The Asterisk Development Team would like to announce security release
Asterisk 23.2.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.2.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.2.2

Change Log for Release asterisk-23.2.2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 4
• Commit Authors: 2
• Issues Resolved: 0
• Security Advisories Resolved: 4
  • GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
  • GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
  • GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
  • GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

User Notes:

• ast_coredumper: check ast_debug_tools.conf permissions

  ast_debug_tools.conf must be owned by root and not be
  writable by other users or groups to be used by ast_coredumper or
  by ast_logescalator or ast_loggrabber when run as root.

Upgrade Notes:

• http.c: Change httpstatus to default disabled and sanitize output.

  To prevent possible security issues, the /httpstatus page
  served by the internal web server is now disabled by default. To explicitly
  enable it, set enable_status=yes in http.conf.

Developer Notes:

Commit Authors:

• George Joseph: (2)
• Mike Bradeen: (2)

Issue and Commit Detail:

Closed Issues:

• !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
• !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
• !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
• !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

Commits By Author:

• George Joseph (2):

• Mike Bradeen (2):

Commit List:

• xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
• ast_coredumper: check ast_debug_tools.conf permissions
• http.c: Change httpstatus to default disabled and sanitize output.
• ast_coredumper: create gdbinit file with restrictive permissions

Commit Details:

xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.

Author: George Joseph
Date: 2026-01-15

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

ast_coredumper: check ast_debug_tools.conf permissions

Author: Mike Bradeen
Date: 2026-01-15

Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.

Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.

Resolves: #GHSA-rvch-3jmx-3jf3

UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.

http.c: Change httpstatus to default disabled and sanitize output.

Author: George Joseph
Date: 2026-01-15

To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.

Resolves: #GHSA-v6hp-wh3r-cwxh

UpgradeNote: To prevent possible security issues, the /httpstatus page
served by the internal web server is now disabled by default. To explicitly
enable it, set enable_status=yes in http.conf.

ast_coredumper: create gdbinit file with restrictive permissions

Author: Mike Bradeen
Date: 2026-01-15

Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.

Resolves: #GHSA-xpc6-x892-v83c

The Asterisk Development Team would like to announce security release
Asterisk 21.12.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.12.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.12.1

Change Log for Release asterisk-21.12.1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 4
• Commit Authors: 2
• Issues Resolved: 0
• Security Advisories Resolved: 4
  • GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
  • GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
  • GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
  • GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

User Notes:

• ast_coredumper: check ast_debug_tools.conf permissions

  ast_debug_tools.conf must be owned by root and not be
  writable by other users or groups to be used by ast_coredumper or
  by ast_logescalator or ast_loggrabber when run as root.

Upgrade Notes:

• http.c: Change httpstatus to default disabled and sanitize output.

  To prevent possible security issues, the /httpstatus page
  served by the internal web server is now disabled by default. To explicitly
  enable it, set enable_status=yes in http.conf.

Developer Notes:

Commit Authors:

• George Joseph: (2)
• Mike Bradeen: (2)

Issue and Commit Detail:

Closed Issues:

• !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
• !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
• !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
• !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

Commits By Author:

• George Joseph (2):

• Mike Bradeen (2):

Commit List:

• xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
• ast_coredumper: check ast_debug_tools.conf permissions
• http.c: Change httpstatus to default disabled and sanitize output.
• ast_coredumper: create gdbinit file with restrictive permissions

Commit Details:

xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.

Author: George Joseph
Date: 2026-01-15

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

ast_coredumper: check ast_debug_tools.conf permissions

Author: Mike Bradeen
Date: 2026-01-15

Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.

Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.

Resolves: #GHSA-rvch-3jmx-3jf3

UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.

http.c: Change httpstatus to default disabled and sanitize output.

Author: George Joseph
Date: 2026-01-15

To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.

Resolves: #GHSA-v6hp-wh3r-cwxh

UpgradeNote: To prevent possible security issues, the /httpstatus page
served by the internal web server is now disabled by default. To explicitly
enable it, set enable_status=yes in http.conf.

ast_coredumper: create gdbinit file with restrictive permissions

Author: Mike Bradeen
Date: 2026-01-15

Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.

Resolves: #GHSA-xpc6-x892-v83c

The Asterisk Development Team would like to announce security release
Asterisk 22.8.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.8.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.8.2

Change Log for Release asterisk-22.8.2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 4
• Commit Authors: 2
• Issues Resolved: 0
• Security Advisories Resolved: 4
  • GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
  • GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
  • GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
  • GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

User Notes:

• ast_coredumper: check ast_debug_tools.conf permissions

  ast_debug_tools.conf must be owned by root and not be
  writable by other users or groups to be used by ast_coredumper or
  by ast_logescalator or ast_loggrabber when run as root.

Upgrade Notes:

• http.c: Change httpstatus to default disabled and sanitize output.

  To prevent possible security issues, the /httpstatus page
  served by the internal web server is now disabled by default. To explicitly
  enable it, set enable_status=yes in http.conf.

Developer Notes:

Commit Authors:

• George Joseph: (2)
• Mike Bradeen: (2)

Issue and Commit Detail:

Closed Issues:

• !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
• !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
• !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
• !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

Commits By Author:

• George Joseph (2):

• Mike Bradeen (2):

Commit List:

• xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
• ast_coredumper: check ast_debug_tools.conf permissions
• http.c: Change httpstatus to default disabled and sanitize output.
• ast_coredumper: create gdbinit file with restrictive permissions

Commit Details:

xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.

Author: George Joseph
Date: 2026-01-15

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

ast_coredumper: check ast_debug_tools.conf permissions

Author: Mike Bradeen
Date: 2026-01-15

Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.

Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.

Resolves: #GHSA-rvch-3jmx-3jf3

UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.

http.c: Change httpstatus to default disabled and sanitize output.

Author: George Joseph
Date: 2026-01-15

To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.

Resolves: #GHSA-v6hp-wh3r-cwxh

UpgradeNote: To prevent possible security issues, the /httpstatus page
served by the internal web server is now disabled by default. To explicitly
enable it, set enable_status=yes in http.conf.

ast_coredumper: create gdbinit file with restrictive permissions

Author: Mike Bradeen
Date: 2026-01-15

Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.

