Posts in Category "Flash Player"

HSTS Support in Flash Player 23


By Vivek Negi

HSTS is an Internet Engineering Task Force (IEFT) standard that enforces the user-agents like browsers to use the secured HTTPS protocol for communication instead of the HTTP protocol. The HTPPS response header from a host may have a ‘Strict-Transport-Security’ (STS) header field, which requests the user-agent to always make subsequent requests to access that host using the HTTPS protocol only. Beginning with version 23, Flash Player supports the HSTS standard. Flash Player now acknowledges an STS header in the HTTPS responses received from the HSTS hosts.

HSTS support is particularly helpful in those Flash applications where an SWF calls another SWF (child) and this child SWF is located in an HSTS enabled host. When the parent SWF tries to access the child SWF, the host sends an STS header in the HTTPS response. This STS header is acknowledged by Flash Player. Therefore, all the subsequent requests for the child SWF by the parent SWF can be made only through the HTTPS protocol.

The figure below depicts a workflow of how the HSTS enabled hosts and the non-HSTS enabled hosts interact with the browsers and Flash Player.


In the figure above, the browser is loading a Flash application that has two SWFs ─ outer.swf denoting the parent SWF and inner.swf denoting its child SWF. The non-HSTS host doesn’t enforce the browser (user-agent) to use the secure protocol, that is, HTTPS. The workflow, as depicted in the figure above, when the browser accesses content from the HSTS enabled host is described below:

  1. The file container.html loads outer.swf in the HSTS Host (
  2. The browser sends out request #4 through the non-secure transport as the URI for outer.swf is specified with HTTP scheme in container.html.
  3. The browser receives a 301 Moved Permanently response from as the server is an HSTS host and stops communicating using the non-secure HTTP protocol.
  4. Browser now sends out request #6 through the secure HTTPS protocol based on the Location header field as shown in the response #5 301 Moved Permanently.
  5. Browser receives the response #7 200 OK and notes as a ‘Known HSTS Host’ as the response message has a Strict-Transport-Security (STS) header field. From this point onwards, any subsequent request to this host by the browser will be made using the HTTPS protocol.
  6. Browser passes the outer.swf stream to Flash Player with the response headers.
  7. Flash Player also notes as a ‘Known HSTS Host’.
  8. Flash Player loads outer.swf and runs ActionScript in it.
  9. outer.swf loads inner.swf using URLRequest with the parameter
  10. The earlier versions of Flash Player, in the absence of HSTS support, would have made the request through the unsecured HTTP protocol. Flash Player 23, however, sends request #11 through secure transport as is a ‘Known HSTS Host’.

HSTS support in Flash Player can be very useful in various aspects, but most importantly it makes Flash Player more secure than its previous versions.

Flash Runtime v20 Release Announcement!

We’re pleased to announce the immediate availability of Flash Player and AIR version 20!  With this December release, we’ve added new features, important security updates and functional bug fixes for our customers.  Full details on this release can be found in our release notes and security bulletin.

Updates for Flash Player 20 have automatically started rolling out to those that have enabled “Allow Adobe to install updates (recommended)”.  If you’ve opted into this auto update mechanism there’s no work required on your end.   Over the next 24 hours we’ll be pushing this update out silently and automatically to computers connected to the internet.

Customers using Google Chrome or Windows 8.x/10 Internet Explorer or Microsoft Edge will receive the update through the Google and Microsoft update mechanisms.

Last week we made some exciting announcements around Flash Professional, now Adobe Animate CC, and a new partnership for the Flash Runtime.  The future is very bright for the Animate CC team and for the designers and developers that use this tool.  The changes and improvements they’ve made and have planned for 2016 are inspiring and we’re more than confident that they will continue to deliver the innovation that our customers need to succeed.

On the Flash Runtime side, we’re thrilled to announce our partnership with Facebook.  We know that our customers and developers rely on Flash content to work securely and reliably.  With this new partnership with Facebook, our ongoing collaboration with both Google and Microsoft, and our close work with Apple, Mozilla, Opera and others, we’re committed more than ever to making the Flash Runtime secure, reliable, and compatible for everyone.

