The Extended Stable channel has been updated to 142.0.7499.235 for Windows and Mac which will roll out over the coming days/weeks.

Bugfixes and minor changes:

• FTP: Fix a crash processing the ABOR command
• MSW: silent installations now automatically back up configuration files in cases where the interactive installer would prompt the user to do so.

The Stable channel has been updated to 143.0.7499.109/.110 for Windows/Mac  and 143.0.7499.109 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[N/A][466192044] High CVE-2025-14174: Out of bounds memory access in ANGLE. Reported by Apple Security Engineering and Architecture (SEAR) and Google Threat Analysis Group on 2025-12-05

[$2000][460599518] Medium CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI on 2025-11-14

[$2000][461532432] Medium CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-11-18

Google is aware that an exploit for CVE-2025-14174 exists in the wild.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Important

We recommend running CasparCG 2.5 on CPUs which support AVX2. Officially Chrome claims to require AVX2, and it is required for some of our in-progress HDR support.
Intel CPUs based on Haswell or later support this, which were first released to consumers in 2013, or 2014 for servers.

Starting with CasparCG 2.6, this will become a requirement.

Make sure to install the latest MSVC runtime, the compiler update requires a newer version than 2.4 https://aka.ms/vc14/vc_redist.x64.exe

Core

Improvements

• Initial support for HDR. This is limited to a subset of producers and consumers at this stage.
• Build for Windows with VS2022
• Rework linux builds to produce ubuntu deb files
• Update ffmpeg to 7.0
• Reimplement mixer transforms, to handle routes correctly
• Support more pixel formats from ffmpeg, to preserve colour accuracy better
• Support running on headless linux
• Transitions: Additional behaviours

Fixes

• Build with boost 1.85/1.86/1.87/1.88
• Build with ffmpeg 7.1
• Only produce mixed frames on channels which have consumers
• Routed channels not compositing correctly when channel used a MIXER KEY
• Handle audio for fractional framerates properly
• Gracefully exit on SIGINT and SIGTERM

Producers

Improvements

• FFmpeg: Support loading with a scaling-mode, to configure how clips get fit into the channel
• FFmpeg: Support more pixel formats without cpu conversion
• FFmpeg: Enable alpha for webm videos
• Image: Support loading with a scaling-mode, to configure how images get fit into the channel
• Image: Replace freeimage with ffmpeg
• HTML: Update CEF to 142
• HTML: Support audio

Fixes

• Route: Use full field rate when performing i->p channel route
• HTML: Gracefully handle page load errors
• HTML: Always set cache path

Consumers

Improvements

• Screen: Set size and position from AMCP
• Screen: Improve performance
• Image: Propagate AMCP parameters from PRINT command
• FFmpeg: Remove unnecessary forced conversion to YUVA422
• Decklink: Support explicit yuv output (requires AVX2)
• Decklink: Allow selecting device by hardware persistent id

Fixes

• FFmpeg: Correctly handle PTS on frame drop

Full Changelog: v2.4.3-stable...v2.5.0-stable

📦 Downloads available at

• https://user.bitfocus.io/download

💵 Donate to the project at

• open collective https://opencollective.com/companion

Companion v4.2.0 - Release Notes

This is a slightly smaller release than usual, focussing more on smaller improvements.

End of support for macOS 11

This version of Companion requires macOS 12 or later

Rebuilt Documentation

The Companion User Guide has been rewritten to use a new rendering system.

This allows us to host a new publicly available version of the documentation online which is versioned per release, as well as building it in a simplified form within Companion

The new tools allow us to do more with the documentation and will make it easier for us to keep up to date too!

Improved Expression Editor

The expression editor input field has been rebuilt, making it easier to use with functionality you would expect from a code editor. This includes functions and keyword suggestions, and better handling of multi-line expressions.

And more

• The old xkeys $(internal:tbar) and similar variables have been removed, and they should now be bound to custom variables in the config of each surface (#3716)
• Require macos 12
• Convert docs to docusaurus (#3741)
• Rebuild emulator pincode locking
• Add options to to restrict page access (#3736)
• Enhanced expressions:
  • Improved expression editor (#3713)
  • More formatting for timestamp (#3668)
  • Handle negative value in msToTimestamp (#3651)
  • Support local variables in step expressions #3762
  • Expressions better handle undefined. add getVariable method #3451 (#3715)
• Refined connection management:
  • Reworked connection config layout #3559 (#3569)
  • Rework changing connection versions, to remove need to disable module first
  • Add delete button to connection edit panel
  • Allow changing connection enabled state from config panel
  • Indicate connections missing modules in sidebar
• Surface improvements:
  • Merge surface remote and discover pages (#3677)
  • Support resolve speed editor #3525
  • Support more variants of Mirabox 293S
  • Support for Mirabox Streamdock N3 (#3686)
  • Add repeating button-presses to contour-shuttle shuttle ring (#3492)
  • Improve vec-footpedal surface implementation
  • Support complex surface layouts over satellite api (#3611)
  • Support swipe to change page on Stream Deck + (#3721)
  • Support touch strip variables for Loupedeck Live (#3790)
• Draw button 'error' state as a red warning triangle (#3675)
• Remove deprecated bank field from tcp bank_bg_change message #2779
• Include timestamps and source in module debug logs
• Add version number variables #3714
• Rework update check api, improving reliability