Resolves: #GHSA-xpc6-x892-v83c

The Asterisk Development Team would like to announce security release
Asterisk 20.18.2.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.18.2
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.18.2

Change Log for Release asterisk-20.18.2

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 4
• Commit Authors: 2
• Issues Resolved: 0
• Security Advisories Resolved: 4
  • GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
  • GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
  • GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
  • GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

User Notes:

• ast_coredumper: check ast_debug_tools.conf permissions

  ast_debug_tools.conf must be owned by root and not be
  writable by other users or groups to be used by ast_coredumper or
  by ast_logescalator or ast_loggrabber when run as root.

Upgrade Notes:

• http.c: Change httpstatus to default disabled and sanitize output.

  To prevent possible security issues, the /httpstatus page
  served by the internal web server is now disabled by default. To explicitly
  enable it, set enable_status=yes in http.conf.

Developer Notes:

Commit Authors:

• George Joseph: (2)
• Mike Bradeen: (2)

Issue and Commit Detail:

Closed Issues:

• !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
• !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
• !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
• !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

Commits By Author:

• George Joseph (2):

• Mike Bradeen (2):

Commit List:

• xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
• ast_coredumper: check ast_debug_tools.conf permissions
• http.c: Change httpstatus to default disabled and sanitize output.
• ast_coredumper: create gdbinit file with restrictive permissions

Commit Details:

xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.

Author: George Joseph
Date: 2026-01-15

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

ast_coredumper: check ast_debug_tools.conf permissions

Author: Mike Bradeen
Date: 2026-01-15

Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.

Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.

Resolves: #GHSA-rvch-3jmx-3jf3

UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.

http.c: Change httpstatus to default disabled and sanitize output.

Author: George Joseph
Date: 2026-01-15

To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.

Resolves: #GHSA-v6hp-wh3r-cwxh

UpgradeNote: To prevent possible security issues, the /httpstatus page
served by the internal web server is now disabled by default. To explicitly
enable it, set enable_status=yes in http.conf.

ast_coredumper: create gdbinit file with restrictive permissions

Author: Mike Bradeen
Date: 2026-01-15

Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.

Resolves: #GHSA-xpc6-x892-v83c

The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert9.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert9
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert9

Change Log for Release asterisk-certified-20.7-cert9

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 4
• Commit Authors: 2
• Issues Resolved: 0
• Security Advisories Resolved: 4
  • GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
  • GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
  • GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
  • GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

User Notes:

• ast_coredumper: check ast_debug_tools.conf permissions

  ast_debug_tools.conf must be owned by root and not be
  writable by other users or groups to be used by ast_coredumper or
  by ast_logescalator or ast_loggrabber when run as root.

Upgrade Notes:

• http.c: Change httpstatus to default disabled and sanitize output.

  To prevent possible security issues, the /httpstatus page
  served by the internal web server is now disabled by default. To explicitly
  enable it, set enable_status=yes in http.conf.

Developer Notes:

Commit Authors:

• George Joseph: (2)
• Mike Bradeen: (2)

Issue and Commit Detail:

Closed Issues:

• !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
• !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
• !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
• !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation

Commits By Author:

• George Joseph (2):

• Mike Bradeen (2):

Commit List:

• xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
• ast_coredumper: check ast_debug_tools.conf permissions
• http.c: Change httpstatus to default disabled and sanitize output.
• ast_coredumper: create gdbinit file with restrictive permissions

Commit Details:

xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.

Author: George Joseph
Date: 2026-01-15

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

ast_coredumper: check ast_debug_tools.conf permissions

Author: Mike Bradeen
Date: 2026-01-15

Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.

Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.

Resolves: #GHSA-rvch-3jmx-3jf3

UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.

http.c: Change httpstatus to default disabled and sanitize output.

Author: George Joseph
Date: 2026-01-15

To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.

Resolves: #GHSA-v6hp-wh3r-cwxh

UpgradeNote: To prevent possible security issues, the /httpstatus page
served by the internal web server is now disabled by default. To explicitly
enable it, set enable_status=yes in http.conf.

ast_coredumper: create gdbinit file with restrictive permissions

Author: Mike Bradeen
Date: 2026-01-15

Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.

Resolves: #GHSA-xpc6-x892-v83c

2026-02-04

nginx-1.28.2 stable and nginx-1.29.5 mainline versions have been released, with a fix for the SSL upstream injection vulnerability (CVE-2026-1642).

26.1 Snapshot 6 (known as 26.1-snapshot-6 in the launcher) is the sixth snapshot for Java Edition 26.1, released on February 3, 2026, which add new textures and models for the baby armadillo, bee, camel, fox, goat, llama, polar bear, and trader llama. It also includes many changes for data packs and resource packs. Full changelog: https://minecraft.wiki/Java_Edition_26.1-snapshot-6

The Asterisk Development Team would like to announce
the release of asterisk-23.2.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.2.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.2.1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.2.1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 1
• Commit Authors: 1
• Issues Resolved: 1
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• Sean Bright: (1)

Issue and Commit Detail:

Closed Issues:

• 1739: [bug]: Regression in 23.2.0 with regard to parsing fractional numbers when system locale is non-standard

Commits By Author:

• Sean Bright (1):

Commit List:

• asterisk.c: Use C.UTF-8 locale instead of relying on user's environment.

Commit Details:

asterisk.c: Use C.UTF-8 locale instead of relying on user's environment.

Author: Sean Bright
Date: 2026-01-23

Resolves: #1739

The Asterisk Development Team would like to announce
the release of asterisk-22.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.8.1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.8.1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 1
• Commit Authors: 1
• Issues Resolved: 1
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• Sean Bright: (1)

Issue and Commit Detail:

Closed Issues:

• 1739: [bug]: Regression in 23.2.0 with regard to parsing fractional numbers when system locale is non-standard

Commits By Author:

• Sean Bright (1):

Commit List:

• asterisk.c: Use C.UTF-8 locale instead of relying on user's environment.

Commit Details:

asterisk.c: Use C.UTF-8 locale instead of relying on user's environment.

Author: Sean Bright
Date: 2026-01-23

Resolves: #1739

The Asterisk Development Team would like to announce
the release of asterisk-20.18.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.18.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.18.1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.18.1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 1
• Commit Authors: 1
• Issues Resolved: 1
• Security Advisories Resolved: 0

User Notes:

Upgrade Notes:

Developer Notes:

Commit Authors:

• Sean Bright: (1)

Issue and Commit Detail:

Closed Issues:

• 1739: [bug]: Regression in 23.2.0 with regard to parsing fractional numbers when system locale is non-standard

Commits By Author:

• Sean Bright (1):

Commit List:

• asterisk.c: Use C.UTF-8 locale instead of relying on user's environment.

