Asterisk News

Asterisk Releases

Asterisk 12.7.0-rc1 Now Available

Nov 3, 2014

The Asterisk Development Team has announced the first release candidate of Asterisk 12.7.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.7.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release candidate:

Bug

  • [ASTERISK-13797] - [patch] relax badshell tilde test
  • [ASTERISK-15879] - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-18923] - res_fax_spandsp usage counter is wrong
  • [ASTERISK-20567] - bashism in autosupport
  • [ASTERISK-20784] - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-22791] - asterisk sends Re-INVITE after receiving a BYE
  • [ASTERISK-22945] - [patch] Memory leaks in chan_sip.c with realtime peers
  • [ASTERISK-23768] - [patch] Asterisk man page contains a (new) unquoted minus sign
  • [ASTERISK-23781] - outgoing missing as enum from contrib/ast-db-manage/config
  • [ASTERISK-23846] - Unistim multilines. Loss of voice after second call drops (on a second line).
  • [ASTERISK-24011] - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM
  • [ASTERISK-24063] - [patch]Asterisk does not respect outbound proxy when sending qualify requests
  • [ASTERISK-24122] - Documentaton for res_pjsip option use_avpf needs to be fixed
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24195] - bridge_native_rtp: Removing mixmonitor from a native RTP capable smart bridge doesn't cause the bridge to resume being a native rtp bridge
  • [ASTERISK-24199] - 'ALL' is specified in pjsip.conf.sample for TLS cipher but it is not valid
  • [ASTERISK-24224] - When using Bridge() dialplan application, surrogate channel appears in list and call count is inflated.
  • [ASTERISK-24262] - AMI CoreShowChannel missing several output fields and event documentation
  • [ASTERISK-24295] - crash: creating out of dialog OPTIONS request crashes
  • [ASTERISK-24304] - asterisk crashing randomly because of unistim channel
  • [ASTERISK-24312] - SIGABRT when improperly configured realtime pjsip
  • [ASTERISK-24321] - SIP deadlock when running automated queues tests
  • [ASTERISK-24325] - res_calendar_ews: cannot be used with neon 0.30
  • [ASTERISK-24326] - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted
  • [ASTERISK-24327] - bridge_native_rtp: Smart bridge operation to softmix sometimes fails to properly re-INVITE remotely bridged participants
  • [ASTERISK-24335] - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls
  • [ASTERISK-24339] - Swagger API Docs have incorrect basePath
  • [ASTERISK-24348] - Built-in editline tab complete segfault with MALLOC_DEBUG
  • [ASTERISK-24350] - PJSIP shows commands prints unneeded headers
  • [ASTERISK-24354] - AMI sendMessage closes AMI connection on error
  • [ASTERISK-24356] - PJSIP: Directed pickup causes deadlock
  • [ASTERISK-24357] - [fax] Out of bounds error in update_modem_bits
  • [ASTERISK-24362] - res_hep leaks reference to configuration
  • [ASTERISK-24369] - res_pjsip: Large message on reliable transport can cause empty messages to be passed from the PJSIP stack up, causing crashes in multiple locations
  • [ASTERISK-24370] - res_pjsip/pjsip_options: OPTIONS request sent to Asterisk with no user in request is always 404'd
  • [ASTERISK-24378] - Release AMI connections on shutdown
  • [ASTERISK-24381] - res_pjsip_sdp_rtp: Declined media streams are interpreted, leading to erroneous 488 rejections
  • [ASTERISK-24382] - chan_pjsip: Calling PJSIP_MEDIA_OFFER on a non-PJSIP channel results in an invalid reference of a channel pvt and a FRACK
  • [ASTERISK-24383] - res_rtp_asterisk: Crash if no candidates received for component
  • [ASTERISK-24384] - chan_motif: format capabilities leak on module load error
  • [ASTERISK-24385] - chan_sip: process_sdp leaks on an error path
  • [ASTERISK-24387] - res_pjsip: rport sent from UAS MUST include the port that the UAC sent the request on
  • [ASTERISK-24392] - res_fax: fax gateway sessions leak
  • [ASTERISK-24393] - rtptimeout=0 doesn't disable rtptimeout
  • [ASTERISK-24394] - CDR: FRACK with PJSIP directed pickup.
  • [ASTERISK-24398] - Initialize auth_rejection_permanent on client state to the configuration parameter value
  • [ASTERISK-24406] - Some caller ID strings are parsed differently since 11.13.0
  • [ASTERISK-24411] - [patch] Status of outbound registration is not changed upon unregistering.
  • [ASTERISK-24415] - Missing AMI VarSet events when channels inherit variables.
  • [ASTERISK-24425] - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
  • [ASTERISK-24426] - CDR Batch mode: size used as time value after first expire
  • [ASTERISK-24430] - missing letter "p" in word response in OriginateResponse event documentation
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24437] - Review implementation of ast_bridge_impart for leaks and document proper usage
  • [ASTERISK-24453] - manager: acl_change_sub leaks
  • [ASTERISK-24454] - app_queue: ao2_iterator not destroyed, causing leak
  • [ASTERISK-24457] - res_fax: fax gateway frames leak
  • [ASTERISK-24462] - res_pjsip: Stale qualify statistics after disablementation
  • [ASTERISK-24466] - app_queue: fix a couple leaks to struct call_queue
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.7.0-rc1

