chan_sip: Document a change to user-field encoding introduced with r303509

The change in question was added to improve compliance with RFC3261, but at
the time of commit, it wasn't adequately documented in the UPGRADE notes.

(closes issue ASTERISK-20561)
Reported by: Deniz
Review: https://reviewboard.asterisk.org/r/2177/
........

Merged revisions 375846 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 375847 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@375848 65c4cc65-6c06-0410-ace0-fbb531ad65f3

1 files changed, 9 insertions, 0 deletions

diff --git a/UPGRADE.txt b/UPGRADE.txt
index 3f19f2839..429709fc1 100644
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@@ -258,6 +258,15 @@ chan_sip:
  - Setting of HASH(SIP_CAUSE,<slave-channel-name>) on channels is now disabled
    by default. It can be enabled using the 'storesipcause' option. This feature
    has a significant performance penalty.
+ - In order to improve compliance with RFC 3261, SIP usernames are now properly
+   escaped when encoding reserved characters. Prior to this change, the use of
+   these characters in certain SIP settings affecting usernames could cause
+   injections of these characters in their raw form into SIP headers which could
+   in turn cause all sorts of nasty behaviors. All characters that are not
+   alphanumeric or are not contained in the the following lists specified by
+   RFC 3261 section 25.1 will be escaped as %XX when encoding a SIP username:
+    * mark: "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
+    * user-unreserved: "&" / "=" / "+" / "$" / "," / ";" / "?" / "/"
 
 UDPTL:
  - The default UDPTL port range in udptl.conf.sample differed from the defaults