Commit Details:

asterisk.c: Use C.UTF-8 locale instead of relying on user's environment.

Author: Sean Bright
Date: 2026-01-23

Resolves: #1739

Download de Windows-versie voor 5 clients.

26.1 Snapshot 5 (known as 26.1-snapshot-5 in the launcher) is the fifth snapshot for Java Edition 26.1, released on January 27, 2026. Full changelog: https://minecraft.wiki/Java_Edition_26.1-snapshot-5

Download de Windows-versie voor 5 clients.

The Asterisk Development Team would like to announce
the release of asterisk-23.2.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.2.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.2.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.2.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 58
• Commit Authors: 20
• Issues Resolved: 41
• Security Advisories Resolved: 0

User Notes:

• chan_websocket.conf.sample: Fix category name.

  The category name in the chan_websocket.conf.sample file was
  incorrect. It should be "global" instead of "general".

• cli.c: Allow 'channel request hangup' to accept patterns.

  The 'channel request hangup' CLI command now accepts
  multiple channel names, POSIX Extended Regular Expressions, glob-like
  patterns, or a combination of all of them. See the CLI command 'core
  show help channel request hangup' for full details.

• res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command

  The AMI command sorcery memory cache populate will now
  return an error if there is an internal error performing the populate.
  The CLI command will display an error in this case as well.

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: Two new optional profile parameters have been added.

  • pidf_element_id which sets the value of the id attribute on the top-level
    PIDF-LO device, person or tuple elements.
  • device_id which sets the content of the <deviceID> element.
    Both parameters can include channel variables.

• res_pjsip_messaging: Add support for following 3xx redirects

  A new pjsip endpoint option follow_redirect_methods was added.
  This option is a comma-delimited, case-insensitive list of SIP methods
  for which SIP 3XX redirect responses are followed. An alembic upgrade
  script has been added for adding this new option to the Asterisk
  database.

• taskprocessors: Improve logging and add new cli options

  New CLI command has been added -
  core show taskprocessor name

• ccss: Add option to ccss.conf to globally disable it.

  A new "enabled" parameter has been added to ccss.conf. It defaults
  to "yes" to preserve backwards compatibility but CCSS is rarely used so
  setting "enabled = no" in the "general" section can save some unneeded channel
  locking operations and log message spam. Disabling ccss will also prevent
  the func_callcompletion and chan_dahdi modules from loading.

• Makefile: Add module-list-* targets.

  Try "make module-list-deprecated" to see what modules
  are on their way out the door.

• app_mixmonitor: Add 's' (skip) option to delay recording.

  This change introduces a new 's()' (skip) option to the MixMonitor
  application. Example:
  MixMonitor(${UNIQUEID}.wav,s(3))
  This skips recording for the first 3 seconds before writing audio to the file.
  Existing MixMonitor behavior remains unchanged when the 's' option is not used.

• app_queue.c: Only announce to head caller if announce_to_first_user

  When announce_to_first_user is false, no announcements are played to the head caller

Upgrade Notes:

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: In order to correct bugs in both code and
  documentation, the following changes to the parameters for GML geolocation
  locations are now in effect:

  • The documented but unimplemented crs (coordinate reference system) element
    has been added to the location_info parameter that indicates whether the 2d
    or 3d reference system is to be used. If the crs isn't valid for the shape
    specified, an error will be generated. The default depends on the shape
    specified.
  • The Circle, Ellipse and ArcBand shapes MUST use a 2d crs. If crs isn't
    specified, it will default to 2d for these shapes.
    The Sphere, Ellipsoid and Prism shapes MUST use a 3d crs. If crs isn't
    specified, it will default to 3d for these shapes.
    The Point and Polygon shapes may use either crs. The default crs is 2d
    however so if 3d positions are used, the crs must be explicitly set to 3d.
  • The geoloc show gml_shape_defs CLI command has been updated to show which
    coordinate reference systems are valid for each shape.
  • The pos3d element has been removed in favor of allowing the pos element
    to include altitude if the crs is 3d. The number of values in the pos
    element MUST be 2 if the crs is 2d and 3 if the crs is 3d. An error
    will be generated for any other combination.
  • The angle unit-of-measure for shapes that use angles should now be included
    in the respective parameter. The default is degrees. There were some
    inconsistent references to orientation_uom in some documentation but that
    parameter never worked and is now removed. See examples below.
    Examples...

    location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
    location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
    location_info = shape="Point", pos="39.0 -105.0"
    location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
                  semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
    pidf_element_id = ${CHANNEL(name)}-${EXTEN}
    device_id = mac:001122334455
    Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
  

• pjsip: Move from threadpool to taskpool

  The threadpool_* options in pjsip.conf have now
  been deprecated though they continue to be read and used.
  They have been replaced with taskpool options that give greater
  control over the underlying taskpool used for PJSIP. An alembic
  upgrade script has been added to add these options to realtime
  as well.

• app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.

  In an effort to reduce log spam, two normal progress
  "pickup attempted" log messages from app_directed_pickup have been changed
  from NOTICE to VERBOSE(3). This puts them on par with other normal
  dialplan progress messages.

Developer Notes:

• ccss: Add option to ccss.conf to globally disable it.

  A new API ast_is_cc_enabled() has been added. It should be
  used to ensure that CCSS is enabled before making any other ast_cc_* calls.

• chan_websocket: Add ability to place a MARK in the media stream.

  Apps can now send a MARK_MEDIA command with an optional
  correlation_id parameter to chan_websocket which will be placed in the
  media frame queue. When that frame is dequeued after all intervening media
  has been played to the core, chan_websocket will send a
  MEDIA_MARK_PROCESSED event to the app with the same correlation_id
  (if any).

• chan_websocket: Add capability for JSON control messages and events.

