Hello! We would like to announce the OpenSIPS 3.6.6 and 4.0.0-rc1 releases, which include a significant set of security fixes and related hardening improvements.
Over the last two weeks, we received and analyzed around 30 security reports from multiple researchers. This resulted in 24 security-related commits, 12 security advisories and 6 CVEs assigned for the confirmed vulnerabilities. Most of the issues require specific configurations, modules or traffic scenarios in order to be triggered. However, given the security nature of these fixes, we strongly recommend upgrading to the latest available version as soon as possible. We also published a blog post with more context on this recent wave of security reports and on how OpenSIPS handles such fixes with priority: https://blog.opensips.org/2026/05/21/recent-security-fixes-in-opensips/ Full changelogs: https://opensips.org/pub/opensips/3.6.6/ChangeLog https://opensips.org/pub/opensips/4.0.0-rc1/ChangeLog Security advisories: https://github.com/OpenSIPS/opensips/security/advisories Packages are/will be available at: DEBs: https://apt.opensips.org RPMs: https://yum.opensips.org We would also like to thank the security researchers who responsibly reported these issues and helped us improve OpenSIPS. Please upgrade as soon as possible. Best regards, OpenSIPS Team _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
