small fixes

1.10.7

• Fixed a critical security vulnerability where the entire project directory was publicly accessible over HTTP, including backend source code, SSL keys, and configuration files. Static file serving is now restricted exclusively to designated asset folders.
• Moved generated video thumbnails from the volatile Windows Temp folder to the persistent res/img/thumbnails/ directory to prevent them from being lost on system reboot, saving CPU resources by eliminating the need to re-generate them. Stale thumbnails are now automatically cleaned up alongside tracks when a video is deleted.
  -Removed excess fonts from release

Full Changelog: 1.10.6...1.10.7

1.10.6 speed and flac

Full Changelog: 1.10.5...1.10.6

1.10.6

• Implemented FLAC audio extraction to provide a native lossless option for media archiving, with built-in seekability and modern browser support.
• Developed a unified getFFmpegBin() helper in the backend to systematically prioritize the bundled node-av FFmpeg binary while maintaining a safe fallback to system PATH.
• Optimized the console.ps1 startup sequence to prioritize Windows Terminal (wt.exe) even when an execution policy bypass re-launch is required, preventing legacy conhost windowing.
• Overhauled the custom dropdown component in the Admin Panel to support dynamic, multi-line tooltips that wrap in confined spaces.
• Audited and patched generate-ssl.ps1 and generate-ssl.sh to fix reserved keyword collisions, improved error capturing, and broadened configuration update regex.
• Cleaned up the FFmpeg Tools UI by removing "under construction" tagging from speed controls and simplifying format labels (AAC, MP3, FLAC).
• Resolved backend crashes that occurred when attempting to Remux or Re-encode certain MKV files due to deep-level FFmpeg packet timestamp calculation errors.
• Improved the FFmpeg progress tracking UI to prevent the progress percentage counter from glitching or stalling when processing corrupted video packets with missing timestamps.
• Fixed a bug where performing a "FastStart MP4" remux on MKVs containing ASS subtitles would instantly fail with an "Invalid Argument" error. The system now safely ignores those unsupported text tracks during MP4 generation.
• Resolved a critical native C++ memory leak in the backend media processor that slowly consumed system RAM over time after completing FFmpeg jobs.
• Automated subtitle and audio extractions that run after a successful Remux/Re-encode are now fully visible as independent tasks with precise % progress bars in the Admin Panel's FFmpeg Jobs queue, making background background workloads transparent.

#68 REMAINS IN THIS RELEASE

1.10.5 visuals and bugfixes

Full Changelog: 1.10.4...1.10.5

1.10.5

• Migrated FFmpeg "Track Tools" (Rebind, Share, and Bind Orphan) into the unified Job Queue for real-time visual progress reporting.
• Implemented configurable job progress tracking, calculating elapsed remux/encode time from node-av's raw packet timestamps to throttle UI updates.
• Captured FFmpeg stderr outputs in real-time to generate detailed progress bars for sub-track extraction and subtitle conversion processes.
• Fixed an Admin Panel bug where refreshing the /api/ffmpeg/auth page during an active session inadvertently triggered a stateless brute-force IP ban by re-reading empty inputs.
• Resolved a node-av library logic crash preventing the iterator from safely completing demuxer.packets() when the null EOF packet was encountered.
• Fixed a remuxing API error where internal Target Output stream indices (undefined) were not being sequentially mapped into the active multiplexer pipeline.
• Overhauled the FFmpeg processing outputPath suffixes so remuxed and encoded media output dynamic tags explicitly outlining their generation settings (-clean, -fixed, -libx264-1080p-high).
• Corrected external sub-track ID offsets when globally re-binding orphaned subtitles to bypass internal node metadata indices.
• Refactored Track Tools backend logic to use the unified standard fetch API via /api/ffmpeg/run-preset instead of direct socket.io WebSockets.
• Bumped project version to 1.10.5.

