Asterisk News

Asterisk Releases

Asterisk 11.16.0-rc1 Now Available

Jan 30, 2015

The Asterisk Development Team has announced the release of Asterisk 11.16.0-rc1. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.16.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bugs

  • [ASTERISK-20744] - [patch] Security event logging does not work over syslog
  • [ASTERISK-23733] - 'reload acl' fails if acl.conf is not present on startup
  • [ASTERISK-23850] - Park Application does not respect Return Context Priority
  • [ASTERISK-23991] - [patch]asterisk.pc file contains a small error in the CFlags returned
  • [ASTERISK-24048] - [patch] contrib/scripts/install_prereq selects 32-bit packages on 64-bit hosts
  • [ASTERISK-24288] - [patch] - ODBC usage with app_voicemail - voicemail is not deleted after review, hangup
  • [ASTERISK-24337] - Spammy DEBUG message needs to be at a higher level - 'Remote address is null, most likely RTP has been stopped'
  • [ASTERISK-24355] - [patch] chan_sip realtime uses case sensitive column comparison for 'defaultuser'
  • [ASTERISK-24449] - Reinvite for T.38 UDPTL fails if SRTP is enabled
  • [ASTERISK-24472] - Asterisk Crash in OpenSSL when calling over WSS from JSSIP
  • [ASTERISK-24614] - Deadlock when DEBUG_THREADS compiler flag enabled
  • [ASTERISK-24619] - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly casts char to unsigned int
  • [ASTERISK-24628] - [patch] chan_sip - CANCEL is sent to wrong destination when 'sendrpid=yes' (in proxy environment)
  • [ASTERISK-24646] - PJSIP changeset 4899 breaks TLS
  • [ASTERISK-24672] - [PATCH] Memory leak in func_curl CURLOPT
  • [ASTERISK-24676] - Security Vulnerability: URL request injection in libCURL (CVE-2014-8150)
  • [ASTERISK-24709] - [patch] msg_create_from_file used by MixMonitor m() option does not queue an MWI event
  • [ASTERISK-24711] - DTLS handshake broken with latest OpenSSL versions
  • [ASTERISK-24715] - chan_sip: stale nonce causes failure
  • [ASTERISK-24719] - ConfBridge recording channels get stuck when recording started/stopped more than once
  • [ASTERISK-24728] - tcptls: Bad file descriptor error when reloading chan_sip

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0-rc1

Thank you for your continued support of Asterisk!


Asterisk 1.8.28-cert4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, 13.1.1 Now Available (Security Release)

Jan 28, 2015

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, and 13.1.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerabilities:

  • AST-2015-001: File descriptor leak when incompatible codecs are offered
    Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected.
  • AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
    CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

For more information about the details of these vulnerabilities, please read security advisory AST-2015-001 and AST-2015-002, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs:

The security advisories are available at:

Thank you for your continued support of Asterisk!


