mirror of https://github.com/asterisk/asterisk
Asterisk Development Team
9 months ago
parent
bbe68db10a
commit
81bfe0a62b
@ -1 +1 @@
|
|||||||
ChangeLogs/ChangeLog-20.9.1.md
|
ChangeLogs/ChangeLog-20.9.2.md
|
||||||
@ -0,0 +1,65 @@
|
|||||||
|
|
||||||
|
## Change Log for Release asterisk-20.9.2
|
||||||
|
|
||||||
|
### Links:
|
||||||
|
|
||||||
|
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.9.2.md)
|
||||||
|
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.9.1...20.9.2)
|
||||||
|
- [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.9.2.tar.gz)
|
||||||
|
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
|
||||||
|
|
||||||
|
### Summary:
|
||||||
|
|
||||||
|
- Commits: 1
|
||||||
|
- Commit Authors: 1
|
||||||
|
- Issues Resolved: 0
|
||||||
|
- Security Advisories Resolved: 1
|
||||||
|
- [GHSA-c4cg-9275-6w44](https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44): Write=originate, is sufficient permissions for code execution / System() dialplan
|
||||||
|
|
||||||
|
### User Notes:
|
||||||
|
|
||||||
|
|
||||||
|
### Upgrade Notes:
|
||||||
|
|
||||||
|
|
||||||
|
### Commit Authors:
|
||||||
|
|
||||||
|
- George Joseph: (1)
|
||||||
|
|
||||||
|
## Issue and Commit Detail:
|
||||||
|
|
||||||
|
### Closed Issues:
|
||||||
|
|
||||||
|
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
|
||||||
|
|
||||||
|
### Commits By Author:
|
||||||
|
|
||||||
|
- #### George Joseph (1):
|
||||||
|
- manager.c: Add entries to Originate blacklist
|
||||||
|
|
||||||
|
|
||||||
|
### Commit List:
|
||||||
|
|
||||||
|
- manager.c: Add entries to Originate blacklist
|
||||||
|
|
||||||
|
### Commit Details:
|
||||||
|
|
||||||
|
#### manager.c: Add entries to Originate blacklist
|
||||||
|
Author: George Joseph
|
||||||
|
Date: 2024-07-22
|
||||||
|
|
||||||
|
Added Reload and DBdeltree to the list of dialplan application that
|
||||||
|
can't be executed via the Originate manager action without also
|
||||||
|
having write SYSTEM permissions.
|
||||||
|
|
||||||
|
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
|
||||||
|
functions that can't be executed via the Originate manager action
|
||||||
|
without also having write SYSTEM permissions.
|
||||||
|
|
||||||
|
If the Queue application is attempted to be run by the Originate
|
||||||
|
manager action and an AGI parameter is specified in the app data,
|
||||||
|
it'll be rejected unless the manager user has either the AGI or
|
||||||
|
SYSTEM permissions.
|
||||||
|
|
||||||
|
Resolves: #GHSA-c4cg-9275-6w44
|
||||||
|
|
||||||
Loading…
Reference in new issue