Asterisk News

Asterisk Releases

Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Release)

Oct 20, 2014

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert2, 11.6-cert7, 1.8.31.1, 11.13.1, 12.6.1, and 13.0.0-beta3.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases 

The release of these versions resolves the following security vulnerability:

  • AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
    Asterisk is susceptible to the POODLE vulnerability in two ways:
    1. The res_jabber and res_xmpp module both use SSLv3 exclusively for their encrypted connections.
    2. The core TLS handling in Asterisk, which is used by the chan_sip channel driver, Asterisk Manager Interface (AMI), and Asterisk HTTP Server, by default allow a TLS connection to fallback to SSLv3. This allows for a MITM to potentially force a connection to fallback to SSLv3, exposing it to the POODLE vulnerability.

These issues have been resolved in the versions released in conjunction with this security advisory. For more information about the details of this vulnerability, please read security advisory AST-2014-011, which was released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

The security advisory is available at:

Thank you for your continued support of Asterisk!


Asterisk 12.6.0 Now Available

Sep 24, 2014

The Asterisk Development Team has announced the release of Asterisk 12.6.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.6.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-22252] - res_musiconhold cleanup - REF_DEBUG reload warnings and ref leaks
  • [ASTERISK-23577] - res_rtp_asterisk: Crash in ast_rtp_on_turn_rtp_state when RTP instance is NULL
  • [ASTERISK-23634] - With TURN Asterisk crashes on multiple (7-10) concurrent WebRTC (avpg/encryption/icesupport) calls
  • [ASTERISK-23767] - [patch] Dynamic IAX2 registration stops trying if ever not able to resolve
  • [ASTERISK-23994] - res_pjsip_sdp_rtp: owner address in SDP may not be fully qualified domainname
  • [ASTERISK-23997] - chan_sip: port incorrectly incremented for RTCP ICE candidates in SDP answer
  • [ASTERISK-24019] - When a Music On Hold stream starts it restarts at beginning of file.
  • [ASTERISK-24027] - MixMonitor AMI action called during AGI execution from bridge feature causes channel to leave AGI has hung up
  • [ASTERISK-24032] - Gentoo compilation emits warning: "_FORTIFY_SOURCE" redefined
  • [ASTERISK-24043] - ARI /continue fails to actually continue into the dialplan
  • [ASTERISK-24136] - Security: Crash in Asterisk's PJSIP code when subscribing to an event with an unexpected body type
  • [ASTERISK-24143] - pjsip: Outbound call to WebRTC UA fails to transmit ACK on received 200 OK
  • [ASTERISK-24147] - ARI: channel hangup crashes asterisk process
  • [ASTERISK-24161] - PJSIPShowEndpoint gives inaccurate count of list items
  • [ASTERISK-24178] - [patch]fromdomainport used even if not set
  • [ASTERISK-24212] - testsuite: Sporadic crash due to assert on stopping RTP engine
  • [ASTERISK-24225] - Dial option z is broken
  • [ASTERISK-24229] - ARI: playback of sounds implicitly answers channel, preventing early media playback
  • [ASTERISK-24231] - crash: CLI execution of realtime destroy sippeers id 1 causes crash due to NULL name provided to ast_variable
  • [ASTERISK-24234] - app_meetme: Crash on conference shutdown due to NULL channel passed to meetme_stasis_generate_msg()
  • [ASTERISK-24236] - res_hep_rtcp: Module incorrectly depends on pjsip
  • [ASTERISK-24237] - CDR: FRACK With PJSIP blonde transfer.
  • [ASTERISK-24241] - crash: CDRs recursively attempt to update Party B information in a multi-party bridge, overrunning the stack
  • [ASTERISK-24245] - gcc 4.1.2 complains of files that do not end with newlines
  • [ASTERISK-24249] - SIP debugs do not stop
  • [ASTERISK-24254] - CDRs: Application/args/dialplan CEP updated during dial operation
  • [ASTERISK-24264] - ARI: Adding a channel to a holding bridge automatically starts MOH
  • [ASTERISK-24290] - Endpoint identifier match value fails to parse when CIDR network format is specified
  • [ASTERISK-24301] - Security: Out of call MESSAGE requests processed via Message channel driver can crash Asterisk
  • [ASTERISK-24331] - Unexpected Errors in Asterisk Manager Interface Output

Improvement

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.6.0

Thank you for your continued support of Asterisk!


