Asterisk News

Asterisk Releases

Asterisk 13.2.0-rc1 Now Available

Jan 30, 2015

The Asterisk Development Team has announced the release of Asterisk 13.2.0-rc1. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 13.2.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Improvements

  • [ASTERISK-24316] - For httpd server, need option to define server name for security purposes
  • [ASTERISK-24412] - [patch]Incomplete channel originate/continue handling with ARI
  • [ASTERISK-24552] - ARI: Allow associating a channel as an initiator of an Origination for record keeping purposes
  • [ASTERISK-24553] - ARI/AMI: Include language in standard channel snapshot output
  • [ASTERISK-24575] - [patch]Make capath work for res_pjsip
  • [ASTERISK-24643] - res_pjsip: Add user=phone option
  • [ASTERISK-24644] - res_pjsip_keepalive: Add keepalive module for connection-oriented transports.
  • [ASTERISK-24671] - Missing docs for the CDR AMI Event
  • [ASTERISK-24678] - [PATCH] Added atxfer* settings to features.conf.sample

Bugs

  • [ASTERISK-20744] - [patch] Security event logging does not work over syslog
  • [ASTERISK-23733] - 'reload acl' fails if acl.conf is not present on startup
  • [ASTERISK-23841] - DTMF atxfer doesn't set CallerID for the recall calls to the transferrer.
  • [ASTERISK-23850] - Park Application does not respect Return Context Priority
  • [ASTERISK-23991] - [patch]asterisk.pc file contains a small error in the CFlags returned
  • [ASTERISK-24048] - [patch] contrib/scripts/install_prereq selects 32-bit packages on 64-bit hosts
  • [ASTERISK-24049] - Asterisk Manager Interface: A number of list type responses aren't using astman_send_listack
  • [ASTERISK-24288] - [patch] - ODBC usage with app_voicemail - voicemail is not deleted after review, hangup
  • [ASTERISK-24337] - Spammy DEBUG message needs to be at a higher level - 'Remote address is null, most likely RTP has been stopped'
  • [ASTERISK-24342] - PJSIP: Qualifying endpoints attempts to do them all at the same time.
  • [ASTERISK-24355] - [patch] chan_sip realtime uses case sensitive column comparison for 'defaultuser'
  • [ASTERISK-24376] - res_pjsip_refer: REFER request for remote session attempts to direct channel to external_replaces extension instead of context, without providing for the Referred-To SIP URI
  • [ASTERISK-24449] - Reinvite for T.38 UDPTL fails if SRTP is enabled
  • [ASTERISK-24459] - bridge_native_rtp: Native RTP bridging is chosen for RTP compatible channels when the DTMF mode is not compatible
  • [ASTERISK-24472] - Asterisk Crash in OpenSSL when calling over WSS from JSSIP
  • [ASTERISK-24474] - sip_to_pjsip.py lacks documentation and does not function
  • [ASTERISK-24485] - res_pjsip cannot be unloaded or shutdown
  • [ASTERISK-24513] - Local channel apparently leaked in off-nominal DTMF attended transfer
  • [ASTERISK-24514] - res_pjsip_outbound_registration: stack overflow when using non-default sorcery wizard
  • [ASTERISK-24536] - AMI redirect with PJSIP fails to move extra channel
  • [ASTERISK-24539] - Compile fails on OSX because of sem_timedwait in bridge_channel.c
  • [ASTERISK-24544] - Compile fails on OSX Yosemite because of incorrect detection of htonll and ntohll
  • [ASTERISK-24560] - Creating a named ARI bridge twice causes a crash
  • [ASTERISK-24563] - Direct Media calls within private network sometimes get one way audio
  • [ASTERISK-24591] - Stasis() side of an ARI originated channel cannot be Redirected
