-ChangeLogs/ChangeLog-21.9.0.html
\ No newline at end of file
+ChangeLogs/ChangeLog-21.9.1.html
\ No newline at end of file
-ChangeLogs/ChangeLog-21.9.0.md
\ No newline at end of file
+ChangeLogs/ChangeLog-21.9.1.md
\ No newline at end of file
--- /dev/null
+<html><head><title>ChangeLog for asterisk-21.9.1</title></head><body>
+<h2>Change Log for Release asterisk-21.9.1</h2>
+<h3>Links:</h3>
+<ul>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.9.1.html">Full ChangeLog</a> </li>
+<li><a href="https://github.com/asterisk/asterisk/compare/21.9.0...21.9.1">GitHub Diff</a> </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.9.1.tar.gz">Tarball</a> </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk">Downloads</a> </li>
+</ul>
+<h3>Summary:</h3>
+<ul>
+<li>Commits: 2</li>
+<li>Commit Authors: 1</li>
+<li>Issues Resolved: 0</li>
+<li>Security Advisories Resolved: 2</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw">GHSA-2grh-7mhv-fcfw</a>: Using malformed From header can forge identity with ";" or NULL in name portion</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2">GHSA-c7p6-7mvq-8jq2</a>: cli_permissions.conf: deny option does not work for disallowing shell commands</li>
+</ul>
+<h3>User Notes:</h3>
+<ul>
+<li>
+<h4>asterisk.c: Add option to restrict shell access from remote consoles.</h4>
+ A new asterisk.conf option 'disable_remote_console_shell' has
+ been added that, when set, will prevent remote consoles from executing
+ shell commands using the '!' prefix.
+ Resolves: #GHSA-c7p6-7mvq-8jq2</li>
+</ul>
+<h3>Upgrade Notes:</h3>
+<h3>Commit Authors:</h3>
+<ul>
+<li>George Joseph: (2)</li>
+</ul>
+<h2>Issue and Commit Detail:</h2>
+<h3>Closed Issues:</h3>
+<ul>
+<li>!GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion</li>
+<li>!GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands</li>
+</ul>
+<h3>Commits By Author:</h3>
+<ul>
+<li>
+<h4>George Joseph (2):</h4>
+</li>
+<li>res_pjsip_messaging.c: Mask control characters in received From display name</li>
+<li>asterisk.c: Add option to restrict shell access from remote consoles.</li>
+</ul>
+<h3>Commit List:</h3>
+<ul>
+<li>asterisk.c: Add option to restrict shell access from remote consoles.</li>
+<li>res_pjsip_messaging.c: Mask control characters in received From display name</li>
+</ul>
+<h3>Commit Details:</h3>
+<h4>asterisk.c: Add option to restrict shell access from remote consoles.</h4>
+<p>Author: George Joseph
+ Date: 2025-05-19</p>
+<p>UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
+ been added that, when set, will prevent remote consoles from executing
+ shell commands using the '!' prefix.</p>
+<p>Resolves: #GHSA-c7p6-7mvq-8jq2</p>
+<h4>res_pjsip_messaging.c: Mask control characters in received From display name</h4>
+<p>Author: George Joseph
+ Date: 2025-03-24</p>
+<p>Incoming SIP MESSAGEs will now have their From header's display name
+ sanitized by replacing any characters < 32 (space) with a space.</p>
+<p>Resolves: #GHSA-2grh-7mhv-fcfw</p>
+</body></html>
--- /dev/null
+
+## Change Log for Release asterisk-21.9.1
+
+### Links:
+
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.9.1.html)
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.9.0...21.9.1)
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.9.1.tar.gz)
+ - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
+
+### Summary:
+
+- Commits: 2
+- Commit Authors: 1
+- Issues Resolved: 0
+- Security Advisories Resolved: 2
+ - [GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): Using malformed From header can forge identity with ";" or NULL in name portion
+ - [GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): cli_permissions.conf: deny option does not work for disallowing shell commands
+
+### User Notes:
+
+- #### asterisk.c: Add option to restrict shell access from remote consoles.
+ A new asterisk.conf option 'disable_remote_console_shell' has
+ been added that, when set, will prevent remote consoles from executing
+ shell commands using the '!' prefix.
+ Resolves: #GHSA-c7p6-7mvq-8jq2
+
+
+### Upgrade Notes:
+
+
+### Commit Authors:
+
+- George Joseph: (2)
+
+## Issue and Commit Detail:
+
+### Closed Issues:
+
+ - !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion
+ - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands
+
+### Commits By Author:
+
+- #### George Joseph (2):
+ - res_pjsip_messaging.c: Mask control characters in received From display name
+ - asterisk.c: Add option to restrict shell access from remote consoles.
+
+
+### Commit List:
+
+- asterisk.c: Add option to restrict shell access from remote consoles.
+- res_pjsip_messaging.c: Mask control characters in received From display name
+
+### Commit Details:
+
+#### asterisk.c: Add option to restrict shell access from remote consoles.
+ Author: George Joseph
+ Date: 2025-05-19
+
+ UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
+ been added that, when set, will prevent remote consoles from executing
+ shell commands using the '!' prefix.
+
+ Resolves: #GHSA-c7p6-7mvq-8jq2
+
+#### res_pjsip_messaging.c: Mask control characters in received From display name
+ Author: George Joseph
+ Date: 2025-03-24
+
+ Incoming SIP MESSAGEs will now have their From header's display name
+ sanitized by replacing any characters < 32 (space) with a space.
+
+ Resolves: #GHSA-2grh-7mhv-fcfw
+
-<html><head><title>Readme for asterisk-21.9.0</title></head><body>
+<html><head><title>Readme for asterisk-21.9.1</title></head><body>
<h1>The Asterisk(R) Open Source PBX</h1>
<pre><code>By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
<p>If you are updating from a previous version of Asterisk, make sure you
read the Change Logs.</p>
<!-- CHANGELOGS (the URL will change based on the location of this README) -->
-<p><a href="ChangeLogs/ChangeLog-21.9.0.html">Change Logs</a></p>
+<p><a href="ChangeLogs/ChangeLog-21.9.1.html">Change Logs</a></p>
<!-- END-CHANGELOGS -->
<h3>NEW INSTALLATIONS</h3>
read the Change Logs.
<!-- CHANGELOGS (the URL will change based on the location of this README) -->
-[Change Logs](ChangeLogs/ChangeLog-21.9.0.html)
+[Change Logs](ChangeLogs/ChangeLog-21.9.1.html)
<!-- END-CHANGELOGS -->
### NEW INSTALLATIONS
projects / thirdparty / asterisk.git / commitdiff
