Merged revisions 375846 via svnmerge from

file:///srv/subversion/repos/asterisk/branches/10

........
  r375846 | jrose | 2012-11-05 11:55:13 -0600 (Mon, 05 Nov 2012) | 9 lines

  chan_sip: Document a change to user-field encoding introduced with r303509

  The change in question was added to improve compliance with RFC3261, but at
  the time of commit, it wasn't adequately documented in the UPGRADE notes.

  (closes issue ASTERISK-20561)
  Reported by: Deniz
  Review: https://reviewboard.asterisk.org/r/2177/
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10-digiumphones@375858 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/UPGRADE.txt b/UPGRADE.txt
index f9093646b2aee0a813bfef2e6bd6ec47cb351f20..2c748dfd78ed8a5799aa1574b2dac4796ea0666c 100644 (file)
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@@ -121,6 +121,15 @@ chan_sip:
  - Setting of HASH(SIP_CAUSE,<slave-channel-name>) on channels is now disabled
    by default. It can be enabled using the 'storesipcause' option. This feature
    has a significant performance penalty.
+ - In order to improve compliance with RFC 3261, SIP usernames are now properly
+   escaped when encoding reserved characters. Prior to this change, the use of
+   these characters in certain SIP settings affecting usernames could cause
+   injections of these characters in their raw form into SIP headers which could
+   in turn cause all sorts of nasty behaviors. All characters that are not
+   alphanumeric or are not contained in the the following lists specified by
+   RFC 3261 section 25.1 will be escaped as %XX when encoding a SIP username:
+    * mark: "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
+    * user-unreserved: "&" / "=" / "+" / "$" / "," / ";" / "?" / "/"
 
 UDPTL:
  - The default UDPTL port range in udptl.conf.sample differed from the defaults