Shotgun Review: New Year, New Features
In 2014 we introduced Shotgun Review for iPhone - our first mobile app. By providing a full set of review tools that fits in your pocket, Shotgun Review for iPhone helps supervisors stay in the loop and provide visual feedback on their projects anywhere they go. This means reducing the amount of time artists spend waiting for feedback, which equals more iterations before your deadline.

To kick off 2015, we’ve released an update to Shotgun Review for iPhone - available now in the Apple App Store. We’ve focused this release on security and a few highly requested features - here’s what’s new:

- Admins can now control who can access their Shotgun site with Shotgun Review via a new permission setting.

- Login support for Shotgun sites not hosted by us (This one's for our locally installed clients out there that use http and non-standard URLs!)

- A handful of additional security-related updates

- ...and we squashed some annoying bugs

Shotgun Review for iPhone is available for free for all current Shotgun subscribers. Download it for free on the Apple App Store today.

Happy Holidays!
Happy Holidays from the Shotgun Crew!

It's been a big year at Shotgun and we're grateful for all of your support along the way. 

We want to give a big thank you and wish you all a happy holiday and a great new year!

Security Update
As many of you know, the Shotgun team size grew quite a bit with the Autodesk acquisition and this allows us to go much faster in feature development!

Our new size also lets us devote more resources to focus on the security of our client data. As you know, we have always considered security as our priority #1 feature. 

Now, our continued efforts and investments in security are backed by Autodesk’s own commitment and resources!

We’re continuing our quarterly security assessments by an independent 3rd party auditor. This includes validation of all existing and new products such as the new Shotgun Review iOS application. Our Q3 audit was done by Independent Security Evaluators (ISE). We know data security requires constant vigilance, so we've decided to increase our investment in security and will work with ISE to ensure new features are secure from the start of the design phase. Doing so will greatly reduce the risk of having security holes in the final applications.

On the Autodesk front, we work with Autodesk’s Information Security team to ensure our internal policies and processes adhere to Autodesk’s high standards. These will help ensure that, as the team grows, we’re always keeping client data secure. Additionally, we benefit from rapid internal communication channels to deal with external security threats as they arise.

The bottom line is that we know our hosted customers trust us with extremely valuable IP so we continue to add protection layers to ensure your data stays safe. And now, benefiting from Autodesk resources, not only can we go faster on feature development, we have and continue to increase our investments in security.
Announcing Shotgun 5.4
We’re pleased to announce 5.4. This release is jam-packed with features that open the door for more teams to track and review their work in Shotgun.

"5.4 works flawlessly so far and I wonder how on earth we did without the new web player and still image support until now. Awesome job!" 
-Frank Lenhard, PiXABLE STUDIOS

"What a great update guys! New web player and Lightbox are just awesome, and what I really like is the way you're matching all the new functionality and hotkeys with RV - that is just sooo right! Please, keep it up!" 
- Alexey Borzykh, Asymmetric VFX Studio

Support for Reviewing Still Images

We’ve updated our review tools to support teams reviewing still images (such as concept art or storyboards). Now, images submitted to Shotgun for review display at higher resolutions and appear closer to the color and quality of their source files. We’re also introducing new pan and zoom functionality to the overlay player so you can quickly move around your images, draw on the frames, and leave notes as feedback.

Redesigned Overlay Player & New Image Attachment Viewer

As part of our still image support, we’ve also improved the overlay look and feel of the overlay player. Viewing previous annotations within overlay player now previews the image within the same browser window, helping you keep your context and review the content of notes faster. Tools are more accessible, and we’ve added a bunch of new keyboard shortcuts to support the new tools.

Support for Different Project Workflows

As studios evolve, they tend to take on more and different types of projects. These days, many of our clients work on film, TV, and even games, all within the same studio. In order to accommodate these types of studios, you can now customize the things you track in a project, as well as their fields, pipeline steps, and statuses. Maybe your games projects require different steps than your film projects. Or maybe you have a different set of approval statuses on your TV projects than your film projects. By letting different workflows coexist in the same studio, we’re opening the door for departments and teams to work together on the same Shotgun site.

Learn more...

Smart(er) Thumbnails

We’ve updated thumbnail fields with a new option to show the latest version instead of a manually uploaded thumbnail. This benefits studios in two ways: 1) thumbnails will automatically update based on the latest submission, saving you tons of time and requiring less customization to keep your thumbnails up to date, and 2) you now have a much better indicator of the status of your shots, assets, and other things you’re tracking. Just glance at the thumbnail and you can see how work is progressing.

