org.red5.net.websocket.WebSocketConnection - local reference to the connected scope was modified from a
WeakReferenceto theWebSocketScopeitself and marked final. In the ctor the scope is also added to the WsSession user properties for consolidated access within Tomcat. Several timeout properties were also added from the latest Tomcat 11.x documentation:BLOCKING_SEND_TIMEOUTour default to 8000ms,ABNORMAL_SESSION_CLOSE_SEND_TIMEOUTour default 10000ms,SESSION_CLOSE_TIMEOUTour default 5000ms. The properties are standard for Tomcat and may be modified at-will via system property override; all values are long type in milliseconds. The maximum idle timeout is now configured to use the largest of the two values given read or write timeout. Lastly, a new methodonReceive(WSMessage)was created to prevent a lookup of scope during the receive event handlers which already have a localWebSocketConnection. -
org.red5.net.websocket.server.DefaultWebSocketEndpoint - In
onOpen, the scope lookup was moved from endpoint configuration to the current session value's user properties; a scope lookup inonClosealso uses the session. The scope is now only local to the method to prevent any possible cross-thread issues. The newWebSocketConnection.onReceivemethod replaces theWebSocketScope.onMessagemethod, no method scoped scope lookup is utilized. -
org.red5.net.websocket.server.WsHttpUpgradeHandle - Class variables for
WebSocketScopeManagerandWebSocketScopewere moved frominittopreInit. References forwsSession,connection, andupgradeInfoare now nulled out inclose(CloseReason)as well as thesocketWrapperif not already null as well as adding a directclosecall on the wrapper. AWebSocketScopelookup intimeoutAsyncwas removed as scope is local.