Asterisk 13.1.0 Now Available

Dec 15, 2014

The Asterisk Development Team has announced the release of Asterisk 13.1.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 13.1.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-15242] - transmit_refer leaks sip_refer structures
  • [ASTERISK-20127] - [Regression] Config.c config_text_file_load() unescapes semicolons ("\;" -> ";") turning them into comments (corruption) on rewrite of a config file
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-23651] - Reloading some modules that are loaded already, results in 'No such module' before a successful reload
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24250] - [patch] Voicemail with multi-recipients To: header fix
  • [ASTERISK-24257] - agent must dial acceptdtmf twice to bridge to queue caller
  • [ASTERISK-24304] - asterisk crashing randomly because of unistim channel
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24336] - PJSIP timer_min_se value under 90 causes crash
  • [ASTERISK-24411] - [patch] Status of outbound registration is not changed upon unregistering.
  • [ASTERISK-24430] - missing letter "p" in word response in OriginateResponse event documentation
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24437] - Review implementation of ast_bridge_impart for leaks and document proper usage
  • [ASTERISK-24438] - res_pjsip_multihomed.so blocks Asterisk reload when DNS settings invalid
  • [ASTERISK-24444] - PBX: Crash when generating extension for pattern matching hint
  • [ASTERISK-24447] - Bridge DTMF hooks: Audio doesn't pass when waiting for more matching digits.
  • [ASTERISK-24453] - manager: acl_change_sub leaks
  • [ASTERISK-24454] - app_queue: ao2_iterator not destroyed, causing leak
  • [ASTERISK-24455] - func_cdr: CDR_PROP leaks payload
  • [ASTERISK-24457] - res_fax: fax gateway frames leak
  • [ASTERISK-24458] - chan_phone fails to build on big endian systems
  • [ASTERISK-24462] - res_pjsip: Stale qualify statistics after disablementation
  • [ASTERISK-24465] - audiohooks list leaks reference to formats
  • [ASTERISK-24466] - app_queue: fix a couple leaks to struct call_queue
  • [ASTERISK-24468] - Incoming UCS2 encoded SMS truncated if SMS length exceeds 50 (roughly) national symbols
  • [ASTERISK-24469] - Security Vulnerability: Mixed IPv4/IPv6 ACLs allow blocked addresses through
  • [ASTERISK-24471] - Crash - assert_fail in libc in pjmedia_sdp_neg_negotiate from /usr/local/lib/libpjmedia.so.2
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks
  • [ASTERISK-24480] - res_http_websockets: Module reference decrease below zero
  • [ASTERISK-24482] - func_talkdetect: Fix stasis message leak in audiohook callback
  • [ASTERISK-24487] - configuration: sections should be loadable as template even when not marked
  • [ASTERISK-24489] - Crash: Asterisk crashes when converting RTCP packet to JSON for res_hep_rtcp and report blocks are greater than 1
  • [ASTERISK-24491] - Memory leak in res_hep
  • [ASTERISK-24492] - main/file.c: ast_filestream sometimes causes extra calls to ast_module_unref
  • [ASTERISK-24498] - Segmentation fault in res_hep_rtcp on attended transfer
  • [ASTERISK-24500] - Regression introduced in chan_mgcp by SVN revision r227276
  • [ASTERISK-24501] - ARI: Moving a channel between bridges followed by a hangup can cause an ARI client to not receive an expected ChannelLeftBridge event before StasisEnd
  • [ASTERISK-24502] - Build fails when dev-mode, dont optimize and coverage are enabled
  • [ASTERISK-24504] - chan_console: Fix reference leaks to pvt
  • [ASTERISK-24505] - manager: http connections leak references
  • [ASTERISK-24508] - pjsip - REFER request from SNOM is rejected with "400 bad request" - DEBUG shows "Received a REFER without a parseable Refer-To"
  • [ASTERISK-24516] - [patch]Asterisk segfaults when playing back voicemail under high concurrency with an IMAP backend
  • [ASTERISK-24522] - ConfBridge: delay occurs between kicking all endmarked users when last marked user leaves
  • [ASTERISK-24528] - res_pjsip_refer: Sending INVITE with Replaces in-dialog with invalid target causes crash
  • [ASTERISK-24531] - res_pjsip_acl: ACLs not applied on initial module load
  • [ASTERISK-24533] - 2 threads created per chan_sip entry
  • [ASTERISK-24535] - stringfields: Fix regression from fix for unintentional memory retention and another issue exposed by the fix
  • [ASTERISK-24537] - Stasis: StasisStart/StasisEnd events are not reliably transmitted during transfers
  • [ASTERISK-24542] - [patch]Failure showing codecs via 'core show channeltype <tech>'
  • [ASTERISK-24556] - Asterisk 13 core dumps when calling from pjsip extension to another pjsip extension
  • [ASTERISK-24572] - [patch]App_meetme is loaded without its defaults when the configuration file is missing
  • [ASTERISK-24573] - [patch]Out of sync conversation recording when divided in multiple recordings

Improvement

  • [ASTERISK-24279] - Documentation: Clarify the behaviour of the CDR property 'unanswered'
  • [ASTERISK-24283] - [patch]Microseconds precision in the eventtime column in the cel_odbc module
  • [ASTERISK-24530] - [patch] app_record stripping 1/4 second from recordings
  • [ASTERISK-24577] - Speed up loopback switches by avoiding unneeded lookups

New Feature

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.1.0

Thank you for your continued support of Asterisk!