Powerful New Ways to Connect Your Data

We’ve upped the limit on how many “hops” we support for bringing related data on a page. For example, if you want to view a Task’s Shot’s Sequence’s “Delivery Date” alongside a Task’s “Due Date”, now you can. You can even group, sort, and filter by these fields. Many of our users have affectionately referred to this as “double hops”.

Cheers to you all you power users--enjoy!


Irish VFX + Animation Summit
We're happy to be collaborating with The Irish VFX + Animation Summit next week. The Summit encourages engagement between studios and future artists and focuses on the importance of students and prospective artists knowing how best to show others their work and find the best VFX and animation opportunities.

Shotgun will be used to track submissions and review feedback for this year's Showreel Clinic, which will allow artists to submit their work for 1-on-1 feedback from Summit Speakers and senior artists attending the event and participate in personalized dailies sessions. 

Irish VFX+ Animation Summit Details

Location: Science Gallery, The Naughton Institute, Trinity College, Pearse St, Dublin 2
Date: Friday Nov. 28- Sunday Nov. 30th

Click here for more information and to register.
The Chrome Plugin Support Update
As you may or may not be aware, Google announced earlier this year that they will be pulling support for plugins from Chrome. Unfortunately, they have been fairly tight-lipped on the details and timing. But, over the last few months they have taken a few steps in this direction, adding more speed bumps for any users who wish to permit plugin use within Chrome, and completely disabling plugins on Linux already (as of v35). Google has not yet announced exactly when plugin support will be fully discontinued, but alluded to sometime around the end of 2014. There are two critical questions that will affect our recommendation to clients and future development in this area:

- When will plugin support finally be completely deactivated? (Google won’t say.)

- Will Java still be supported? (Java is currently a functional alternative to using our browser plugin, though we initially built the plugin because many clients wanted to move away from Java.)

Since we heard the news, we have been brainstorming on how best to replace the Shotgun functionality that is facilitated by our custom browser plugin. This includes Local File Linking and some Pipeline Toolkit functions, all of which need some sort of added tech to work around the standard browser security that disallows interaction with the file system from a web page. See this post in our GitHub repo for a bit more background.

Our long term plan is to work this functionality into our Shotgun Desktop client, but we are still in progress on that solution. We originally hoped to have it ready before the end of the year, but we need a bit more time to ensure we have a production-ready replacement. We are now aiming to deploy the new setup in a patch release in early 2015. Also, since locally hosted clients are traditionally delayed on new releases, it could take longer for them to receive the replacement solution compared to clients on hosted sites.

If your studio depends on Chrome and uses Shotgun’s Local File Linking or Pipeline Toolkit functionality, we strongly recommend that you have a contingency plan in place. Current workarounds include:

- Use another supported browser
- Lock off on a version of Chrome that still supports plugins - delay upgrading to the version where plugin support is pulled (of course this may carry some risk, as you may miss out on patches for any security vulnerabilities that are/were discovered after that version’s release)

We know this is not the best news for Chrome users, but it is unfortunately not entirely in our control, and we felt it would be prudent to warn you of the impending situation now so you have time to make alternate plans.

Of course, as always, if you have any questions or concerns, please reach out to our support team and we will do our best to work through this with you and find an acceptable solution.

The Shotgun Team

Get to Know... School of Visual Arts

We recently had the opportunity to chat with Joseph Mulvanerty, Cross Platform Systems Administrator at the School of Visual Arts in New York City. We spoke with Joseph about SVA and how the school has integrated the use of Shotgun both inside and outside of the classroom.

Tell us about the School of Visual Arts.

SVA Computer Art is the undergraduate computer art, animation and visual effects department at School of Visual Arts. SVA Computer Art started in the 90s when computers advanced as a medium for creating artwork. Our program has since evolved into a department that is focused on computer animation and visual effects. Coming from an animation studio in NYC, it felt natural to come to this department as we have the same gear and software used in the professional VFX industry. We have great technical resources and workflows that mirror what our graduates will find when they start working in the real world. We like to bring in people who work in production, so most of our instructors are adjunct professors who also currently work in the industry.

The artists are younger, but working here is the same environment as a professional VFX and animation shop. We have between 300-400 students in our department. We are an accredited school and this is a BFA Computer Arts program.
Image Credit: Jon Stulich

Why has SVA been so successful?

I think it starts with the Chairman of the department, John McIntosh. He brings plenty of industry experience along with the ability to anticipate the future of the industry. That’s part of how Shotgun became introduced at SVA. He’s at trade shows and conventions along with talking to major studios to get insight on the latest studio practices. We're adopting advanced levels of pipeline integration and workflows so our students are familiar working with these methods.

