From 4b77b570e6b0308118f1ad9596ba60456ed80834 Mon Sep 17 00:00:00 2001 From: Asterisk Development Team Date: Thu, 22 May 2025 16:00:51 +0000 Subject: [PATCH] Update for 22.4.1 --- .version | 2 +- CHANGES.html | 2 +- CHANGES.md | 2 +- ChangeLogs/ChangeLog-22.4.1.html | 66 ++++++++++++++++++++++++++++ ChangeLogs/ChangeLog-22.4.1.md | 75 ++++++++++++++++++++++++++++++++ README.html | 4 +- README.md | 2 +- 7 files changed, 147 insertions(+), 6 deletions(-) create mode 100644 ChangeLogs/ChangeLog-22.4.1.html create mode 100644 ChangeLogs/ChangeLog-22.4.1.md diff --git a/.version b/.version index 58a1f0907f..c2aa6d7687 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -22.4.0 +22.4.1 diff --git a/CHANGES.html b/CHANGES.html index 7e2212e2d9..f7083fdb5d 120000 --- a/CHANGES.html +++ b/CHANGES.html @@ -1 +1 @@ -ChangeLogs/ChangeLog-22.4.0.html \ No newline at end of file +ChangeLogs/ChangeLog-22.4.1.html \ No newline at end of file diff --git a/CHANGES.md b/CHANGES.md index 13259482c5..2648bb2cf1 120000 --- a/CHANGES.md +++ b/CHANGES.md @@ -1 +1 @@ -ChangeLogs/ChangeLog-22.4.0.md \ No newline at end of file +ChangeLogs/ChangeLog-22.4.1.md \ No newline at end of file diff --git a/ChangeLogs/ChangeLog-22.4.1.html b/ChangeLogs/ChangeLog-22.4.1.html new file mode 100644 index 0000000000..e5267d865a --- /dev/null +++ b/ChangeLogs/ChangeLog-22.4.1.html @@ -0,0 +1,66 @@ +ChangeLog for asterisk-22.4.1 +

Change Log for Release asterisk-22.4.1

+

Links:

+ +

Summary:

+ +

User Notes:

+ +

Upgrade Notes:

+

Commit Authors:

+ +

Issue and Commit Detail:

+

Closed Issues:

+ +

Commits By Author:

+ +

Commit List:

+ +

Commit Details:

+

asterisk.c: Add option to restrict shell access from remote consoles.

+

Author: George Joseph + Date: 2025-05-19

+

UserNote: A new asterisk.conf option 'disable_remote_console_shell' has + been added that, when set, will prevent remote consoles from executing + shell commands using the '!' prefix.

+

Resolves: #GHSA-c7p6-7mvq-8jq2

+

res_pjsip_messaging.c: Mask control characters in received From display name

+

Author: George Joseph + Date: 2025-03-24

+

Incoming SIP MESSAGEs will now have their From header's display name + sanitized by replacing any characters < 32 (space) with a space.

+

Resolves: #GHSA-2grh-7mhv-fcfw

+ diff --git a/ChangeLogs/ChangeLog-22.4.1.md b/ChangeLogs/ChangeLog-22.4.1.md new file mode 100644 index 0000000000..03c4a7701a --- /dev/null +++ b/ChangeLogs/ChangeLog-22.4.1.md @@ -0,0 +1,75 @@ + +## Change Log for Release asterisk-22.4.1 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.4.1.html) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.4.0...22.4.1) + - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-22.4.1.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) + +### Summary: + +- Commits: 2 +- Commit Authors: 1 +- Issues Resolved: 0 +- Security Advisories Resolved: 2 + - [GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): Using malformed From header can forge identity with ";" or NULL in name portion + - [GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): cli_permissions.conf: deny option does not work for disallowing shell commands + +### User Notes: + +- #### asterisk.c: Add option to restrict shell access from remote consoles. + A new asterisk.conf option 'disable_remote_console_shell' has + been added that, when set, will prevent remote consoles from executing + shell commands using the '!' prefix. + Resolves: #GHSA-c7p6-7mvq-8jq2 + + +### Upgrade Notes: + + +### Commit Authors: + +- George Joseph: (2) + +## Issue and Commit Detail: + +### Closed Issues: + + - !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion + - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands + +### Commits By Author: + +- #### George Joseph (2): + - res_pjsip_messaging.c: Mask control characters in received From display name + - asterisk.c: Add option to restrict shell access from remote consoles. + + +### Commit List: + +- asterisk.c: Add option to restrict shell access from remote consoles. +- res_pjsip_messaging.c: Mask control characters in received From display name + +### Commit Details: + +#### asterisk.c: Add option to restrict shell access from remote consoles. + Author: George Joseph + Date: 2025-05-19 + + UserNote: A new asterisk.conf option 'disable_remote_console_shell' has + been added that, when set, will prevent remote consoles from executing + shell commands using the '!' prefix. + + Resolves: #GHSA-c7p6-7mvq-8jq2 + +#### res_pjsip_messaging.c: Mask control characters in received From display name + Author: George Joseph + Date: 2025-03-24 + + Incoming SIP MESSAGEs will now have their From header's display name + sanitized by replacing any characters < 32 (space) with a space. + + Resolves: #GHSA-2grh-7mhv-fcfw + diff --git a/README.html b/README.html index 3c2ea71922..5113ef8db3 100644 --- a/README.html +++ b/README.html @@ -1,4 +1,4 @@ -Readme for asterisk-22.4.0 +Readme for asterisk-22.4.1

The Asterisk(R) Open Source PBX

By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
 Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.

 
If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.

 
-
Change Logs

+
Change Logs

 
 
 
NEW INSTALLATIONS

diff --git a/README.md b/README.md
index abf682c59f..9f595915ea 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.
 
 
-[Change Logs](ChangeLogs/ChangeLog-22.4.0.html)
+[Change Logs](ChangeLogs/ChangeLog-22.4.1.html)
 
 
 ### NEW INSTALLATIONS
-- 
2.47.3