diff options
| -rw-r--r-- | UPGRADE.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/UPGRADE.txt b/UPGRADE.txt index 3f19f2839..429709fc1 100644 --- a/UPGRADE.txt +++ b/UPGRADE.txt @@ -258,6 +258,15 @@ chan_sip: - Setting of HASH(SIP_CAUSE,<slave-channel-name>) on channels is now disabled by default. It can be enabled using the 'storesipcause' option. This feature has a significant performance penalty. + - In order to improve compliance with RFC 3261, SIP usernames are now properly + escaped when encoding reserved characters. Prior to this change, the use of + these characters in certain SIP settings affecting usernames could cause + injections of these characters in their raw form into SIP headers which could + in turn cause all sorts of nasty behaviors. All characters that are not + alphanumeric or are not contained in the the following lists specified by + RFC 3261 section 25.1 will be escaped as %XX when encoding a SIP username: + * mark: "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")" + * user-unreserved: "&" / "=" / "+" / "$" / "," / ";" / "?" / "/" UDPTL: - The default UDPTL port range in udptl.conf.sample differed from the defaults |