  • [ASTERISK-24600] - Stuck IAX channels, Asterisk stops responding to most traffic, potential deadlock
  • [ASTERISK-24604] - res_rtp_asterisk: Crash during restart due to race condition in accessing codec in stored ast_frame and codec core
  • [ASTERISK-24607] - res_pjsip_session: re-INVITE with declined media streams results in 488
  • [ASTERISK-24614] - Deadlock when DEBUG_THREADS compiler flag enabled
  • [ASTERISK-24615] - When Multiple Transports Exist in pjsip.conf, Incorrect External Addresses is Used in SIP Packets When Responding to INVITE
  • [ASTERISK-24619] - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly casts char to unsigned int
  • [ASTERISK-24624] - Transfer to invalid extension results in hung channel.
  • [ASTERISK-24626] - Voicemail passwords not being stored in ARA
  • [ASTERISK-24628] - [patch] chan_sip - CANCEL is sent to wrong destination when 'sendrpid=yes' (in proxy environment)
  • [ASTERISK-24635] - PJSIP outbound PUBLISH crashes when no response is ever received
  • [ASTERISK-24637] - Channel re-enters Stasis() when it should not
  • [ASTERISK-24640] - Registration pending stays forever after sip reload
  • [ASTERISK-24646] - PJSIP changeset 4899 breaks TLS
  • [ASTERISK-24649] - Pushing of channel into bridge fails; Stasis fails to get app name
  • [ASTERISK-24655] - res_pjsip_outbound_publish: Hang on shutdown while attempting to publish
  • [ASTERISK-24663] - [patch] Unnamed semaphore autoconf check fails on cross compilation
  • [ASTERISK-24665] - Configure check required for pjsip_get_dest_info()
  • [ASTERISK-24666] - Security Vulnerability: RTP not closed after sip call using unsupported codec
  • [ASTERISK-24672] - [PATCH] Memory leak in func_curl CURLOPT
  • [ASTERISK-24673] - outgoing sip registers cannot be removed or modified without doing restart (or doing module unload chan_sip.so)
  • [ASTERISK-24676] - Security Vulnerability: URL request injection in libCURL (CVE-2014-8150)
  • [ASTERISK-24682] - app_dial: Multiple DialEnd events emitted when MACRO_RESULT or GOSUB_RESULT are an unexpected value
  • [ASTERISK-24693] - Investigate and fix memory leaks in Asterisk
  • [ASTERISK-24709] - [patch] msg_create_from_file used by MixMonitor m() option does not queue an MWI event
  • [ASTERISK-24711] - DTLS handshake broken with latest OpenSSL versions
  • [ASTERISK-24715] - chan_sip: stale nonce causes failure
  • [ASTERISK-24719] - ConfBridge recording channels get stuck when recording started/stopped more than once
  • [ASTERISK-24721] - manager: ModuleLoad action incorrectly reports 'module not found' during a Reload operation
  • [ASTERISK-24723] - confbridge: CLI command 'confbridge list XXXX' no longer displays user menus
  • [ASTERISK-24728] - tcptls: Bad file descriptor error when reloading chan_sip
  • [ASTERISK-24729] - Outbound registration not occuring on new registrations after reload.
  • [ASTERISK-24736] - Memory Leak Fixes
  • [ASTERISK-24737] - When agent not logged in, agent status shows unavailable, queue status shows agent invalid

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.2.0-rc1

Thank you for your continued support of Asterisk!


Asterisk 11.16.0-rc1 Now Available

Jan 30, 2015

The Asterisk Development Team has announced the release of Asterisk 11.16.0-rc1. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.16.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bugs