  The chan_websocket plain-text control and event messages are now
  deprecated (but remain the default) in favor of JSON formatted messages.
  See https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket for
  more information.
  A "transport_data" parameter has been added to the

Commit Authors:

• Alexei Gradinari: (1)
• C. Maj: (1)
• Daouda Taha: (1)
• George Joseph: (12)
• Joe Garlick: (2)
• Joshua C. Colp: (1)
• Justin T. Gibbs: (1)
• Kristian F. Høgh: (1)
• Maximilian Fridrich: (2)
• Michal Hajek: (1)
• Mike Bradeen: (2)
• Nathaniel Wesley Filardo: (1)
• Naveen Albert: (4)
• Paul Donald: (1)
• Peter Krall: (1)
• Sean Bright: (17)
• Sven Kube: (1)
• Tinet-mucw: (2)
• phoneben: (5)
• sarangr7: (1)

The Asterisk Development Team would like to announce
the release of asterisk-22.8.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.8.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.8.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.8.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 57
• Commit Authors: 19
• Issues Resolved: 40
• Security Advisories Resolved: 0

User Notes:

• chan_websocket.conf.sample: Fix category name.

  The category name in the chan_websocket.conf.sample file was
  incorrect. It should be "global" instead of "general".

• cli.c: Allow 'channel request hangup' to accept patterns.

  The 'channel request hangup' CLI command now accepts
  multiple channel names, POSIX Extended Regular Expressions, glob-like
  patterns, or a combination of all of them. See the CLI command 'core
  show help channel request hangup' for full details.

• res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command

  The AMI command sorcery memory cache populate will now
  return an error if there is an internal error performing the populate.
  The CLI command will display an error in this case as well.

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: Two new optional profile parameters have been added.

  • pidf_element_id which sets the value of the id attribute on the top-level
    PIDF-LO device, person or tuple elements.
  • device_id which sets the content of the <deviceID> element.
    Both parameters can include channel variables.

• res_pjsip_messaging: Add support for following 3xx redirects

  A new pjsip endpoint option follow_redirect_methods was added.
  This option is a comma-delimited, case-insensitive list of SIP methods
  for which SIP 3XX redirect responses are followed. An alembic upgrade
  script has been added for adding this new option to the Asterisk
  database.

• taskprocessors: Improve logging and add new cli options

  New CLI command has been added -
  core show taskprocessor name

• ccss: Add option to ccss.conf to globally disable it.

  A new "enabled" parameter has been added to ccss.conf. It defaults
  to "yes" to preserve backwards compatibility but CCSS is rarely used so
  setting "enabled = no" in the "general" section can save some unneeded channel
  locking operations and log message spam. Disabling ccss will also prevent
  the func_callcompletion and chan_dahdi modules from loading.

• Makefile: Add module-list-* targets.

  Try "make module-list-deprecated" to see what modules
  are on their way out the door.

• app_mixmonitor: Add 's' (skip) option to delay recording.

  This change introduces a new 's()' (skip) option to the MixMonitor
  application. Example:
  MixMonitor(${UNIQUEID}.wav,s(3))
  This skips recording for the first 3 seconds before writing audio to the file.
  Existing MixMonitor behavior remains unchanged when the 's' option is not used.

• app_queue.c: Only announce to head caller if announce_to_first_user

  When announce_to_first_user is false, no announcements are played to the head caller

Upgrade Notes:

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: In order to correct bugs in both code and
  documentation, the following changes to the parameters for GML geolocation
  locations are now in effect:

  • The documented but unimplemented crs (coordinate reference system) element
    has been added to the location_info parameter that indicates whether the 2d
    or 3d reference system is to be used. If the crs isn't valid for the shape
    specified, an error will be generated. The default depends on the shape
    specified.
  • The Circle, Ellipse and ArcBand shapes MUST use a 2d crs. If crs isn't
    specified, it will default to 2d for these shapes.
    The Sphere, Ellipsoid and Prism shapes MUST use a 3d crs. If crs isn't
    specified, it will default to 3d for these shapes.
    The Point and Polygon shapes may use either crs. The default crs is 2d
    however so if 3d positions are used, the crs must be explicitly set to 3d.
  • The geoloc show gml_shape_defs CLI command has been updated to show which
    coordinate reference systems are valid for each shape.
  • The pos3d element has been removed in favor of allowing the pos element
    to include altitude if the crs is 3d. The number of values in the pos
    element MUST be 2 if the crs is 2d and 3 if the crs is 3d. An error
    will be generated for any other combination.
  • The angle unit-of-measure for shapes that use angles should now be included
    in the respective parameter. The default is degrees. There were some
    inconsistent references to orientation_uom in some documentation but that
    parameter never worked and is now removed. See examples below.
    Examples...

    location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
    location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
    location_info = shape="Point", pos="39.0 -105.0"
    location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
                  semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
    pidf_element_id = ${CHANNEL(name)}-${EXTEN}
    device_id = mac:001122334455
    Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
  

• pjsip: Move from threadpool to taskpool

  The threadpool_* options in pjsip.conf have now
  been deprecated though they continue to be read and used.
  They have been replaced with taskpool options that give greater
  control over the underlying taskpool used for PJSIP. An alembic
  upgrade script has been added to add these options to realtime
  as well.

• app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.

  In an effort to reduce log spam, two normal progress
  "pickup attempted" log messages from app_directed_pickup have been changed
  from NOTICE to VERBOSE(3). This puts them on par with other normal
  dialplan progress messages.

Developer Notes:

• ccss: Add option to ccss.conf to globally disable it.

  A new API ast_is_cc_enabled() has been added. It should be
  used to ensure that CCSS is enabled before making any other ast_cc_* calls.

• chan_websocket: Add ability to place a MARK in the media stream.

  Apps can now send a MARK_MEDIA command with an optional
  correlation_id parameter to chan_websocket which will be placed in the
  media frame queue. When that frame is dequeued after all intervening media
  has been played to the core, chan_websocket will send a
  MEDIA_MARK_PROCESSED event to the app with the same correlation_id
  (if any).

• chan_websocket: Add capability for JSON control messages and events.

  The chan_websocket plain-text control and event messages are now
  deprecated (but remain the default) in favor of JSON formatted messages.
  See https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket for
  more information.
  A "transport_data" parameter has been added to the

Commit Authors:

• Alexei Gradinari: (1)
• C. Maj: (1)
• Daouda Taha: (1)
• George Joseph: (12)
• Joe Garlick: (2)
• Joshua C. Colp: (1)
• Justin T. Gibbs: (1)
• Kristian F. Høgh: (1)
• Maximilian Fridrich: (2)
• Michal Hajek: (1)
• Mike Bradeen: (2)
• Nathaniel Wesley Filardo: (1)
• Naveen Albert: (4)
• Peter Krall: (1)
• Sean Bright: (17)
• Sven Kube: (1)
• Tinet-mucw: (2)
• phoneben: (5)
• sarangr7: (1)

The Asterisk Development Team would like to announce
the release of asterisk-20.18.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.18.0
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.18.0

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.18.0

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 57
• Commit Authors: 20
• Issues Resolved: 40
• Security Advisories Resolved: 0

User Notes:

• chan_websocket.conf.sample: Fix category name.

