[asterisk-users] CORRECTED asterisk release 21.0.1
The earlier announcement should not have had any User or Upgrade notes. The Asterisk Development Team would like to announce security release Asterisk 21.0.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.0.1 and https://downloads.asterisk.org/pub/telephony/asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files]( https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f ) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation]( https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq ) - [PJSIP logging allows attacker to inject fake Asterisk log entries ]( https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7 ) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update']( https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh ) Change Log for Release asterisk-21.0.1 Links: - [Full ChangeLog]( https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.0.1.md) - [GitHub Diff]( https://github.com/asterisk/asterisk/compare/21.0.0...21.0.1) - [Tarball]( https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.0.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_pjsip: disable raw bad packet logging - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. User Notes: Upgrade Notes: Closed Issues: None -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] CORRECTED asterisk release certified-18.9-cert6
The earlier release announcement should NOT have had any User or Upgrade notes. The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert6. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert6 and https://downloads.asterisk.org/pub/telephony/certified-asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files]( https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f ) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation]( https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq ) - [PJSIP logging allows attacker to inject fake Asterisk log entries ]( https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7 ) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update']( https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh ) Change Log for Release asterisk-certified-18.9-cert6 Links: - [Full ChangeLog]( https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-certified-18.9-cert6.md) - [GitHub Diff]( https://github.com/asterisk/asterisk/compare/certified-18.9-cert5...certified-18.9-cert6) - [Tarball]( https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-certified-18.9-cert6.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. - res_pjsip: disable raw bad packet logging User Notes: Upgrade Notes: Closed Issues: None -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] asterisk release certified-18.9-cert6
The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert6. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert6 and https://downloads.asterisk.org/pub/telephony/certified-asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq) - [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh) Change Log for Release asterisk-certified-18.9-cert6 Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-certified-18.9-cert6.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-18.9-cert5...certified-18.9-cert6) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-certified-18.9-cert6.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. - res_pjsip: disable raw bad packet logging User Notes: - ### app_read: Add an option to return terminator on empty digits. A new option 'e' has been added to allow Read() to return the terminator as the dialed digits in the case where only the terminator is entered. - ### format_sln: add .slin as supported file extension format_sln now recognizes '.slin' as a valid file extension in addition to the existing '.sln' and '.raw'. - ### app_directory: Add a 'skip call' option. A new option 's' has been added to the Directory() application that will skip calling the extension and instead set the extension as DIRECTORY_EXTEN channel variable. - ### app_senddtmf: Add option to answer target channel. A new option has been added to SendDTMF() which will answer the specified channel if it is not already up. If no channel is specified, the current channel will be answered instead. - ### cli: increase channel column width This change increases the display width on 'core show channels' amd 'core show channels verbose' For 'core show channels', the Channel name field is increased to 64 characters and the Location name field is increased to 32 characters. For 'core show channels verbose', the Channel name field is increased to 80 characters, the Context is increased to 24 characters and the Extension is increased to 24 characters. - ### bridge_builtin_features: add beep via touch variable Add optional touch variable : TOUCH_MIXMONITOR_BEEP(interval) Setting TOUCH_MIXMONITOR_BEEP/TOUCH_MONITOR_BEEP to a valid interval in seconds will result in a periodic beep being played to the monitored channel upon MixMontior/Monitor feature start. If an interval less than 5 seconds is specified, the interval will default to 5 seconds. If the value is set to an invalid interval, the default of 15 seconds will be used. - ### test.c: Fix counting of tests and add 2 new tests The "tests" attribute of the "testsuite" element in the output XML now reflects only the tests actually requested to be executed instead of all the tests registered. The "failures" attribute was added to the "testsuite" element. Also added two new unit tests that just pass and fail to be used for testing CI itself. - ### res_mixmonitor: MixMonitorMute by MixMonitor ID It is now possible to specify the MixMonitorID when calling the manager action: MixMonitorMute. This will allow an individual MixMonitor instance to be muted via ID. The MixMonitorID can be stored as a channel variable using the 'i' MixMonitor option and is returned upon creation if this option is used. As part of this change, if no MixMonitorID is specified in the manager action MixMonitorMute, Asterisk will set the mute flag on all MixMonitor audiohooks on the channel. Previous behavior would set the flag on the first MixMonitor audiohook found. Upgrade Notes: Closed Issues: None -- _ -- Bandwidth and Colocation Provided by