  • [ASTERISK-20744] - [patch] Security event logging does not work over syslog
  • [ASTERISK-23733] - 'reload acl' fails if acl.conf is not present on startup
  • [ASTERISK-23850] - Park Application does not respect Return Context Priority
  • [ASTERISK-23991] - [patch]asterisk.pc file contains a small error in the CFlags returned
  • [ASTERISK-24048] - [patch] contrib/scripts/install_prereq selects 32-bit packages on 64-bit hosts
  • [ASTERISK-24288] - [patch] - ODBC usage with app_voicemail - voicemail is not deleted after review, hangup
  • [ASTERISK-24337] - Spammy DEBUG message needs to be at a higher level - 'Remote address is null, most likely RTP has been stopped'
  • [ASTERISK-24355] - [patch] chan_sip realtime uses case sensitive column comparison for 'defaultuser'
  • [ASTERISK-24449] - Reinvite for T.38 UDPTL fails if SRTP is enabled
  • [ASTERISK-24472] - Asterisk Crash in OpenSSL when calling over WSS from JSSIP
  • [ASTERISK-24614] - Deadlock when DEBUG_THREADS compiler flag enabled
  • [ASTERISK-24619] - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly casts char to unsigned int
  • [ASTERISK-24628] - [patch] chan_sip - CANCEL is sent to wrong destination when 'sendrpid=yes' (in proxy environment)
  • [ASTERISK-24646] - PJSIP changeset 4899 breaks TLS
  • [ASTERISK-24672] - [PATCH] Memory leak in func_curl CURLOPT
  • [ASTERISK-24676] - Security Vulnerability: URL request injection in libCURL (CVE-2014-8150)
  • [ASTERISK-24709] - [patch] msg_create_from_file used by MixMonitor m() option does not queue an MWI event
  • [ASTERISK-24711] - DTLS handshake broken with latest OpenSSL versions
  • [ASTERISK-24715] - chan_sip: stale nonce causes failure
  • [ASTERISK-24719] - ConfBridge recording channels get stuck when recording started/stopped more than once
  • [ASTERISK-24728] - tcptls: Bad file descriptor error when reloading chan_sip

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0-rc1

Thank you for your continued support of Asterisk!


Asterisk 1.8.28-cert4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, 13.1.1 Now Available (Security Release)

Jan 28, 2015

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, and 13.1.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerabilities:

  • AST-2015-001: File descriptor leak when incompatible codecs are offered
    Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected.
  • AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
    CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

For more information about the details of these vulnerabilities, please read security advisory AST-2015-001 and AST-2015-002, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs:

The security advisories are available at:

Thank you for your continued support of Asterisk!


