Source release 15.3.0

CHANGELOG.md

@@ -2,6 +2,67 @@
 
 [TOC]
 
+## 15.3.0 (2020-02-11)
+
+Bugfixes:
+  - A bug has been fixed that prevented HDCP 2.3 from working in previous
+    Widevine CE CDM releases, even those that nominally supported HDCP 2.3. All
+    devices wanting to support HDCP 2.3 *must* update to CE CDM 15.3.0 or later.
+  - A bug was preventing sessions from being created if Privacy Mode was turned
+    on and no service certificate had been installed for the licensing service.
+    This has been fixed, and it should now be possible to create sessions before
+    installing a service certificate, as required by EME.
+    - Note, however, that attempting to do a license exchange while in this
+      state will still return an error. Performing license exchange requires a
+      service certificate for the licensing service if Privacy Mode is turned
+      on.
+  - Previous CE CDM releases erroneously had two errors assigned to the
+    number 109. One of these errors is now number 110.
+  - Several OEMCrypto tests were being too stringent about the errors they
+    allowed to be reported when certain kinds of output protection error were
+    encountered. These tests have been relaxed to accept the expected error from
+    either `OEMCrypto_SelectKey()` or `OEMCrypto_DecryptCENC()`.
+  - Some issues causing incomplete output from failed CDM unit tests have been
+    fixed.
+
+Features:
+  - It is now possible to create a CDM instance that will never write to its
+    storage. Such a CDM will treat its `IStorage` as read-only. Because such a
+    CDM instance is impossible to provision, this is only useful for ATSC 3.0,
+    where there is an `IStorage` instance that is pre-populated with a
+    certificate and licenses.
+    - To create such a CDM instance, pass `true` as the final parameter to a new
+      overload of `Cdm::create()`.
+    - This feature should be used for instances that use ATSC 3.0 licenses, to
+      protect the preloaded licenses from being overwritten.
+    - This feature should *only* be used for instances that use ATSC 3.0
+      licenses. All other CDM instances should continue to be created with
+      writeable storage.
+  - Partners that use Sandbox IDs in their OEMCrypto implementation can now pass
+    the Sandbox ID through the CE CDM rather than calling
+    `OEMCrypto_SetSandbox()` manually.
+    - The Sandbox ID is passed as a parameter to a new overload of
+      `Cdm::initialize()`.
+    - This feature is only useful in combination with an OEMCrypto that uses
+      Sandbox IDs. Most partners do not use Sandbox IDs and should continue to
+      use the version of `Cdm::initialize()` that does not have a Sandbox ID
+      parameter.
+    - To run the unit tests on a device that uses Sandbox IDs, you can pass a
+      new `--sandbox_id=<Sandbox ID>` parameter to the unit test binary to
+      tell it which Sandbox ID to use.
+
+Documentation:
+  - Widevine has changed our recommendation for when Privacy Mode should be
+    turned on, and the documentation has been updated accordingly. Previously,
+    Widevine recommended the use of Privacy Mode whenever possible. However,
+    Privacy Mode has no benefit unless the CDM is being used in a web browser.
+    This is because web browsers visit arbitrary webpages and run untrusted
+    JavaScript. There is no benefit when running trusted apps, and Privacy Mode
+    complicates provisioning and licensing. As such, Widevine now only
+    recommends that Privacy Mode be turned on for web browsers. It should be
+    turned off for most CE devices.
+    - This advice applies retroactively to all previous CE CDM releases as well.
+
 ## 15.2.0 (2019-06-28)
 
 Features: