[asterisk-dev] asterisk release 21.0.1
Asterisk Development Team
asteriskteamsa at sangoma.com
Thu Dec 14 14:04:20 CST 2023
The Asterisk Development Team would like to announce security release
Asterisk 21.0.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.0.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f)
- [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq)
- [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7)
- [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh)
Change Log for Release asterisk-21.0.1
========================================
Links:
----------------------------------------
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.0.1.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.0.0...21.0.1)
- [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.0.1.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
Summary:
----------------------------------------
- res_pjsip_header_funcs: Duplicate new header value, don't copy.
- res_pjsip: disable raw bad packet logging
- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
- manager.c: Prevent path traversal with GetConfig.
User Notes:
----------------------------------------
- ### http.c: Minor simplification to HTTP status output.
For bound addresses, the HTTP status page now combines the bound
address and bound port in a single line. Additionally, the SSL bind
address has been renamed to TLS.
Upgrade Notes:
----------------------------------------
- ### chan_sip: Remove deprecated module.
This module was deprecated in Asterisk 17
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
- ### res_monitor: Remove deprecated module.
This module was deprecated in Asterisk 16
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
This also removes the 'w' and 'W' options
for app_queue.
MixMonitor should be default and only option
for all settings that previously used either
Monitor or MixMonitor.
- ### app_osplookup: Remove deprecated module.
This module was deprecated in Asterisk 19
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
- ### app_cdr: Remove deprecated application and option.
The previously deprecated NoCDR application has been removed.
Additionally, the previously deprecated 'e' option to the ResetCDR
application has been removed.
- ### chan_skinny: Remove deprecated module.
This module was deprecated in Asterisk 19
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
- ### chan_mgcp: Remove deprecated module.
This module was deprecated in Asterisk 19
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
- ### translate.c: Prefer better codecs upon translate ties.
When setting up translation between two codecs the quality was not taken into account,
resulting in suboptimal translation. The quality is now taken into account,
which can reduce the number of translation steps required, and improve the resulting quality.
- ### app_macro: Remove deprecated module.
This module was deprecated in Asterisk 16
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
For most modules that interacted with app_macro,
this change is limited to no longer looking for
the current context from the macrocontext when set.
The following modules have additional impacts:
app_dial - no longer supports M^ connected/redirecting macro
app_minivm - samples written using macro will no longer work.
The sample needs to be re-written
app_queue - can no longer call a macro on the called party's
channel. Use gosub which is currently supported
ccss - no callback macro, gosub only
app_voicemail - no macro support
channel - remove macrocontext and priority, no connected
line or redirection macro options
options - stdexten is deprecated to gosub as the default
and only options
pbx - removed macrolock
pbx_dundi - no longer look for macro
snmp - removed macro context, exten, and priority
- ### chan_alsa: Remove deprecated module.
This module was deprecated in Asterisk 19
and is now being removed in accordance with
the Asterisk Module Deprecation policy.
- ### pbx_builtins: Remove deprecated and defunct functionality.
The previously deprecated ImportVar and SetAMAFlags
applications have now been removed.
Closed Issues:
----------------------------------------
None
More information about the asterisk-dev
mailing list