There was a security fix for this module published in October 2024.
Currently the FreePBX install supports older versions of Asterisk that contain chan_sip. That’s WHY the GUI for chan_sip extensions still exists in FreePBX.
Whether or not Sangoma removes support for these older versions from FreePBX is up to them, obviously, but at the moment - they haven’t. Regardless of what you think is reasonable - I’m talking about what exists right NOW in FreePBX not what might exist in FreePBX version 18 or whatever newer version.
When Sangoma DOES remove chan_sip support in some future version of FreePBX it’s pretty obvious that since it’s FOSS that someone can fork that support as a patch that adds it back into a later FreePBX version if they want - which was, in fact, exactly what was done to chan_sip.
Tom, we had this all out last October in the following thread:
You posted to it, you knew perfectly well that OSS EPM was forked from the Bill S code and updated for php8, you just must have forgotten.
At the end of that thread, I posted instructions for loading OSS Endpoint manager into FreePBX 17.
I’ll have to look into that FreePBX security warning and see if it applies.
I will also stress this again: chan_sip currently lives here:
From it’s README file:
This version of chan_sip is primarily maintained by a community Asterisk developer
The usecallmanager patch is maintained by a DIFFERENT developer who includes the chan_sip patch in his callmanager patch - likely to prevent the first developer from modifying the fork of chan_sip to the point it’s not usable anymore by the usecallmanager patch. Although, to my knowledge that has not been done by the first developer.
I don’t know why the 2 developers don’t seem to cooperate more closely but as the saying goes not my circus not my monkeys. But whether or not they cooperate I’m sure both of them would respond to offers of money - which is as I keep pointing out, the difference between “FOSS support” and “real” support.
Now, that is VERY weird - because that link isn’t now going to the right place. The FPBX version of OSS EPM thread is actually here:
OSS Endpoint Manager keeps crashing - FreePBX / Applications / Modules - FreePBX Community Forums
I don’t know if that was my error in posting or if it was due to the forum crash but I figured I’d better update this post.
Note that the last fork I mentioned:
GitHub - vsc55/freepbx_endpointman
DOES have that security fix included.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.