6 thoughts on - Asterisk 13.19.0 Now Available

• Thank you very much for caring so much about security and bug fixes!

  But in this case, I am slightly worried. I saw the announcements for version 13 and version 15, but no announcement for version 14 yet. The website currently still offers 14.7.5 for download.

  Could this be one of the rare cases where 13 and 15 needed security fixes, but 14 didn’t?

  Thank you very much,

  Binarus

• These are normal bug fix releases, not security releases. As such 14 did not receive a release.

• Thanks for taking the time, but …

  Interesting. The announcements for 13.19.0 and 15.2.0 you have made here both list all issues which have been fixed in the section “Bugs fixed in this release”. However,

  ASTERISK-27480
  ASTERISK-27452
  ASTERISK-27337
  ASTERISK-27319

  seem to be security related (according to the short explanation texts in the announcements) and have been fixed both in 15.2.0 and 13.19.0.

  I am wondering why 14 does not suffer from them, or -if it suffers from them- why they are not considered security related there.

  I highly respect your work and don’t want to steal your time since I
  have probably seriously misunderstood something, but could you please shortly explain what the string “Security: ” (aka “(Security)” and with other wordings) at the beginning of the short explanation text for an issue exactly means?

  Thank you very much,

  Binarus

• See https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions for information regarding the release cycle.   It shows v14 went into security fix only mode on Sept 26 2017.

  —

• If you check those specific issues on JIRA you can see the specific releases they went into. They were also done in 14 as part of the past security releases so they were still fixed there. The script just may not have been run with the proper arguments to generate things correctly.

• I see. Thank you very much for explaining!

  I wish you a pleasant weekend,

  Binarus