chan_sip: Document a change to user-field encoding introduced with r303509

The change in question was added to improve compliance with RFC3261, but at the time of commit, it wasn't adequately documented in the UPGRADE notes. (closes issue ASTERISK-20561) Reported by: Deniz Review: https://reviewboard.asterisk.org/r/2177/ ........ Merged revisions 375846 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@375847 65c4cc65-6c06-0410-ace0-fbb531ad65f3
13 years ago · 1d054dbbba
parent 769d9aa259
commit 1d054dbbba
1 changed files with 9 additions and 0 deletions
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@ -223,6 +223,15 @@ chan_sip:
 - Setting of HASH(SIP_CAUSE,<slave-channel-name>) on channels is now disabled
   by default. It can be enabled using the 'storesipcause' option. This feature
   has a significant performance penalty.
+ - In order to improve compliance with RFC 3261, SIP usernames are now properly
+   escaped when encoding reserved characters. Prior to this change, the use of
+   these characters in certain SIP settings affecting usernames could cause
+   injections of these characters in their raw form into SIP headers which could
+   in turn cause all sorts of nasty behaviors. All characters that are not
+   alphanumeric or are not contained in the the following lists specified by
+   RFC 3261 section 25.1 will be escaped as %XX when encoding a SIP username:
+    * mark: "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
+    * user-unreserved: "&" / "=" / "+" / "$" / "," / ";" / "?" / "/"

 UDPTL:
 - The default UDPTL port range in udptl.conf.sample differed from the defaults