  The category name in the chan_websocket.conf.sample file was
  incorrect. It should be "global" instead of "general".

• cli.c: Allow 'channel request hangup' to accept patterns.

  The 'channel request hangup' CLI command now accepts
  multiple channel names, POSIX Extended Regular Expressions, glob-like
  patterns, or a combination of all of them. See the CLI command 'core
  show help channel request hangup' for full details.

• res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command

  The AMI command sorcery memory cache populate will now
  return an error if there is an internal error performing the populate.
  The CLI command will display an error in this case as well.

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: Two new optional profile parameters have been added.

  • pidf_element_id which sets the value of the id attribute on the top-level
    PIDF-LO device, person or tuple elements.
  • device_id which sets the content of the <deviceID> element.
    Both parameters can include channel variables.

• res_pjsip_messaging: Add support for following 3xx redirects

  A new pjsip endpoint option follow_redirect_methods was added.
  This option is a comma-delimited, case-insensitive list of SIP methods
  for which SIP 3XX redirect responses are followed. An alembic upgrade
  script has been added for adding this new option to the Asterisk
  database.

• taskprocessors: Improve logging and add new cli options

  New CLI command has been added -
  core show taskprocessor name

• ccss: Add option to ccss.conf to globally disable it.

  A new "enabled" parameter has been added to ccss.conf. It defaults
  to "yes" to preserve backwards compatibility but CCSS is rarely used so
  setting "enabled = no" in the "general" section can save some unneeded channel
  locking operations and log message spam. Disabling ccss will also prevent
  the func_callcompletion and chan_dahdi modules from loading.

• Makefile: Add module-list-* targets.

  Try "make module-list-deprecated" to see what modules
  are on their way out the door.

• app_mixmonitor: Add 's' (skip) option to delay recording.

  This change introduces a new 's()' (skip) option to the MixMonitor
  application. Example:
  MixMonitor(${UNIQUEID}.wav,s(3))
  This skips recording for the first 3 seconds before writing audio to the file.
  Existing MixMonitor behavior remains unchanged when the 's' option is not used.

• app_queue.c: Only announce to head caller if announce_to_first_user

  When announce_to_first_user is false, no announcements are played to the head caller

Upgrade Notes:

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: In order to correct bugs in both code and
  documentation, the following changes to the parameters for GML geolocation
  locations are now in effect:

  • The documented but unimplemented crs (coordinate reference system) element
    has been added to the location_info parameter that indicates whether the 2d
    or 3d reference system is to be used. If the crs isn't valid for the shape
    specified, an error will be generated. The default depends on the shape
    specified.
  • The Circle, Ellipse and ArcBand shapes MUST use a 2d crs. If crs isn't
    specified, it will default to 2d for these shapes.
    The Sphere, Ellipsoid and Prism shapes MUST use a 3d crs. If crs isn't
    specified, it will default to 3d for these shapes.
    The Point and Polygon shapes may use either crs. The default crs is 2d
    however so if 3d positions are used, the crs must be explicitly set to 3d.
  • The geoloc show gml_shape_defs CLI command has been updated to show which
    coordinate reference systems are valid for each shape.
  • The pos3d element has been removed in favor of allowing the pos element
    to include altitude if the crs is 3d. The number of values in the pos
    element MUST be 2 if the crs is 2d and 3 if the crs is 3d. An error
    will be generated for any other combination.
  • The angle unit-of-measure for shapes that use angles should now be included
    in the respective parameter. The default is degrees. There were some
    inconsistent references to orientation_uom in some documentation but that
    parameter never worked and is now removed. See examples below.
    Examples...

    location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
    location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
    location_info = shape="Point", pos="39.0 -105.0"
    location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
                  semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
    pidf_element_id = ${CHANNEL(name)}-${EXTEN}
    device_id = mac:001122334455
    Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
  

• pjsip: Move from threadpool to taskpool

  The threadpool_* options in pjsip.conf have now
  been deprecated though they continue to be read and used.
  They have been replaced with taskpool options that give greater
  control over the underlying taskpool used for PJSIP. An alembic
  upgrade script has been added to add these options to realtime
  as well.

• app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.

  In an effort to reduce log spam, two normal progress
  "pickup attempted" log messages from app_directed_pickup have been changed
  from NOTICE to VERBOSE(3). This puts them on par with other normal
  dialplan progress messages.

Developer Notes:

• ccss: Add option to ccss.conf to globally disable it.

  A new API ast_is_cc_enabled() has been added. It should be
  used to ensure that CCSS is enabled before making any other ast_cc_* calls.

• chan_websocket: Add ability to place a MARK in the media stream.

  Apps can now send a MARK_MEDIA command with an optional
  correlation_id parameter to chan_websocket which will be placed in the
  media frame queue. When that frame is dequeued after all intervening media
  has been played to the core, chan_websocket will send a
  MEDIA_MARK_PROCESSED event to the app with the same correlation_id
  (if any).

• chan_websocket: Add capability for JSON control messages and events.

  The chan_websocket plain-text control and event messages are now
  deprecated (but remain the default) in favor of JSON formatted messages.
  See https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket for
  more information.
  A "transport_data" parameter has been added to the

Commit Authors:

• Alexei Gradinari: (1)
• C. Maj: (1)
• Daouda Taha: (1)
• Etienne Lessard: (1)
• George Joseph: (12)
• Joe Garlick: (2)
• Joshua C. Colp: (1)
• Justin T. Gibbs: (1)
• Kristian F. Høgh: (1)
• Maximilian Fridrich: (2)
• Michal Hajek: (1)
• Mike Bradeen: (2)
• Nathaniel Wesley Filardo: (1)
• Naveen Albert: (3)
• Peter Krall: (1)
• Sean Bright: (17)
• Sven Kube: (1)
• Tinet-mucw: (2)
• phoneben: (5)
• sarangr7: (1)

26.1 Snapshot 4 (known as 26.1-snapshot-4 in the launcher) is the fourth snapshot for Java Edition 26.1, released on January 20, 2026, which changes the models of baby horses, donkeys, and mules, as well as zombie and skeleton horses, adds new tags, and fixes bugs. Full changelog: https://minecraft.wiki/Java_Edition_26.1-snapshot-4

Download de Windows-versie voor 5 clients.