update where you ban everyone

Full Changelog: 1.10.3...1.10.4

1.10.4

• Fixed subtle Track Tools UI issues including alignment, spacing, and the removal of duplicate orphan tracks.
• Made it so that the subtitle overlay can go to the bottom of the screen to the letterboxxed parts.
• Implemented comprehensive external audio synchronization with a dedicated drift-correction system (250ms threshold) for extracted tracks.
• Fixed a bug preventing mid-video audio track switching on browsers (like Chrome) that disable the HTML5 audioTracks API by default.
• Added new SYNC_SUBTITLE_FIT setting to toggle JASSUB between stretch (letterbox coverage) and bottom (pinned aspect-ratio) modes.
• Improved dropdown user experience and resolved hint text overlap.
• Implemented an interactive security honeypot for the FFmpeg admin tools to neutralize unauthorized access.
• Added persistent, SHA256-hashed IP banning system alongside a write-only plaintext credentials log for host review.
• Integrated native Windows taskbar flashing via ANSI sequences (OSC 9;4) for high-visibility terminal security alerts.
• Added SYNC_FFMPEG_DISABLE_CONSEQUENCES configuration to optionally bypass honeypot and disconnect security measures on failed FFmpeg auth.
• Bumped project version to 1.10.4.
• Added linux and win "builds" which are just releases without the other one's specific scripts to decrease clutter, i recommend you uninstall your previous download of Sync-Player.

1.10.3 certificationable

1.10.3

• Moved all certificates and keys to the /cert folder.
• Integrated Tailscale certificate support with automatic path detection.
• Added missing configuration parameters to config.env and unified environment variable mapping.
• Implemented logic in start.sh and res/console.ps1 to fallback to HTTP when using Tailscale certificates if the service is inactive.
• Added SYNC_SKIP_FIREWALL_CHECK configuration to bypass automatic rule verification.
• Optimized res/console.ps1 to verify existing firewall rules before requesting elevation.
• Updated legacylauncher.bat for better compatibility with res directory structure and environment flags.
• Bumped project version to 1.10.3.

Full Changelog: 1.10.2...1.10.3 #66

READ HERE FOR TAILSCALE

fullon

#64 #63 #62 #61 #59 #58 #56

jassub full implementation
start.sh back
css fixes
manual patch for vulnerabilities
scroll fix
compressed images
added fonts for jassub to use for default that you can also add more fonts into
orphan subtitle adding via dropping srt(converted to vtt)/webvtt/ass in tracks folder
Rebind/Share subtitles across vids, sharing makes 2 videos able to use the same subs at the same time when rebind moves the subtitle ownership to other vid
ssl generators
Fixed client to server sync controls

I MAY MISS SOME FEATURES I NEEDED TO WRITE THIS QUICKLY

Dropdown fix

Fixed Dropdown of found encoders not showing found encoders after the restylization of the dropdowns

Fixed Track Type selection not mattering to the extractable track format dropdown

Caution

See #15 for known bugs in this build. Some are fixed in the latest commits, so consider downloading that instead, also know that the commits are always expected to have bugs of their own

Proper Subtitle/Audio Track Changes

Full Changelog: 1.9.5...1.10

• Seperated Admin.html and index.html into css and js

• Added Audio track changing

• Added Subtitle track changing via extraction and custom subtitle parser

ALMOST full .ass support and full webvtt support

• Stylized dropdown menus so it finally isnt all white

• Added an "ffmpeg tools" tab to Remux, Re-Encode and Subtitle/Audio track extraction of videos. Tracks are automatically associated with their videos via json files in memory

• That tab is protected via a password in config.env. If no password is present, that tab stays locked. The password taken from config gets hashed with SHA-256 to the RAM of the server. Same as the admin fingerprints.

• Replaced all system ffmpeg usages with node-av

• Kill playlist button

And probably more but i kind of forgot. I wrote this devlog in 10 minutes total

I HEAR EVERYTHING

added a config to increase max volume to a 1000%

added a button to control speed (that is currently under construction)

thats it

have fun😻

Fingerprints+

Fingerprints:

• uses full fingerprint instead of cutting it
• only logs cutted version of fingerprints instead of actual fingerprints to prevent leakages
• hashes admin fingerprint (properly this time)

Other:

• Admin panel got more config settings showing in the dashboard
• Fixed bug where get-config would load before admin fingerprint gets to the browser causing a false positive error in the console