🐞 BUG FIXES

• ember+ api issues with some clients
• limit env vars passed to modules
• improve error handling for module executeAction
• "Sentry DSN not located" error in launcher (#3758)
• Align the display name of surface_set_position with the UI terminology (#3761)
• Avoid flooding modules with large objects, batch entity updates to resolve issues with large configs
• preserve original types of custom variable values from osc and ember+ apis
• improve version number handling for release vs beta builds
• Page up button/Page down button don't set page-history (#3683)
• Reduce frequency of pincode lock state logging (#3792)
• Loupedeck Live pincode lock layout

Full Changelog: v4.1.6...v4.2.0

⚠️ Potential Breaking Changes

• @directus/stores
  • Removed sidebar states from app store (#26259 by @rijkvanzanten)

✨ New Features & Improvements

• @directus/app
  • Added support for downloading multiple files and entire folder trees (#26006 by @Nitwel)
  • Added AI chat sidebar (#26259 by @rijkvanzanten)
  • Added support for float intervals and min/max warnings for number inputs (#26190 by @gaetansenn)
  • Made both sidebars resizable (#26259 by @rijkvanzanten)
  • Added header interface (#26302 by @AlexGaillard)
• @directus/api
  • Added support for downloading multiple files and entire folder trees (#26006 by @Nitwel)
  • Added AI chat sidebar (#26259 by @rijkvanzanten)
• @directus/types
  • Added support for downloading multiple files and entire folder trees (#26006 by @Nitwel)
  • Added AI chat sidebar (#26259 by @rijkvanzanten)
• @directus/utils
  • Added support for downloading multiple files and entire folder trees (#26006 by @Nitwel)
  • Moved fetchRolesTree,fetchGlobalAccess, fetchGlobalAccessForUser and fetchGlobalAccessForRoles to the public utility package (#26248 by @ComfortablyCoding)
• @directus/sdk
  • Added support for downloading multiple files and entire folder trees (#26006 by @Nitwel)
• @directus/system-data
  • Added AI chat sidebar (#26259 by @rijkvanzanten)
• @directus/errors
  • Added AI chat sidebar (#26259 by @rijkvanzanten)
• @directus/themes
  • Added AI chat sidebar (#26259 by @rijkvanzanten)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed an issue where input focus ring disappears on hover (#26315 by @formfcw)
  • Fixed display template not appearing for relations inside translations on new items (#26219 by @gaetansenn)
  • Ensured the created revision uses the correct label (#26289 by @vizzv)
  • Added reactive primaryKey prop to useFlows composable (#26287 by @AlexGaillard)
• @directus/api
  • Added redirect validation (#26346 by @br41nslug)
  • Moved fetchRolesTree,fetchGlobalAccess, fetchGlobalAccessForUser and fetchGlobalAccessForRoles to the public utility package (#26248 by @ComfortablyCoding)
  • Updated synchronization of remotely stored extensions (#26192 by @br41nslug)
  • Fixed missing accountability for files.upload when TUS is enabled (#26247 by @br41nslug)
• @directus/types
  • Moved fetchRolesTree,fetchGlobalAccess, fetchGlobalAccessForUser and fetchGlobalAccessForRoles to the public utility package (#26248 by @ComfortablyCoding)
  • Updated synchronization of remotely stored extensions (#26192 by @br41nslug)
• @directus/storage-driver-cloudinary
  • Updated synchronization of remotely stored extensions (#26192 by @br41nslug)
• @directus/storage-driver-supabase
  • Updated synchronization of remotely stored extensions (#26192 by @br41nslug)
• @directus/extensions-sdk
  • Updated esbuild dependency from 0.25.12 to 0.26.0 (#26215 by @dependabot)
• @directus/system-data
  • Updated esbuild dependency from 0.25.12 to 0.26.0 (#26215 by @dependabot)
• @directus/sdk
  • Updated esbuild dependency from 0.25.12 to 0.26.0 (#26215 by @dependabot)
• @directus/themes
  • Made both sidebars resizable (#26259 by @rijkvanzanten)
• @directus/utils
  • Preserved Error when passed to run-script operation (#26234 by @gaetansenn)
• @directus/composables
  • Set default sidebar shadow to false (#26259 by @rijkvanzanten)

📦 Published Versions

• @directus/app@14.4.0
• @directus/api@32.2.0
• @directus/composables@11.2.8
• create-directus-extension@11.0.24
• @directus/env@5.3.3
• @directus/errors@2.1.0
• @directus/extensions@3.0.15
• @directus/extensions-registry@3.0.15
• @directus/extensions-sdk@17.0.4
• @directus/memory@3.0.13
• @directus/pressure@3.0.13
• @directus/schema-builder@0.0.10
• @directus/storage-driver-azure@12.0.13
• @directus/storage-driver-cloudinary@12.0.13
• @directus/storage-driver-gcs@12.0.13
• @directus/storage-driver-s3@12.0.13
• @directus/storage-driver-supabase@3.0.13
• @directus/stores@2.0.0
• @directus/system-data@3.5.0
• @directus/themes@1.2.0
• @directus/types@13.5.0
• @directus/utils@13.1.0
• @directus/validation@2.0.13
• @directus/sdk@20.3.0