There is a new PHP release in town!

💾

💾

💾

There is a new PHP release in town!

💾

💾

💾

There is a new PHP release in town!

💾

💾

💾

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-23.2.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/23.2.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 23.2.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-23.2.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 57
• Commit Authors: 20
• Issues Resolved: 41
• Security Advisories Resolved: 0

User Notes:

• cli.c: Allow 'channel request hangup' to accept patterns.

  The 'channel request hangup' CLI command now accepts
  multiple channel names, POSIX Extended Regular Expressions, glob-like
  patterns, or a combination of all of them. See the CLI command 'core
  show help channel request hangup' for full details.

• res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command

  The AMI command sorcery memory cache populate will now
  return an error if there is an internal error performing the populate.
  The CLI command will display an error in this case as well.

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: Two new optional profile parameters have been added.

  • pidf_element_id which sets the value of the id attribute on the top-level
    PIDF-LO device, person or tuple elements.
  • device_id which sets the content of the <deviceID> element.
    Both parameters can include channel variables.

• res_pjsip_messaging: Add support for following 3xx redirects

  A new pjsip endpoint option follow_redirect_methods was added.
  This option is a comma-delimited, case-insensitive list of SIP methods
  for which SIP 3XX redirect responses are followed. An alembic upgrade
  script has been added for adding this new option to the Asterisk
  database.

• taskprocessors: Improve logging and add new cli options

  New CLI command has been added -
  core show taskprocessor name

• ccss: Add option to ccss.conf to globally disable it.

  A new "enabled" parameter has been added to ccss.conf. It defaults
  to "yes" to preserve backwards compatibility but CCSS is rarely used so
  setting "enabled = no" in the "general" section can save some unneeded channel
  locking operations and log message spam. Disabling ccss will also prevent
  the func_callcompletion and chan_dahdi modules from loading.

• Makefile: Add module-list-* targets.

  Try "make module-list-deprecated" to see what modules
  are on their way out the door.

• app_mixmonitor: Add 's' (skip) option to delay recording.

  This change introduces a new 's()' (skip) option to the MixMonitor
  application. Example:
  MixMonitor(${UNIQUEID}.wav,s(3))
  This skips recording for the first 3 seconds before writing audio to the file.
  Existing MixMonitor behavior remains unchanged when the 's' option is not used.

• app_queue.c: Only announce to head caller if announce_to_first_user

  When announce_to_first_user is false, no announcements are played to the head caller

Upgrade Notes:

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: In order to correct bugs in both code and
  documentation, the following changes to the parameters for GML geolocation
  locations are now in effect:

  • The documented but unimplemented crs (coordinate reference system) element
    has been added to the location_info parameter that indicates whether the 2d
    or 3d reference system is to be used. If the crs isn't valid for the shape
    specified, an error will be generated. The default depends on the shape
    specified.
  • The Circle, Ellipse and ArcBand shapes MUST use a 2d crs. If crs isn't
    specified, it will default to 2d for these shapes.
    The Sphere, Ellipsoid and Prism shapes MUST use a 3d crs. If crs isn't
    specified, it will default to 3d for these shapes.
    The Point and Polygon shapes may use either crs. The default crs is 2d
    however so if 3d positions are used, the crs must be explicitly set to 3d.
  • The geoloc show gml_shape_defs CLI command has been updated to show which
    coordinate reference systems are valid for each shape.
  • The pos3d element has been removed in favor of allowing the pos element
    to include altitude if the crs is 3d. The number of values in the pos
    element MUST be 2 if the crs is 2d and 3 if the crs is 3d. An error
    will be generated for any other combination.
  • The angle unit-of-measure for shapes that use angles should now be included
    in the respective parameter. The default is degrees. There were some
    inconsistent references to orientation_uom in some documentation but that
    parameter never worked and is now removed. See examples below.
    Examples...

    location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
    location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
    location_info = shape="Point", pos="39.0 -105.0"
    location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
                  semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
    pidf_element_id = ${CHANNEL(name)}-${EXTEN}
    device_id = mac:001122334455
    Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
  

• pjsip: Move from threadpool to taskpool

  The threadpool_* options in pjsip.conf have now
  been deprecated though they continue to be read and used.
  They have been replaced with taskpool options that give greater
  control over the underlying taskpool used for PJSIP. An alembic
  upgrade script has been added to add these options to realtime
  as well.

• app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.

  In an effort to reduce log spam, two normal progress
  "pickup attempted" log messages from app_directed_pickup have been changed
  from NOTICE to VERBOSE(3). This puts them on par with other normal
  dialplan progress messages.

Developer Notes:

• ccss: Add option to ccss.conf to globally disable it.

  A new API ast_is_cc_enabled() has been added. It should be
  used to ensure that CCSS is enabled before making any other ast_cc_* calls.

• chan_websocket: Add ability to place a MARK in the media stream.

  Apps can now send a MARK_MEDIA command with an optional
  correlation_id parameter to chan_websocket which will be placed in the
  media frame queue. When that frame is dequeued after all intervening media
  has been played to the core, chan_websocket will send a
  MEDIA_MARK_PROCESSED event to the app with the same correlation_id
  (if any).

• chan_websocket: Add capability for JSON control messages and events.

  The chan_websocket plain-text control and event messages are now
  deprecated (but remain the default) in favor of JSON formatted messages.
  See https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket for
  more information.
  A "transport_data" parameter has been added to the

Commit Authors:

• Alexei Gradinari: (1)
• C. Maj: (1)
• Daouda Taha: (1)
• George Joseph: (11)
• Joe Garlick: (2)
• Joshua C. Colp: (1)
• Justin T. Gibbs: (1)
• Kristian F. Høgh: (1)
• Maximilian Fridrich: (2)
• Michal Hajek: (1)
• Mike Bradeen: (2)
• Nathaniel Wesley Filardo: (1)
• Naveen Albert: (4)
• Paul Donald: (1)
• Peter Krall: (1)
• Sean Bright: (17)
• Sven Kube: (1)
• Tinet-mucw: (2)
• phoneben: (5)
• sarangr7: (1)

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-22.8.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.8.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.8.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-22.8.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 56
• Commit Authors: 19
• Issues Resolved: 40
• Security Advisories Resolved: 0

User Notes:

• cli.c: Allow 'channel request hangup' to accept patterns.

