The Asterisk Development Team has announced the releases of:
DAHDI-Linux-v2.7.0
DAHDI-Tools-v2.7.0
dahdi-linux-complete-2.7.0+2.7.0

This release is available for immediate download at:
http://downloads.asterisk.org/pub/telephony/dahdi-linux
http://downloads.asterisk.org/pub/telephony/dahdi-tools
http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete

In this release:
* Driving closer towards sysfs configuration of dahdi devices
* Experimental support to “pin” [1] specific span and channel numbers to specific device/local spans
* New wcte13xp base driver

[1] http://git.asterisk.org/gitweb/?p=dahdi/tools.git;a=commit;h=3d1fd71af2221b3f3e21274ba800619feec439e1

For a full list of changes in these releases, please see the shortlog at:
http://git.asterisk.org/gitweb/?p=dahdi/linux.git;a=shortlog;h=refs/tags/v2.7.0-rc1
http://git.asterisk.org/gitweb/?p=dahdi/tools.git;a=shortlog;h=refs/tags/v2.7.0-rc1

Issues found in this release can be reported in the DAHDI-Linux [1] and DAHDI-Tools [2] projects at https://issues.asterisk.org/jira

[1] https://issues.asterisk.org/jira/browse/DAHLIN
[2] https://issues.asterisk.org/jira/browse/DAHTOOL

Thank you for your continued support of Asterisk!

You may have noticed (or maybe not) that there have been several maintenance notifications for the asterisk.org community services this month. We are working hard to keep up the services running smoothly, and those notices are sent whenever we think our maintenance may interfere with the operation of any of the services.

So far, it’s been our policy that we send out a maintenance notification whenever we do anything other than the most minor maintenance on the services. You can usually read “may have intermittent availability” as “it should be available unless things go horribly wrong”.

We now realize that most of these notifications are just spam for most of the community. It is also cumbersome for us to send out the notifications every time we touch the services. Especially considering that the services are typically unavailable for at most a few minutes, if at all.

In an effort to reduce spam and make service availability more predictable, we’re changing the policy about when we send notifications about community service availability.

Starting on Monday, May 27th, we will have a regular maintenance window every Monday for one hour starting at 9:00 PM Central Time (that’s 02:00 UTC during daylight saving time in the summer, and 03:00 UTC during standard time). We will try to restrict the service impacting maintenance to that weekly window.

For the times where there might be a service interruption outside of that window (either when it needs to be coordinated with our colo provider, or if the maintenance will take longer than one hour), we will send notice of the impending service interruption to just the asterisk-announce mailing list[1].

This will help us in planning service upgrades and maintenance, and reduce the amount of unnecessary email for the community.

[1]: http://lists.digium.com/mailman/listinfo/asterisk-announce

— Digium’s Asterisk Development Team

The Asterisk Development Team has announced the release of Asterisk 11.4.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.4.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you!

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0

Thank you for your continued support of Asterisk!

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, and 11.2.2.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolve the following issues:

• A possible buffer overflow during H.264 format negotiation. The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP. This vulnerability only affected Asterisk 11. * A denial o f service exists in Asterisk’s HTTP server. AST-2012-014, fixed in January of this year, contained a fix for Asterisk’s HTTP server for a r remotely-triggered crash. While the fix prevented the crash from being triggered, a denial of service vector still exists with that solution if an attacker sends one or more HTTP POST requests with very large Content-Length values.This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
• A potential username disclosure exists in the SIP channel driver. When authenticating a SIP request with alwaysauthreject enabled, allowguest disabled , and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

Thank you for your continued support of Asterisk!

We felt that it would be good to let you know about some minor changes happening with our community services.

For quite some time, we’ve had a consolidated authentication server for most of our community services. This means that you use the same username and password for issues.asterisk.org, wiki.asterisk.org and code.asterisk.org. ReviewBoard (reviewboard.asterisk.org) still uses its own internal authentecation, but we plan to migrate it some day.

To make this more obvious, and to streamline account creation, we now have a single place for creating asterisk.org community accounts:

signup.asterisk.org.

Existing accounts will be unaffected; we’ve only changed how you sign up for a new account. If you have any issues with the new signup service, please contact us at asteriskteam@digium.com.

Thank you for your support!

– Digium’s Asterisk Development Team