What do you do at SVA?

I am part of a systems crew that builds and supports our computer animation studio environment. Each person has specialization ranging from render management to desktop support. My title is Cross Platform Systems Administrator. Our studio runs on any OS our students will see out in the wild when they graduate, so we use Mac, Windows and some Linux. From my studio experience I also help solve production problems and manage our Shotgun pipeline.

The program focuses on pre-to-post production and everything in between. If students want to do live action, we have cameras and lighting. If they want to get deep into post, we have an audio recording studio and a grading/finishing suite — we go beyond the standard animation tools you need to know if you’re going to be a CG artist. I think some of our capabilities rival other studios.

What’s a day in the life of Joseph like?

I enjoy collaborating with our students to solve problems with their projects. This is a technical position but in many cases I am also teaching on how to handle computer animation challenges. We also have plenty of great tech here so I get to be involved with cameras, lighting, motion capture and chromakey.

I also focus heavily on Shotgun integration. So where Shotgun might typically have a studio wide standard implementation where all projects are handled the same way, here we’re building individual pipelines for each student on a per project basis. Our Shotgun project setup will be different for someone who’s doing live action with VFX as opposed to someone who's doing a job that's all 3D CG animation. The people at Shotgun have been great with helping us head down the right path. We’re both using Shotgun as a workflow tool to help our students complete their projects but also as an educational tool to help teach them how jobs get done in a professional environment.

Image Credit: Jon Stulich
How long have you been using Shotgun?

Shotgun has been in use here for a couple of years. It was originally used as a tool for teachers to review student work. This year we fully integrated Shotgun into our student project production pipeline.

A major focus for our students is their senior thesis project. They often collaborate with other students to produce these films all of which are created in Shotgun with complete pipeline integration. For this year 60 short films being produced through Shotgun. Each film can have one or more students collaborating on the production with instructors and administrators using Shotgun for review and feedback.

How is Shotgun working for the students?

We really just started implementing use of Shotgun as a production management tool for our seniors this year, and I’m working on building that out to tie Shotgun into our render management system so that all of that gets tracked in Shotgun as well. Our students are responding really well to using Shotgun, and instructors love it too as most of them are already using it in their studios. Pushing students to run projects through Shotgun also helps students keep their work managed and organized so they can focus on the creative process instead.

We also have students who play dual roles on their projects both as project manager/producer, and as an artist. The new Shotgun Desktop feature has been helpful in this regard - when you’re project managing, the site is where the action is, but when you are ready to focus on an artist task, the Desktop puts everything you need right in front of you.

Image Credit: Jon Stulich
What tools does SVA use in the program?

It really depends on what the artist is working on. It could be Maya, if they’re incorporating mocap then probably also MotionBuilder. We use a lot of sculptural tools, zBrush and Mudbox, but it could also be Hiero to ingest live action footage and Nuke if they’re doing a lot of compositing, and even Houdini if they’re working on simulations and always Photoshop if they’re working on textures. We use a wide range of tools and the nice thing is that most of them play nicely with Shotgun. For editing and finishing we have Final Cut Pro, ProTools, Resolve and Scratch.

Do you develop proprietary tools?

We don’t here at SVA, but coming from a studio that did develop our own pipeline software tools, I can attest to what a huge leap it is to work with Shotgun. Straight out of the box, Shotgun is much more functional than anything we were ever able to develop in house.

What is your favorite thing about working in NYC?

I’ve lived here my entire life so you end up having this expectation that everything is immediately accessible. Anything you want to do or see or be a part of—you can find it here, that’s what I like about New York City.

When you aren’t working, what’s the ideal way to spend a day?

Performing music. When I’m not here I am out of town playing shows. It's good to be creative and step away from tech for a while.

What led you to visual effects?

Like plenty of kids I was cartooning instead of paying attention in class. I aspired to be a traditional animator. That led to studying design and working wherever art and computers came together. I've seen effects an animation evolve form practical special effects to full CG productions. I was lucky to have spent a few years at an animation/VFX studio here in New York.

What’s the biggest benefit of standardizing student projects on Shotgun?

It’s as simple as everyone being on the same page on any given project. Having a comfort level and familiarity with running multiple projects at the same time, and understanding shot structure is really important. Also, when I’m helping students problem solve, Shotgun informs me exactly where to drop in on a project to tackle a given issue. We have so much going on here at once, and Shotgun keeps all of that organized, everything from naming conventions to the versions of software being used and ultimately helps us avoid making mistakes and reinforces great professional habits in our students as we prepare to send them off into the real world.

