New in version 13.0.1
December 4th, 2014
- AST-2014-012: Fix error with mixed address family ACLs. Prior to this commit, the address family of the first item in an ACL was used to compare all incoming traffic. This could lead to traffic of other IP address families bypassing ACLs.
- AST-2014-013: Fix PJSIP ACLs not loading on startup and apply/ACL issues on contact The biggest problem this patch fixes is that ACLs weren't previously being loaded when the res_pjsip_acl module was loaded. In addition, the ACL options contact_permit and contact_acl were effectively interpreted as contact_deny and this patch fixes that as well.
- AST-2014-015: Fix race condition in chan_pjsip when sending responses after a CANCEL has been received. Due to the serialized architecture of chan_pjsip there exists a race condition where a CANCEL may be received and processed before responses (such as 180 Ringing, 183 Session Progress, and 200 OK) are sent. Since the session is in an unexpected state PJSIP will assert when this is attempted. This change makes it so that these responses are not sent on disconnected sessions.
- AST-2014-016: Fix crash when receiving an in-dialog INVITE with Replaces in res_pjsip_refer. The implementation of INVITE with Replaces in res_pjsip_refer did not expect them to occur in-dialog. As a result it would incorrectly attempt to hang up a channel it thought was under its control. In reality the channel would be under the control of another thread. When the other thread accessed the channel it would be accessing freed memory and could crash. This change makes res_pjsip_refer not act on an in-dialog INVITE with Replaces.
- AST-2014-017 - app_confbridge: permission escalation/ class authorization. Confbridge dialplan function permission escalation via AMI and inappropriate class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action â€œConfbridgeStartRecordâ€ could also be used to execute arbitrary system commands without first checking for system access. Asterisk now inhibits the CONFBRIDGE function from being executed from an external interface if the live_dangerously option is set to no. Also, the â€œConfbridgeStartRecordâ€ AMI action is now only allowed to execute under a user with system level access.
- AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Asterisk now inhibits the DB function from being executed from an external interface if the live_dangerously option is set to no.
New in version 184.108.40.206 (May 8th, 2012)
- Prevent chanspy from binding to zombie channels
- (Closes issue ASTERISK-19493. Reported by lvl)
- Fix Dial m and r options and forked calls generating warnings for voice frames.
- (Closes issue ASTERISK-16901. Reported by Chris Gentle)
- Remove ISDN hold restriction for non-bridged calls.
- (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
- Fix copying of CDR(accountcode) to local channels.
- (Closes issue ASTERISK-19384. Reported by jamicque)
- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
- (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
- Eliminate double close of file descriptor in manager.c
- (Closes issue ASTERISK-18453. Reported by Jaco Kroon)
New in version 220.127.116.11 (March 23rd, 2012)
- The release of Asterisk 18.104.22.168 and 10.2.1 resolve two issues. First, they resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun on the stack, but no remote code execution is possible. Second, they resolve an issue in HTTP AMI where digest authentication information can be used to overrun a buffer on the stack, allowing for code injection and execution.
- These issues and their resolution are described in the security advisory.
New in version 1.8.0 (October 28th, 2010)
- This release includes new features. For a list of new features that have been included with this release, please see the CHANGES file inside the source package. Since this is new major release, users are encouraged to do extended testing before upgrading to this version in a production environment.
New in version 1.4.24 (March 18th, 2009)
- The Asterisk Development Team is proud to announce release of Asterisk 1.4.24, and is available for immediate download at http://downloads.digium.com/
- In addition to other bug fixes, this release candidate fixes several crash issues, and resolved some remaining issues related to call pickup and call parking that were discovered after the release of Asterisk 1.4.23. In addition, issues related to chan_iax2, and regressions introduced to the 'h' extension have been resolved.
- This release marks the first inclusion of the release summary files which will be included in all future releases. The purpose is to give a clearer overview of the changes that have taken place between the current and previous release, which issues have been closed, and which community members were involved with issue submission, code commits, and issue testing. Additionally, a diffstat at the end of the file shows at a brief glance the number of changes made to files between the previous and current releases.
- For a summary of the changes in this release, please see the release summary. For a full list of changes in this release, please see the ChangeLog.
- The following list of bugs were resolved with the participation of the community, and this release would not have been possible without your help!
- Paging application crashes asterisk. Closes issue #14308. Submitted by bluefox. Tested by kc0bvu. Patched by seanbright.
- Crash in VoiceMailMain if hangup occurs before a valid mailbox number is entered (IMAP only). Closes issue #14473. Submitted by, and patch provided by dwpaul.
- Incoming Gtalk calls fail. Closes issue #13984. Submitted by, tested, and patched by jcovert.
- Realtime peers are never qualified after 'sip reload'. Closes issue #14196. Submitted by, tested, and patched by pdf.
- SIP Attended Transfer fails. Closes issue 14611. Submitted by, tested, and patched by klaus3000.