As we close out 2015, Flash Player enjoys amazing ubiquity with full support from every major browser and operating system in use today.  Flash Player is built into every version of Google Chrome and ChromeOS.  Flash Player comes as part of both the Windows 8 and Windows 10 operating systems and works seamlessly with both Internet Explorer and Microsoft Edge.  Flash Player has full support from Mozilla Firefox, Apple Safari, and Opera.  This unprecedented level of support allows our developers to be successful and our customers to enjoy the content they want to use, view, and play.  We look forward to great things to come in 2016 and we wish everyone a happy new year!


Read past the break for the highlights of this release!

Continue reading…

Guide for Supporting Screen Orientation with Full-Screen Flash Player Content

Authored by David Kim

Prior to version 15, Flash Player (FP) did not provide notification of change in screen orientation.  Starting with FP version 15 (FP 15), notification of screen orientation will be provided through triggering of a resize event if the FP content is playing in full-screen.  Also, FP 15 will allow the Stage.fullScreenSourceRect property to be set even while in full-screen and have the setting take effect without a display state change.  FP contents that support full screen playback should be modified to react to the resize events that are triggered when the screen orientation changes.

Continue reading…

Stage3D “standard” profile


Authored by Cheng Liao

The Stage3D “standard” profile is a high-level function set that contains a lot of advanced graphics features. We introduced it in Flash/AIR14 for desktop platforms, and extended its support to mobile platforms in Flash/AIR15. This is a huge leap for Stage3D and it keeps Flash gaming moving forward.

What’s new in “standard” profile

Continue reading…

Relaxing Render Target Clear operation in Stage3D

Authored by Jing Chen

Prior to Flash Player 15.0 and AIR 15.0, there was a strict restriction that the clear function must be called on a render target before drawing, so that the content in a render texture does not get preserved after invoking the clear function. In Flash Player 15.0 and AIR 15.0, we have optimized the old internal rendering system and have removed this requirement.

In this blog post, we’ll show the benefits of this feature.

Continue reading…

An outline of Flash Runtime installation options


From time to time, we receive questions and concerns from our customers regarding their options for installing and deploying the Flash Runtime components.  This blog post will provide a high level overview of the options available.  For additional information, please see the links below.

Continue reading…

Flash Runtime 14 is now available!


Today we’re releasing Flash Player 14 and the AIR 14 Runtime and SDK.  This a major quarterly releases that includes new functionality, bug fixes, and security updates.  We recommend taking a look at our release notes or visiting the Flash Player announcement or AIR announcement page for download links and additional details.


Continue reading…

ActionScript rises to #14 on the Tiobe Index


ActionScript History on the Tiobe Index


Thank you to Jonathan Hart (@jonathanhartsf) and others for the heads up on the recent resurgence of ActionScript on the Tiobe Index.  Last month ActionScript broke into the top 20.  The June numbers are now out and it’s moved up to the 14th spot!  None of this would be possible without the awesome support of our AS developer community, creating and inspiring us with their applications and games for both mobile and desktop platforms!  Thank you!


Latest Updates on the Flash Runtime

There’s been talk recently on different forums regarding Adobe’s position on the Flash Runtime.  Hopefully some of the work we’re doing and items outlined below will help answer these questions.

First, let me introduce myself.  My name is Chris Campbell and I’m the product manager and customer advocate for the Flash Runtime product team.  I’ve been part of the Flash and AIR teams for the last 4 years and prior to that I worked for 14 years as a developer in our digital imaging group.  Some of you might know me from the forums, where I’ve spent a lot of time working with customers to bring issues to the engineering team.  I’m on Twitter @liquidate but you can also reach me via email at

What have we been up to lately?