POODLE Vulnerability : Help Us Help You!
As part of our remediation plan following the public disclosure of the POODLE vulnerability, we will be disabling support for SSLv3 from our servers. We intend to do this on November 18, 2014.

Testing your environment

While we have performed extensive tests on our systems, we would ask all users of our hosted sites to execute the “” test script (available for download at the following location) to confirm that you can access, through your environment, a test site called “” running on a server on which SSLv3 has been disabled. The script connects anonymously to the test site and performs basic operations such as version creation, version deletion and (optionally) thumbnail upload.

The script can be invoked as follows:

python [ -a pathToShotgunAPI ] [ -t pathToThumbnailImage ]

Note that the –a argument can be omitted if the path to the Shotgun API is already in your PYTHONPATH environment variable. For instance:

python –a ~/dev/shotgun_api –t ~/image.jpg

If the script runs successfully, this means that you can successfully access a SSLv3-disabled server and you should be ready to go for the November 18 deadline. Otherwise, please contact so that we can quickly help troubleshoot your issue.

Disabling SSLv3 in your browsers

All modern Web browsers already support other cryptographic protocols, so access to the Web application will not be impacted when we turn off SSLv3 on our servers. You are however encouraged to disable SSLv3 in your browsers: Details on how to do this are available at the following location:

Again, please let us know at if you have any concerns or questions about this.

Shotgun Team


Background information on POODLE

A low-to-high1 severity vulnerability affecting web servers and other applications that use Secure Sockets Layer v3 (SSLv3) has been disclosed. An attacker who is in an active man-in-the-middle (MitM) position may be able to launch a chosen plain-text attack to decrypt and obtain targeted portions of SSLv3 encrypted data such as HTTP session cookies.

The vulnerability resides in SSLv3 connections that use block ciphers in cipher-block chaining (CBC) mode. At its core, the issue is the fact that SSLv3 does authentication before encryption. It is a design flaw within the protocol itself, and not of any specific implementation. As such, any application that relies or supports SSLv3 and accepts cipher suites that use CBC with encryption are vulnerable. Transport Layer Security (TLS) is not vulnerable directly. However, it is possible to perform downgrade attacks in which the client is forced to use SSLv3 instead of TLS, if SSLv3 is supported.

The attack that exploits this SSLv3 vulnerability is referred to as Padding Oracle On Downgraded Legacy Encryption (POODLE). The POODLE attack is very similar to the Browser Exploit Against SSL/TLS (BEAST)3 attack from a few years ago. That is, the attacker is not only required to have a privileged network position, but also the ability to influence the client to send multiple requests to the server. Because of this requirement, POODLE attacks will typically target HTTPS connections. It is important to note that the attack is not exclusive to only HTTPS, and that other services that use SSLv3 may be vulnerable to practical attack as well.

Despite its age and available replacements, SSLv3 is still widely used. As of October 12, 2014, 96.9% of the HTTPS Alex Top 1 Million websites supported SSLv34, and are therefore likely affected by POODLE.
Upcoming Autodesk Community Sessions
Next week the Autodesk family will be hosting community sessions in Stockholm, Gothenburg and Copenhagen to present the latest features in Shotgun, Maya, Flame, and 3ds Max!
Join us to learn more about the Shotgun toolset and Shotgun's integrations with Maya and Flame, updates on 3ds Max, new Maya features, and Flame 2015. Specialist Stuart Holloway will also be introducing and showcasing Flame 2015's new creative tools for Extension 2.

For more information and to register, click on the location and day you'd like to attend below:

Stockholm (Nov. 12) at 1pm CET
Gothenburg (Nov. 13) at 1pm CET
Copenhagen (Nov. 14) at 1pm CET

Hope to see you there!

Shotgun at VES Summit

We're excited to be participating in the upcoming VES Summit this Saturday October 18th in Hollywood where the VFX community comes together to discuss and explore the latest breakthroughs in film, tech, gaming and entrepreneurism.

Our very own Don Parker will be leading two roundtable discussions on building a successful business and turning customers into both investors and partners (and friends)!

"How to Build a Successful Business in Today's Climate"
Saturday October 18th
11am-12pm and 1-2pm
Location: W Hotel Hollywood, 6250 Hollywood Boulevard

More info on the VES Summit and how to register here
<< Older Posts    

Our Story

We are industry folk who love production. A handful of us met while building...
Read More
Subscribe to updates via email

Follow Us