Thank you for your continued support of Asterisk!


Asterisk 11.14.0-rc1 Now Available

Nov 3, 2014

The Asterisk Development Team has announced the first release candidate of Asterisk 11.14.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.14.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release candidate:

Bug

  • [ASTERISK-13797] - [patch] relax badshell tilde test
  • [ASTERISK-15879] - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-18923] - res_fax_spandsp usage counter is wrong
  • [ASTERISK-20567] - bashism in autosupport
  • [ASTERISK-20784] - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-22791] - asterisk sends Re-INVITE after receiving a BYE
  • [ASTERISK-22945] - [patch] Memory leaks in chan_sip.c with realtime peers
  • [ASTERISK-23768] - [patch] Asterisk man page contains a (new) unquoted minus sign
  • [ASTERISK-23846] - Unistim multilines. Loss of voice after second call drops (on a second line).
  • [ASTERISK-24011] - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM
  • [ASTERISK-24063] - [patch]Asterisk does not respect outbound proxy when sending qualify requests
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24304] - asterisk crashing randomly because of unistim channel
  • [ASTERISK-24325] - res_calendar_ews: cannot be used with neon 0.30
  • [ASTERISK-24326] - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted
  • [ASTERISK-24335] - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls
  • [ASTERISK-24348] - Built-in editline tab complete segfault with MALLOC_DEBUG
  • [ASTERISK-24354] - AMI sendMessage closes AMI connection on error
  • [ASTERISK-24357] - [fax] Out of bounds error in update_modem_bits
  • [ASTERISK-24378] - Release AMI connections on shutdown
  • [ASTERISK-24383] - res_rtp_asterisk: Crash if no candidates received for component
  • [ASTERISK-24384] - chan_motif: format capabilities leak on module load error
  • [ASTERISK-24385] - chan_sip: process_sdp leaks on an error path
  • [ASTERISK-24390] - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE
  • [ASTERISK-24392] - res_fax: fax gateway sessions leak
  • [ASTERISK-24393] - rtptimeout=0 doesn't disable rtptimeout
  • [ASTERISK-24406] - Some caller ID strings are parsed differently since 11.13.0
  • [ASTERISK-24425] - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
  • [ASTERISK-24430] - missing letter "p" in word response in OriginateResponse event documentation
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24454] - app_queue: ao2_iterator not destroyed, causing leak
  • [ASTERISK-24457] - res_fax: fax gateway frames leak
  • [ASTERISK-24466] - app_queue: fix a couple leaks to struct call_queue
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0-rc1

Thank you for your continued support of Asterisk!