  The 'channel request hangup' CLI command now accepts
  multiple channel names, POSIX Extended Regular Expressions, glob-like
  patterns, or a combination of all of them. See the CLI command 'core
  show help channel request hangup' for full details.

• res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command

  The AMI command sorcery memory cache populate will now
  return an error if there is an internal error performing the populate.
  The CLI command will display an error in this case as well.

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: Two new optional profile parameters have been added.

  • pidf_element_id which sets the value of the id attribute on the top-level
    PIDF-LO device, person or tuple elements.
  • device_id which sets the content of the <deviceID> element.
    Both parameters can include channel variables.

• res_pjsip_messaging: Add support for following 3xx redirects

  A new pjsip endpoint option follow_redirect_methods was added.
  This option is a comma-delimited, case-insensitive list of SIP methods
  for which SIP 3XX redirect responses are followed. An alembic upgrade
  script has been added for adding this new option to the Asterisk
  database.

• taskprocessors: Improve logging and add new cli options

  New CLI command has been added -
  core show taskprocessor name

• ccss: Add option to ccss.conf to globally disable it.

  A new "enabled" parameter has been added to ccss.conf. It defaults
  to "yes" to preserve backwards compatibility but CCSS is rarely used so
  setting "enabled = no" in the "general" section can save some unneeded channel
  locking operations and log message spam. Disabling ccss will also prevent
  the func_callcompletion and chan_dahdi modules from loading.

• Makefile: Add module-list-* targets.

  Try "make module-list-deprecated" to see what modules
  are on their way out the door.

• app_mixmonitor: Add 's' (skip) option to delay recording.

  This change introduces a new 's()' (skip) option to the MixMonitor
  application. Example:
  MixMonitor(${UNIQUEID}.wav,s(3))
  This skips recording for the first 3 seconds before writing audio to the file.
  Existing MixMonitor behavior remains unchanged when the 's' option is not used.

• app_queue.c: Only announce to head caller if announce_to_first_user

  When announce_to_first_user is false, no announcements are played to the head caller

Upgrade Notes:

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: In order to correct bugs in both code and
  documentation, the following changes to the parameters for GML geolocation
  locations are now in effect:

  • The documented but unimplemented crs (coordinate reference system) element
    has been added to the location_info parameter that indicates whether the 2d
    or 3d reference system is to be used. If the crs isn't valid for the shape
    specified, an error will be generated. The default depends on the shape
    specified.
  • The Circle, Ellipse and ArcBand shapes MUST use a 2d crs. If crs isn't
    specified, it will default to 2d for these shapes.
    The Sphere, Ellipsoid and Prism shapes MUST use a 3d crs. If crs isn't
    specified, it will default to 3d for these shapes.
    The Point and Polygon shapes may use either crs. The default crs is 2d
    however so if 3d positions are used, the crs must be explicitly set to 3d.
  • The geoloc show gml_shape_defs CLI command has been updated to show which
    coordinate reference systems are valid for each shape.
  • The pos3d element has been removed in favor of allowing the pos element
    to include altitude if the crs is 3d. The number of values in the pos
    element MUST be 2 if the crs is 2d and 3 if the crs is 3d. An error
    will be generated for any other combination.
  • The angle unit-of-measure for shapes that use angles should now be included
    in the respective parameter. The default is degrees. There were some
    inconsistent references to orientation_uom in some documentation but that
    parameter never worked and is now removed. See examples below.
    Examples...

    location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
    location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
    location_info = shape="Point", pos="39.0 -105.0"
    location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
                  semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
    pidf_element_id = ${CHANNEL(name)}-${EXTEN}
    device_id = mac:001122334455
    Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
  

• pjsip: Move from threadpool to taskpool

  The threadpool_* options in pjsip.conf have now
  been deprecated though they continue to be read and used.
  They have been replaced with taskpool options that give greater
  control over the underlying taskpool used for PJSIP. An alembic
  upgrade script has been added to add these options to realtime
  as well.

• app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.

  In an effort to reduce log spam, two normal progress
  "pickup attempted" log messages from app_directed_pickup have been changed
  from NOTICE to VERBOSE(3). This puts them on par with other normal
  dialplan progress messages.

Developer Notes:

• ccss: Add option to ccss.conf to globally disable it.

  A new API ast_is_cc_enabled() has been added. It should be
  used to ensure that CCSS is enabled before making any other ast_cc_* calls.

• chan_websocket: Add ability to place a MARK in the media stream.

  Apps can now send a MARK_MEDIA command with an optional
  correlation_id parameter to chan_websocket which will be placed in the
  media frame queue. When that frame is dequeued after all intervening media
  has been played to the core, chan_websocket will send a
  MEDIA_MARK_PROCESSED event to the app with the same correlation_id
  (if any).

• chan_websocket: Add capability for JSON control messages and events.

  The chan_websocket plain-text control and event messages are now
  deprecated (but remain the default) in favor of JSON formatted messages.
  See https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket for
  more information.
  A "transport_data" parameter has been added to the

Commit Authors:

• Alexei Gradinari: (1)
• C. Maj: (1)
• Daouda Taha: (1)
• George Joseph: (11)
• Joe Garlick: (2)
• Joshua C. Colp: (1)
• Justin T. Gibbs: (1)
• Kristian F. Høgh: (1)
• Maximilian Fridrich: (2)
• Michal Hajek: (1)
• Mike Bradeen: (2)
• Nathaniel Wesley Filardo: (1)
• Naveen Albert: (4)
• Peter Krall: (1)
• Sean Bright: (17)
• Sven Kube: (1)
• Tinet-mucw: (2)
• phoneben: (5)
• sarangr7: (1)

The Asterisk Development Team would like to announce
release candidate 1 of asterisk-20.18.0.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.18.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.18.0-rc1

This release resolves issues reported by the community
and would have not been possible without your participation.

Thank You!

Change Log for Release asterisk-20.18.0-rc1

Links:

• Full ChangeLog
• GitHub Diff
• Tarball
• Downloads

Summary:

• Commits: 56
• Commit Authors: 20
• Issues Resolved: 40
• Security Advisories Resolved: 0

User Notes:

• cli.c: Allow 'channel request hangup' to accept patterns.