Asterisk 13.1.0 Now Available

Dec 15, 2014

The Asterisk Development Team has announced the release of Asterisk 13.1.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 13.1.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-15242] - transmit_refer leaks sip_refer structures
  • [ASTERISK-20127] - [Regression] Config.c config_text_file_load() unescapes semicolons ("\;" -> ";") turning them into comments (corruption) on rewrite of a config file
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-23651] - Reloading some modules that are loaded already, results in 'No such module' before a successful reload
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24250] - [patch] Voicemail with multi-recipients To: header fix
  • [ASTERISK-24257] - agent must dial acceptdtmf twice to bridge to queue caller
  • [ASTERISK-24304] - asterisk crashing randomly because of unistim channel
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24336] - PJSIP timer_min_se value under 90 causes crash
  • [ASTERISK-24411] - [patch] Status of outbound registration is not changed upon unregistering.
  • [ASTERISK-24430] - missing letter "p" in word response in OriginateResponse event documentation
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24437] - Review implementation of ast_bridge_impart for leaks and document proper usage
  • [ASTERISK-24438] - res_pjsip_multihomed.so blocks Asterisk reload when DNS settings invalid
  • [ASTERISK-24444] - PBX: Crash when generating extension for pattern matching hint
  • [ASTERISK-24447] - Bridge DTMF hooks: Audio doesn't pass when waiting for more matching digits.
  • [ASTERISK-24453] - manager: acl_change_sub leaks
  • [ASTERISK-24454] - app_queue: ao2_iterator not destroyed, causing leak
  • [ASTERISK-24455] - func_cdr: CDR_PROP leaks payload
  • [ASTERISK-24457] - res_fax: fax gateway frames leak
  • [ASTERISK-24458] - chan_phone fails to build on big endian systems
  • [ASTERISK-24462] - res_pjsip: Stale qualify statistics after disablementation
  • [ASTERISK-24465] - audiohooks list leaks reference to formats
  • [ASTERISK-24466] - app_queue: fix a couple leaks to struct call_queue
  • [ASTERISK-24468] - Incoming UCS2 encoded SMS truncated if SMS length exceeds 50 (roughly) national symbols
  • [ASTERISK-24469] - Security Vulnerability: Mixed IPv4/IPv6 ACLs allow blocked addresses through
  • [ASTERISK-24471] - Crash - assert_fail in libc in pjmedia_sdp_neg_negotiate from /usr/local/lib/libpjmedia.so.2
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks
  • [ASTERISK-24480] - res_http_websockets: Module reference decrease below zero
  • [ASTERISK-24482] - func_talkdetect: Fix stasis message leak in audiohook callback
  • [ASTERISK-24487] - configuration: sections should be loadable as template even when not marked
  • [ASTERISK-24489] - Crash: Asterisk crashes when converting RTCP packet to JSON for res_hep_rtcp and report blocks are greater than 1
  • [ASTERISK-24491] - Memory leak in res_hep
  • [ASTERISK-24492] - main/file.c: ast_filestream sometimes causes extra calls to ast_module_unref
  • [ASTERISK-24498] - Segmentation fault in res_hep_rtcp on attended transfer
  • [ASTERISK-24500] - Regression introduced in chan_mgcp by SVN revision r227276
  • [ASTERISK-24501] - ARI: Moving a channel between bridges followed by a hangup can cause an ARI client to not receive an expected ChannelLeftBridge event before StasisEnd
  • [ASTERISK-24502] - Build fails when dev-mode, dont optimize and coverage are enabled
  • [ASTERISK-24504] - chan_console: Fix reference leaks to pvt
  • [ASTERISK-24505] - manager: http connections leak references
  • [ASTERISK-24508] - pjsip - REFER request from SNOM is rejected with "400 bad request" - DEBUG shows "Received a REFER without a parseable Refer-To"
  • [ASTERISK-24516] - [patch]Asterisk segfaults when playing back voicemail under high concurrency with an IMAP backend
  • [ASTERISK-24522] - ConfBridge: delay occurs between kicking all endmarked users when last marked user leaves
  • [ASTERISK-24528] - res_pjsip_refer: Sending INVITE with Replaces in-dialog with invalid target causes crash
  • [ASTERISK-24531] - res_pjsip_acl: ACLs not applied on initial module load
  • [ASTERISK-24533] - 2 threads created per chan_sip entry
  • [ASTERISK-24535] - stringfields: Fix regression from fix for unintentional memory retention and another issue exposed by the fix
  • [ASTERISK-24537] - Stasis: StasisStart/StasisEnd events are not reliably transmitted during transfers
  • [ASTERISK-24542] - [patch]Failure showing codecs via 'core show channeltype <tech>'
  • [ASTERISK-24556] - Asterisk 13 core dumps when calling from pjsip extension to another pjsip extension
  • [ASTERISK-24572] - [patch]App_meetme is loaded without its defaults when the configuration file is missing
  • [ASTERISK-24573] - [patch]Out of sync conversation recording when divided in multiple recordings

Improvement

  • [ASTERISK-24279] - Documentation: Clarify the behaviour of the CDR property 'unanswered'
  • [ASTERISK-24283] - [patch]Microseconds precision in the eventtime column in the cel_odbc module
  • [ASTERISK-24530] - [patch] app_record stripping 1/4 second from recordings
  • [ASTERISK-24577] - Speed up loopback switches by avoiding unneeded lookups

New Feature

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.1.0

Thank you for your continued support of Asterisk!


