[asterisk-users] Important security alert: update your dialplans now!
Tilghman Lesher
tlesher at digium.com
Mon Feb 15 08:48:20 CST 2010
On Monday 15 February 2010 03:37:24 Rob Hillis wrote:
> On 02/15/10 20:00, Randy R wrote:
> > Olle, this may be a stupid question, but shouldn't a native santitize
> > function be urgently added to the code base in all versions or change
> > the dialplan compîler to ignore dangerous characters?
>
> Whilst I agree with this, the unfortunate attitude we seem to get from
> Digium on most of these issues is "you can already do this in dialplan,
> therefore we don't need to invest any effort in it." The fact that a
> workaround may be quite difficult to implement properly doesn't come in
> to it. The most obvious example of this one is the deprecation and
> removal of chan_agent without any sort of replacement being introduced
> because "it's already possible to do in the dialplan".
Uh, chan_agent has been neither removed nor deprecated.
--
Tilghman Lesher
Digium, Inc. | Senior Software Developer
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list