[asterisk-users] asterisk release 21.0.1
The Asterisk Development Team would like to announce security release Asterisk 21.0.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.0.1 and https://downloads.asterisk.org/pub/telephony/asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq) - [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh) Change Log for Release asterisk-21.0.1 Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.0.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.0.0...21.0.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.0.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_pjsip: disable raw bad packet logging - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. User Notes: - ### http.c: Minor simplification to HTTP status output. For bound addresses, the HTTP status page now combines the bound address and bound port in a single line. Additionally, the SSL bind address has been renamed to TLS. Upgrade Notes: - ### chan_sip: Remove deprecated module. This module was deprecated in Asterisk 17 and is now being removed in accordance with the Asterisk Module Deprecation policy. - ### res_monitor: Remove deprecated module. This module was deprecated in Asterisk 16 and is now being removed in accordance with the Asterisk Module Deprecation policy. This also removes the 'w' and 'W' options for app_queue. MixMonitor should be default and only option for all settings that previously used either Monitor or MixMonitor. - ### app_osplookup: Remove deprecated module. This module was deprecated in Asterisk 19 and is now being removed in accordance with the Asterisk Module Deprecation policy. - ### app_cdr: Remove deprecated application and option. The previously deprecated NoCDR application has been removed. Additionally, the previously deprecated 'e' option to the ResetCDR application has been removed. - ### chan_skinny: Remove deprecated module. This module was deprecated in Asterisk 19 and is now being removed in accordance with the Asterisk Module Deprecation policy. - ### chan_mgcp: Remove deprecated module. This module was deprecated in Asterisk 19 and is now being removed in accordance with the Asterisk Module Deprecation policy. - ### translate.c: Prefer better codecs upon translate ties. When setting up translation between two codecs the quality was not taken into account, resulting in suboptimal translation. The quality is now taken into account, which can reduce the number of translation steps required, and improve the resulting quality. - ### app_macro: Remove deprecated module. This module was deprecated in Asterisk 16 and is now being removed in accordance with the Asterisk Module Deprecation policy. For most modules that interacted with app_macro, this change is limited to no longer looking for the current context from the macrocontext when set. The following modules have additional impacts: app_dial - no longer supports M^ connected/redirecting macro app_minivm - samples written using macro will no longer work. The sample needs to be re-written app_queue - can no longer call a macro on the called party's channel. Use gosub which is currently supported ccss - no callback macro, gosub only app_voicemail - no macro support channel - remove macrocontext and priority, no connected line or redirection macro options options - stdexten is deprecated to gosub as the default and only options pbx - removed macrolock pbx_dundi - no longer look for macro snmp - removed macro context, exten, and priority - ### chan_alsa: Remove deprecated module. This module was deprecated in Asterisk 19 and is now being removed in accordance with the Asterisk Module Deprecation policy. - ### pbx_builtins: Remove deprecated and defunct functionality. The previously deprecated
[asterisk-users] asterisk release 20.5.1
The Asterisk Development Team would like to announce security release Asterisk 20.5.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.5.1 and https://downloads.asterisk.org/pub/telephony/asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq) - [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh) Change Log for Release asterisk-20.5.1 Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.5.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.5.0...20.5.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.5.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_pjsip: disable raw bad packet logging - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. User Notes: Upgrade Notes: Closed Issues: None -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] asterisk release 18.20.1
The Asterisk Development Team would like to announce security release Asterisk 18.20.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.20.1 and https://downloads.asterisk.org/pub/telephony/asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq) - [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh) Change Log for Release asterisk-18.20.1 Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.20.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.20.0...18.20.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.20.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_pjsip: disable raw bad packet logging - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. User Notes: Upgrade Notes: Closed Issues: None -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users