Improved Packaging Engine – We’ve made massive improvements to our iOS packaging engine (Halfmoon AOT), with reduced packaging times up to 10x.  This work lays the foundation for future features like iOS workers.  This has been in our beta builds for a while (we try to make these publicly available on a regular basis) and was out in our public AIR 4.0 release.

ActionScript concurrency for Android – We knew this would be a hit with the feedback we received with ActionScript Workers on the desktop so getting this over to mobile was a priority for us.  We had an extended beta for this feature and it made its public appearance in AIR 3.9 with additional fixes based on feedback received in our 4.0 release.

Support for new versions of OSX, Windows, iOS and Android – We know that our developers and users want to use the latest OS’s and browsers.  We have made sure that the Runtime supports these targets and we’re committed to making sure that continues in the future.

Here are just a few of the new features that we’re working on this year –

ActionScript concurrency for iOS – Now that we’re finishing up with the Halfmoon packaging work, the next step is to add support for ActionScript Workers on iOS.  We know this is an important feature and we’re looking forward to starting an extended beta for this later this year.

Improvements to Stage3D – Stage3D was a massive game changer for Flash.  We want to add to this with significant efficiency improvements by supporting multiple render targets.  If you’ve been around for a while, you might remember a previous beta for AGAL2.  We’re picking this up again now that we’ve got support for all supported platforms and we should have something to share later this summer.

PPAPI debugging – A long time request has been the ability to debug Flash content on Google Chrome.  We’ve been working to bring our debugger to the PPAPI platform and we’re almost ready for a beta release.  This required a lot of work under the hood and while we’re there we’re also tackling a nagging Stage3D performance problem.  Progress has been going well and we’re optimistic that we’ll have a solution for our customers.

Game discovery – We know that there are a huge number of games available on the market and it’s hard to get the user’s attention.  We believe we can help.  One of our greatest strengths is the reach of our platform.  Flash Player is installed on over a billion computers!  The AIR shared runtime is installed on 50+ million Android devices!  We’re working to figure out how we can leverage these strengths to improve your app’s success.  Look for details on Adobe GameSpace, Playpanel, GamePreviews, and more in the very near future.

It’s certainly true that we have increased our investments on HTML technologies, but Adobe and the Flash product team are dedicated to pushing the Flash runtime platform forward.  We believe that AIR and Flash Player are excellent solutions for both the video and gaming markets.

While most of Adobe’s marketing and PR activities are focused on the Creative Cloud and Marketing Cloud initiatives, we are working on the following items to help improve our messaging around the Flash Runtime.

  • Redesign, refresh and make regular content updates to our game development web site.  We’ll be retiring the microsite and instead updates will be made to our Adobe Developer Connection page found here –
  • Create a new Flash Runtime showcase website that allows for easy showcase project submissions by our development community.
  • Reach out to the community and promote their games and usage of Adobe tools through guest blog posts and case studies that we feature on   If you’re interested, please contact me via email.
  • Find additional and creative ways to allow our passionate development community to evangelize the use of Flash Runtime

Finally, in a recent Adobe post there was some confusion regarding PhoneGap and if this product was supplanting or replacing AIR.  This is not the case.  We believe both of these technologies have merit and we recommend developers pick a solution that best suits their project.  For gaming and video related applications, on either the desktop or mobile platforms, we believe the Flash Runtime continues to be a great choice.

Upcoming changes to Flash Player’s extended support release

Beginning May 13th, 2014, we will be upgrading Flash Player’s extended support release from version 11.7 to version 13.  This change impacts enterprise and IT customers that currently deploy Flash Player using the extended support releases available through our distribution channel.

Adobe makes available the extended support release to organizations that prefer Flash Player stability over new functionality.  We will create a branch of the Flash Player code that we keep up to date with all of the latest security updates, but none of the new features or bug fixes available in our normal release branch.  This allows organizations to certify and stay secure with Flash Player with minimal effort.

To ensure a smooth transition, we encourage IT organizations to thoroughly test our version 13 releases (currently available on over the next couple of months before deploying.