Asterisk 11.13.0 Now Available

Sep 24, 2014

The Asterisk Development Team has announced the release of Asterisk 11.13.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.13.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-22252] - res_musiconhold cleanup - REF_DEBUG reload warnings and ref leaks
  • [ASTERISK-23577] - res_rtp_asterisk: Crash in ast_rtp_on_turn_rtp_state when RTP instance is NULL
  • [ASTERISK-23634] - With TURN Asterisk crashes on multiple (7-10) concurrent WebRTC (avpg/encryption/icesupport) calls
  • [ASTERISK-23767] - [patch] Dynamic IAX2 registration stops trying if ever not able to resolve
  • [ASTERISK-23997] - chan_sip: port incorrectly incremented for RTCP ICE candidates in SDP answer
  • [ASTERISK-24019] - When a Music On Hold stream starts it restarts at beginning of file.
  • [ASTERISK-24032] - Gentoo compilation emits warning: "_FORTIFY_SOURCE" redefined
  • [ASTERISK-24178] - [patch]fromdomainport used even if not set
  • [ASTERISK-24211] - testsuite: Fix the dial_LS_options test
  • [ASTERISK-24225] - Dial option z is broken
  • [ASTERISK-24249] - SIP debugs do not stop
  • [ASTERISK-24301] - Security: Out of call MESSAGE requests processed via Message channel driver can crash Asterisk

Improvement

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0

Thank you for your continued support of Asterisk!


Asterisk 1.8.31.0 Now Available

Sep 24, 2014

The Asterisk Development Team has announced the release of Asterisk 1.8.31.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.31.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

Improvement

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0

Thank you for your continued support of Asterisk!


Asterisk 13.0.0-beta2 Now Available!

Sep 19, 2014

The Asterisk Development Team is pleased to announce the second beta release of Asterisk 13.0.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

All interested users of Asterisk are encouraged to participate in the Asterisk 13 testing process. Please report any issues found to the issue tracker, https://issues.asterisk.org/jira. All Asterisk users are invited to participate in the #asterisk-bugs channel to help communicate issues found to the Asterisk developers. It is also very useful to see successful test reports. Please post those to the asterisk-dev mailing list (http://lists.digium.com). Asterisk 13 is the next major release series of Asterisk. It will be a Long Term Support (LTS) release, similar to Asterisk 11.

For more information about support time lines for Asterisk releases, see the Asterisk versions page:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

For important information regarding upgrading to Asterisk 13, please see the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13

A short list of new features includes:

  • Asterisk security events are now provided via AMI, allowing end users to monitor their Asterisk system in real time for security related issues.
  • Both AMI and ARI now allow external systems to control the state of a mailbox. Using AMI actions or ARI resources, external systems can programmatically trigger Message Waiting Indicators (MWI) on subscribed phones. This is of particular use to those who want to build their own VoiceMail application using ARI.
  • ARI now supports the reception/transmission of out of call text messages using any supported channel driver/protocol stack through ARI. Users receive out of call text messages as JSON events over the ARI websocket connection, and can send out of call text messages using HTTP requests.
  • The PJSIP stack now supports RFC 4662 Resource Lists, allowing Asterisk to act as a Resource List Server. This includes defining lists of presence state, mailbox state, or lists of presence state/mailbox state; managing subscriptions to lists; and batched delivery of NOTIFY requests to subscribers.
  • The PJSIP stack can now be used as a means of distributing device state or mailbox state via PUBLISH requests to other Asterisk instances. This is analogous to Asterisk's clustering support using XMPP or Corosync; unlike existing clustering mechanisms, using the PJSIP stack to perform the distribution of state does not rely on another daemon or server to perform the work.

And much more!

More information about the new features can be found on the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation

A full list of all new features can also be found in the CHANGES file:

http://svnview.digium.com/svn/asterisk/branches/13/CHANGES

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0-beta2

Thank you for your continued support of Asterisk!


Pages

Subscribe to