Asterisk 12.8.0 Now Available

Dec 15, 2014

The Asterisk Development Team has announced the release of Asterisk 12.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.8.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-15242] - transmit_refer leaks sip_refer structures
  • [ASTERISK-20127] - [Regression] Config.c config_text_file_load() unescapes semicolons ("\;" -> ";") turning them into comments (corruption) on rewrite of a config file
  • [ASTERISK-23651] - Reloading some modules that are loaded already, results in 'No such module' before a successful reload
  • [ASTERISK-24257] - agent must dial acceptdtmf twice to bridge to queue caller
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24336] - PJSIP timer_min_se value under 90 causes crash
  • [ASTERISK-24438] - res_pjsip_multihomed.so blocks Asterisk reload when DNS settings invalid
  • [ASTERISK-24444] - PBX: Crash when generating extension for pattern matching hint
  • [ASTERISK-24447] - Bridge DTMF hooks: Audio doesn't pass when waiting for more matching digits.
  • [ASTERISK-24468] - Incoming UCS2 encoded SMS truncated if SMS length exceeds 50 (roughly) national symbols
  • [ASTERISK-24469] - Security Vulnerability: Mixed IPv4/IPv6 ACLs allow blocked addresses through
  • [ASTERISK-24471] - Crash - assert_fail in libc in pjmedia_sdp_neg_negotiate from /usr/local/lib/libpjmedia.so.2
  • [ASTERISK-24480] - res_http_websockets: Module reference decrease below zero
  • [ASTERISK-24482] - func_talkdetect: Fix stasis message leak in audiohook callback
  • [ASTERISK-24487] - configuration: sections should be loadable as template even when not marked
  • [ASTERISK-24489] - Crash: Asterisk crashes when converting RTCP packet to JSON for res_hep_rtcp and report blocks are greater than 1
  • [ASTERISK-24491] - Memory leak in res_hep
  • [ASTERISK-24492] - main/file.c: ast_filestream sometimes causes extra calls to ast_module_unref
  • [ASTERISK-24498] - Segmentation fault in res_hep_rtcp on attended transfer
  • [ASTERISK-24500] - Regression introduced in chan_mgcp by SVN revision r227276
  • [ASTERISK-24501] - ARI: Moving a channel between bridges followed by a hangup can cause an ARI client to not receive an expected ChannelLeftBridge event before StasisEnd
  • [ASTERISK-24502] - Build fails when dev-mode, dont optimize and coverage are enabled
  • [ASTERISK-24504] - chan_console: Fix reference leaks to pvt
  • [ASTERISK-24505] - manager: http connections leak references
  • [ASTERISK-24508] - pjsip - REFER request from SNOM is rejected with "400 bad request" - DEBUG shows "Received a REFER without a parseable Refer-To"
  • [ASTERISK-24516] - [patch]Asterisk segfaults when playing back voicemail under high concurrency with an IMAP backend
  • [ASTERISK-24522] - ConfBridge: delay occurs between kicking all endmarked users when last marked user leaves
  • [ASTERISK-24528] - res_pjsip_refer: Sending INVITE with Replaces in-dialog with invalid target causes crash
  • [ASTERISK-24531] - res_pjsip_acl: ACLs not applied on initial module load
  • [ASTERISK-24533] - 2 threads created per chan_sip entry
  • [ASTERISK-24535] - stringfields: Fix regression from fix for unintentional memory retention and another issue exposed by the fix
  • [ASTERISK-24537] - Stasis: StasisStart/StasisEnd events are not reliably transmitted during transfers
  • [ASTERISK-24572] - [patch]App_meetme is loaded without its defaults when the configuration file is missing
  • [ASTERISK-24573] - [patch]Out of sync conversation recording when divided in multiple recordings

Improvement

  • [ASTERISK-24279] - Documentation: Clarify the behaviour of the CDR property 'unanswered'
  • [ASTERISK-24283] - [patch]Microseconds precision in the eventtime column in the cel_odbc module
  • [ASTERISK-24530] - [patch] app_record stripping 1/4 second from recordings
  • [ASTERISK-24577] - Speed up loopback switches by avoiding unneeded lookups

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.8.0

Thank you for your continued support of Asterisk!


Pages

Subscribe to