  The 'channel request hangup' CLI command now accepts
  multiple channel names, POSIX Extended Regular Expressions, glob-like
  patterns, or a combination of all of them. See the CLI command 'core
  show help channel request hangup' for full details.

• res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command

  The AMI command sorcery memory cache populate will now
  return an error if there is an internal error performing the populate.
  The CLI command will display an error in this case as well.

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: Two new optional profile parameters have been added.

  • pidf_element_id which sets the value of the id attribute on the top-level
    PIDF-LO device, person or tuple elements.
  • device_id which sets the content of the <deviceID> element.
    Both parameters can include channel variables.

• res_pjsip_messaging: Add support for following 3xx redirects

  A new pjsip endpoint option follow_redirect_methods was added.
  This option is a comma-delimited, case-insensitive list of SIP methods
  for which SIP 3XX redirect responses are followed. An alembic upgrade
  script has been added for adding this new option to the Asterisk
  database.

• taskprocessors: Improve logging and add new cli options

  New CLI command has been added -
  core show taskprocessor name

• ccss: Add option to ccss.conf to globally disable it.

  A new "enabled" parameter has been added to ccss.conf. It defaults
  to "yes" to preserve backwards compatibility but CCSS is rarely used so
  setting "enabled = no" in the "general" section can save some unneeded channel
  locking operations and log message spam. Disabling ccss will also prevent
  the func_callcompletion and chan_dahdi modules from loading.

• Makefile: Add module-list-* targets.

  Try "make module-list-deprecated" to see what modules
  are on their way out the door.

• app_mixmonitor: Add 's' (skip) option to delay recording.

  This change introduces a new 's()' (skip) option to the MixMonitor
  application. Example:
  MixMonitor(${UNIQUEID}.wav,s(3))
  This skips recording for the first 3 seconds before writing audio to the file.
  Existing MixMonitor behavior remains unchanged when the 's' option is not used.

• app_queue.c: Only announce to head caller if announce_to_first_user

  When announce_to_first_user is false, no announcements are played to the head caller

Upgrade Notes:

• res_geolocation: Fix multiple issues with XML generation.

  Geolocation: In order to correct bugs in both code and
  documentation, the following changes to the parameters for GML geolocation
  locations are now in effect:

  • The documented but unimplemented crs (coordinate reference system) element
    has been added to the location_info parameter that indicates whether the 2d
    or 3d reference system is to be used. If the crs isn't valid for the shape
    specified, an error will be generated. The default depends on the shape
    specified.
  • The Circle, Ellipse and ArcBand shapes MUST use a 2d crs. If crs isn't
    specified, it will default to 2d for these shapes.
    The Sphere, Ellipsoid and Prism shapes MUST use a 3d crs. If crs isn't
    specified, it will default to 3d for these shapes.
    The Point and Polygon shapes may use either crs. The default crs is 2d
    however so if 3d positions are used, the crs must be explicitly set to 3d.
  • The geoloc show gml_shape_defs CLI command has been updated to show which
    coordinate reference systems are valid for each shape.
  • The pos3d element has been removed in favor of allowing the pos element
    to include altitude if the crs is 3d. The number of values in the pos
    element MUST be 2 if the crs is 2d and 3 if the crs is 3d. An error
    will be generated for any other combination.
  • The angle unit-of-measure for shapes that use angles should now be included
    in the respective parameter. The default is degrees. There were some
    inconsistent references to orientation_uom in some documentation but that
    parameter never worked and is now removed. See examples below.
    Examples...

    location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
    location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
    location_info = shape="Point", pos="39.0 -105.0"
    location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
                  semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
    pidf_element_id = ${CHANNEL(name)}-${EXTEN}
    device_id = mac:001122334455
    Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
  

• pjsip: Move from threadpool to taskpool

  The threadpool_* options in pjsip.conf have now
  been deprecated though they continue to be read and used.
  They have been replaced with taskpool options that give greater
  control over the underlying taskpool used for PJSIP. An alembic
  upgrade script has been added to add these options to realtime
  as well.

• app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.

  In an effort to reduce log spam, two normal progress
  "pickup attempted" log messages from app_directed_pickup have been changed
  from NOTICE to VERBOSE(3). This puts them on par with other normal
  dialplan progress messages.

Developer Notes:

• ccss: Add option to ccss.conf to globally disable it.

  A new API ast_is_cc_enabled() has been added. It should be
  used to ensure that CCSS is enabled before making any other ast_cc_* calls.

• chan_websocket: Add ability to place a MARK in the media stream.

  Apps can now send a MARK_MEDIA command with an optional
  correlation_id parameter to chan_websocket which will be placed in the
  media frame queue. When that frame is dequeued after all intervening media
  has been played to the core, chan_websocket will send a
  MEDIA_MARK_PROCESSED event to the app with the same correlation_id
  (if any).

• chan_websocket: Add capability for JSON control messages and events.

  The chan_websocket plain-text control and event messages are now
  deprecated (but remain the default) in favor of JSON formatted messages.
  See https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket for
  more information.
  A "transport_data" parameter has been added to the

Commit Authors:

• Alexei Gradinari: (1)
• C. Maj: (1)
• Daouda Taha: (1)
• Etienne Lessard: (1)
• George Joseph: (11)
• Joe Garlick: (2)
• Joshua C. Colp: (1)
• Justin T. Gibbs: (1)
• Kristian F. Høgh: (1)
• Maximilian Fridrich: (2)
• Michal Hajek: (1)
• Mike Bradeen: (2)
• Nathaniel Wesley Filardo: (1)
• Naveen Albert: (3)
• Peter Krall: (1)
• Sean Bright: (17)
• Sven Kube: (1)
• Tinet-mucw: (2)
• phoneben: (5)
• sarangr7: (1)

Download de Windows-versie voor 5 clients.

2026-01-13

njs-0.9.5 version has been released, featuring native modules support for qjs engine in http and stream.

2025-12-23

nginx-1.28.1 stable version has been released.

2025-12-09

nginx-1.29.4 mainline version has been released, featuring HTTP/2 to backend and Encrypted ClientHello support.

2025-11-18

nginx-acme-0.3.0 version has been released.

2025-10-28

nginx-1.29.3 mainline version has been released.