This week, we’re pleased to say that we’ve updated the Asterisk 13, 15 and master branches’ bundled version of pjproject to 2.7.1.

This release contains a fix for an important security issue and we urge all users to upgrade accordingly.
http://downloads.asterisk.org/pub/security/AST-2017-009.html
https://issues.asterisk.org/jira/browse/ASTERISK-27319

Thanks to Youngsung Kim at LINE Corporation for finding and reporting the original issue.

Here’s a short recap of the steps we took to get here:

• All of the the patches we were applying to 2.6 were verified to be in 2.7.1 except 1 which we carried forward.
• We looked for any other functional or API changes that might affect how Asterisk uses pjproject.  We found none.
• We tested the build process looking for issues that might change how Asterisk compiles and links pjproject.  There were no issues.
• We ran the Asterisk Testsuite a few dozen times to make sure the functional tests still passed.
• Finally, for the first time, we were able to run stress tests to look for any new performance or stability issues that might have crept in.  We didn’t find any.

Of course we could have missed something, which is why it’s important for the community to test for themselves.  If you’re using the bundled version of pjproject, and you should be :), checkout the Asterisk 13 or 15 branch and test it in your environment.  If you build pjproject yourself, you can try it with recent Asterisk releases.

For more information related to Asterisk’s use of pjproject, visit Building and Installing pjproject on the Asterisk Wiki.