Asterisk 12.8.0 Now Available

Dec 15, 2014

The Asterisk Development Team has announced the release of Asterisk 12.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.8.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-15242] - transmit_refer leaks sip_refer structures
  • [ASTERISK-20127] - [Regression] Config.c config_text_file_load() unescapes semicolons ("\;" -> ";") turning them into comments (corruption) on rewrite of a config file
  • [ASTERISK-23651] - Reloading some modules that are loaded already, results in 'No such module' before a successful reload
  • [ASTERISK-24257] - agent must dial acceptdtmf twice to bridge to queue caller
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24336] - PJSIP timer_min_se value under 90 causes crash
  • [ASTERISK-24438] - res_pjsip_multihomed.so blocks Asterisk reload when DNS settings invalid
  • [ASTERISK-24444] - PBX: Crash when generating extension for pattern matching hint
  • [ASTERISK-24447] - Bridge DTMF hooks: Audio doesn't pass when waiting for more matching digits.
  • [ASTERISK-24468] - Incoming UCS2 encoded SMS truncated if SMS length exceeds 50 (roughly) national symbols
  • [ASTERISK-24469] - Security Vulnerability: Mixed IPv4/IPv6 ACLs allow blocked addresses through
  • [ASTERISK-24471] - Crash - assert_fail in libc in pjmedia_sdp_neg_negotiate from /usr/local/lib/libpjmedia.so.2
  • [ASTERISK-24480] - res_http_websockets: Module reference decrease below zero
  • [ASTERISK-24482] - func_talkdetect: Fix stasis message leak in audiohook callback
  • [ASTERISK-24487] - configuration: sections should be loadable as template even when not marked
  • [ASTERISK-24489] - Crash: Asterisk crashes when converting RTCP packet to JSON for res_hep_rtcp and report blocks are greater than 1
  • [ASTERISK-24491] - Memory leak in res_hep
  • [ASTERISK-24492] - main/file.c: ast_filestream sometimes causes extra calls to ast_module_unref
  • [ASTERISK-24498] - Segmentation fault in res_hep_rtcp on attended transfer
  • [ASTERISK-24500] - Regression introduced in chan_mgcp by SVN revision r227276
  • [ASTERISK-24501] - ARI: Moving a channel between bridges followed by a hangup can cause an ARI client to not receive an expected ChannelLeftBridge event before StasisEnd
  • [ASTERISK-24502] - Build fails when dev-mode, dont optimize and coverage are enabled
  • [ASTERISK-24504] - chan_console: Fix reference leaks to pvt
  • [ASTERISK-24505] - manager: http connections leak references
  • [ASTERISK-24508] - pjsip - REFER request from SNOM is rejected with "400 bad request" - DEBUG shows "Received a REFER without a parseable Refer-To"
  • [ASTERISK-24516] - [patch]Asterisk segfaults when playing back voicemail under high concurrency with an IMAP backend
  • [ASTERISK-24522] - ConfBridge: delay occurs between kicking all endmarked users when last marked user leaves
  • [ASTERISK-24528] - res_pjsip_refer: Sending INVITE with Replaces in-dialog with invalid target causes crash
  • [ASTERISK-24531] - res_pjsip_acl: ACLs not applied on initial module load
  • [ASTERISK-24533] - 2 threads created per chan_sip entry
  • [ASTERISK-24535] - stringfields: Fix regression from fix for unintentional memory retention and another issue exposed by the fix
  • [ASTERISK-24537] - Stasis: StasisStart/StasisEnd events are not reliably transmitted during transfers
  • [ASTERISK-24572] - [patch]App_meetme is loaded without its defaults when the configuration file is missing
  • [ASTERISK-24573] - [patch]Out of sync conversation recording when divided in multiple recordings

Improvement

  • [ASTERISK-24279] - Documentation: Clarify the behaviour of the CDR property 'unanswered'
  • [ASTERISK-24283] - [patch]Microseconds precision in the eventtime column in the cel_odbc module
  • [ASTERISK-24530] - [patch] app_record stripping 1/4 second from recordings
  • [ASTERISK-24577] - Speed up loopback switches by avoiding unneeded lookups

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.8.0

Thank you for your continued support of Asterisk!


Asterisk 11.15.0 Now Available

Dec 15, 2014

The Asterisk Development Team has announced the release of Asterisk 11.15.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.15.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-15242] - transmit_refer leaks sip_refer structures
  • [ASTERISK-20127] - [Regression] Config.c config_text_file_load() unescapes semicolons ("\;" -> ";") turning them into comments (corruption) on rewrite of a config file
  • [ASTERISK-20402] - Unable to cancel (features.conf) attended transfer
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24440] - Call leak in Confbridge
  • [ASTERISK-24444] - PBX: Crash when generating extension for pattern matching hint
  • [ASTERISK-24468] - Incoming UCS2 encoded SMS truncated if SMS length exceeds 50 (roughly) national symbols
  • [ASTERISK-24469] - Security Vulnerability: Mixed IPv4/IPv6 ACLs allow blocked addresses through
  • [ASTERISK-24492] - main/file.c: ast_filestream sometimes causes extra calls to ast_module_unref
  • [ASTERISK-24500] - Regression introduced in chan_mgcp by SVN revision r227276
  • [ASTERISK-24502] - Build fails when dev-mode, dont optimize and coverage are enabled
  • [ASTERISK-24504] - chan_console: Fix reference leaks to pvt
  • [ASTERISK-24505] - manager: http connections leak references
  • [ASTERISK-24516] - [patch]Asterisk segfaults when playing back voicemail under high concurrency with an IMAP backend
  • [ASTERISK-24522] - ConfBridge: delay occurs between kicking all endmarked users when last marked user leaves
  • [ASTERISK-24572] - [patch]App_meetme is loaded without its defaults when the configuration file is missing
  • [ASTERISK-24573] - [patch]Out of sync conversation recording when divided in multiple recordings

Improvement

  • [ASTERISK-24283] - [patch]Microseconds precision in the eventtime column in the cel_odbc module
  • [ASTERISK-24530] - [patch] app_record stripping 1/4 second from recordings
  • [ASTERISK-24577] - Speed up loopback switches by avoiding unneeded lookups

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0

Thank you for your continued support of Asterisk!


Pages

Subscribe to