Asterisk 1.8.32.0-rc1 Now Available

Nov 3, 2014

The Asterisk Development Team has announced the first release candidate of Asterisk 1.8.32.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.32.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release candidate:

Bug

  • [ASTERISK-13797] - [patch] relax badshell tilde test
  • [ASTERISK-15879] - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-18923] - res_fax_spandsp usage counter is wrong
  • [ASTERISK-20784] - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-22791] - asterisk sends Re-INVITE after receiving a BYE
  • [ASTERISK-22945] - [patch] Memory leaks in chan_sip.c with realtime peers
  • [ASTERISK-23768] - [patch] Asterisk man page contains a (new) unquoted minus sign
  • [ASTERISK-23846] - Unistim multilines. Loss of voice after second call drops (on a second line).
  • [ASTERISK-24011] - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM
  • [ASTERISK-24063] - [patch]Asterisk does not respect outbound proxy when sending qualify requests
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24325] - res_calendar_ews: cannot be used with neon 0.30
  • [ASTERISK-24335] - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls
  • [ASTERISK-24348] - Built-in editline tab complete segfault with MALLOC_DEBUG
  • [ASTERISK-24357] - [fax] Out of bounds error in update_modem_bits
  • [ASTERISK-24390] - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE
  • [ASTERISK-24393] - rtptimeout=0 doesn't disable rtptimeout
  • [ASTERISK-24406] - Some caller ID strings are parsed differently since 11.13.0
  • [ASTERISK-24425] - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0-rc1

Thank you for your continued support of Asterisk!


Asterisk 13.0.0 Now Available!

Oct 25, 2014

The Asterisk Development Team is pleased to announce the release of Asterisk 13.0.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk 13 is the next major release series of Asterisk. It is a Long Term Support (LTS) release, similar to Asterisk 11. For more information about support time lines for Asterisk releases, see the Asterisk versions page:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

For important information regarding upgrading to Asterisk 13, please see the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13

A short list of new features includes:

  • Asterisk security events are now provided via AMI, allowing end users to monitor their Asterisk system in real time for security related issues.
  • Both AMI and ARI now allow external systems to control the state of a mailbox. Using AMI actions or ARI resources, external systems can programmatically trigger Message Waiting Indicators (MWI) on subscribed phones. This is of particular use to those who want to build their own VoiceMail application using ARI.
  • ARI now supports the reception/transmission of out of call text messages using any supported channel driver/protocol stack through ARI. Users receive out of call text messages as JSON events over the ARI websocket connection, and can send out of call text messages using HTTP requests.
  • The PJSIP stack now supports RFC 4662 Resource Lists, allowing Asterisk to act as a Resource List Server. This includes defining lists of presence state, mailbox state, or lists of presence state/mailbox state; managing subscriptions to lists; and batched delivery of NOTIFY requests to subscribers.
  • The PJSIP stack can now be used as a means of distributing device state or mailbox state via PUBLISH requests to other Asterisk instances. This is analogous to Asterisk's clustering support using XMPP or Corosync; unlike existing clustering mechanisms, using the PJSIP stack to perform the distribution of state does not rely on another daemon or server to perform the work.

And much more!

More information about the new features can be found on the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation

A full list of all new features can also be found in the CHANGES file:

http://svnview.digium.com/svn/asterisk/branches/13/CHANGES

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0

Thank you for your continued support of Asterisk!


Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Release)

Oct 20, 2014

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert2, 11.6-cert7, 1.8.31.1, 11.13.1, 12.6.1, and 13.0.0-beta3.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerability:

  • AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
    Asterisk is susceptible to the POODLE vulnerability in two ways:
    1. The res_jabber and res_xmpp module both use SSLv3 exclusively for their encrypted connections.
    2. The core TLS handling in Asterisk, which is used by the chan_sip channel driver, Asterisk Manager Interface (AMI), and Asterisk HTTP Server, by default allow a TLS connection to fallback to SSLv3. This allows for a MITM to potentially force a connection to fallback to SSLv3, exposing it to the POODLE vulnerability.

These issues have been resolved in the versions released in conjunction with this security advisory. For more information about the details of this vulnerability, please read security advisory AST-2014-011, which was released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

The security advisory is available at:

Thank you for your continued support of Asterisk!


Pages

Subscribe to