/bridges/{bridgeId}/variable
/bridges/{bridgeId}/variables
Both Bridge and Channel variables can now be set with an optional 'report_events'
boolean flag that will cause those variables to be included on all events on that
object. The 'report_events' flag will default to False if not set to maintain
backwards capability.
To allow this, variables can now be either name value pairs (the current format):
<variable_name>: '<value_string>'or -
<variable_name>: {value: '<value_string>', report_events: [true|false]}
Added new ARI paths for getting and setting multiple channel variables at a time. For GET, this takes in a single string of comma-separated variable names, while POST takes in a dictionary of key value pairs. The behavior is the same as passing in variables when originating a channel.
A new stunaddr_reresolve_ttl_0 parameter has been added to rtp.conf
that allows control over what happens when a STUN server hostname lookup
returns a TTL of 0. The values can be set as follows:
rtp resolve stun hostname has been addedIf a called channel sends progress or wink and the caller begins sending digits but the callee answers and then hangs up before digit sending can finish, the call is now answered before being disconnected. If the callee hangs up without answering, the call now continues in the dialplan.
Bundled pjproject has been upgraded to 2.17. For more information about what is included in this release, see the pjproject Github page: https://github.com/pjsip/pjproject/releases/tag/2.17
PJSIP endpoints now support rtp_port_start and rtp_port_end options to configure a dedicated RTP port range per endpoint, overriding the global rtp.conf setting.
New optional modules res_stasis_broadcast.so and app_stasis_broadcast.so enable broadcasting an incoming channel to multiple ARI applications. The first application to successfully claim (via POST /ari/events/claim) wins channel control. StasisBroadcast() dialplan application initiates broadcasts. CallBroadcast and CallClaimed events notify applications. When modules are not loaded, behavior is unchanged.
CHANNEL(auth_method) can now be used to retrieve the auth method negotiated for a call on IAX2 channels.
New module res_pjsip_maintenance adds runtime maintenance
mode for PJSIP endpoints. Use "pjsip set maintenance
jansson has been upgraded to 2.15.0. For more information visit jansson Github page: https://github.com/akheron/jansson/releases/tag/v2.15.0
An alembic database migration has been added to add the rtp_port_start and rtp_port_end columns to the ps_endpoints table. Run "alembic upgrade head" to apply the schema change.
New public API: ast_rtp_instance_new_with_port_range() creates an RTP instance with a per-instance port range. ast_rtp_instance_get_port_start() and ast_rtp_instance_get_port_end() allow RTP engines to query the override. Third-party RTP engines can use these getters to support per-instance port ranges.
New public APIs in stasis_app_broadcast.h: stasis_app_broadcast_channel(), stasis_app_claim_channel(), stasis_app_broadcast_winner(), and stasis_app_broadcast_wait(). New ARI event types (CallBroadcast, CallClaimed) added to events.json. All code is isolated; no existing ABI modified.
ast_sip_session_supplement gains a new optional callback - int (session_create)(struct ast_sip_endpoint endpoint, const char *destination). It is called from the global supplement list (not per-session) at the start of ast_sip_session_create_outgoing() via ast_sip_session_check_supplement_create(). Returning non-zero blocks the outgoing session. Modules that need to gate outbound SIP session creation should register a supplement with this callback set rather than hooking into chan_pjsip directly.
The pjsua and pjsystest application binaries, the deprecated
Python pjsua bindings (_pjsua.so), and the asterisk_malloc_debug.c stub
implementations are no longer built or installed as part of the bundled
pjproject dev mode build. The PYTHONDEV (python2.7-dev) build dependency
is also removed. Developers who relied on the pjsua binary for Test Suite
SIP simulation should use SIPp instead, which is the current Asterisk Test
Suite standard.
Fixes: #1840
abstract_jb.c: Remove timerfd from channel when disabling jitter buffer
build: remove pjsua, pjsystest, Python bindings and asterisk_malloc_debug stubs from pjproject dev build
ARI: Added paths to get and set multiple channel variables.
tcptls.c: fix build with OpenSSL 4
chan_pjsip: Fix deadlock when endpoint set_var uses PJSIP_HEADER
res_pjsip_maintenance: Add PJSIP endpoint maintenance mode
__STDC_VERSION__ is not attempted for c++.res_pjsip_config_wizard: Trigger reloads from a pjsip servant thread
pjsip_configuration: Show actual dtls_verify config.
manager: Eliminate unnecessary code, simplify sessions in stasis callbacks
res_pjsip_messaging: Update To URI only if it is a SIP(S) URI
res_pjsip_outbound_registration: only update the Expires header if the value has changed
callerid: fix signed char causing crash in MDMF parser
chan_iax2: Add another check to abort frame handling if datalen < 0.
res_stasis/resource_bridges: Split bridge playback control and wrapper cleanup
make_xml_documentation: Remove temporary file on script exit.
res_pjsip_outbound_publish.c: Add more verbose documentation for outbound_proxy usage
translate.c: implement different sample_types for translation computation.
Upgrade bundled pjproject to 2.17.
res_audiosocket: Tolerate non-audio frame types
app_record: Fix hangup handling during beep playback
res_pjsip: Add per-endpoint RTP port range configuration
res_calendar: Fix build with libical 4.X
fix: backport pjproject stdatomic.h GCC 4.8 build failure patch
__STDC_VERSION__ is not attempted for c++.Author: George Joseph Date: 2026-06-03
Under certain timing/load conditions, res_ari_model may not load until after res_ari on startup or it might unload before res_ari on shutdown. This can cause a segfault when DEVMODE is enabled and there are persistent outbound websocket connections because DEVMODE forces validation of outgoing events against the models. To prevent this, res_ari_model has been added as an "optional_module" to res_ari's NODULE_INFO. This will enforce load/unload order but not make res_ari dependent on res_ari_model. However, if Asterisk is configured with --enable-dev-mode, res_ari will fail to load if res_ari_model isn't available.
Resolves: #1970
Author: Mike Bradeen Date: 2026-03-31
Adds the ability to attach multiple states to both Channels and Bridges in the form of variables that are included in all events on the associated object.
First, this adds an optional boolean field to channel variables 'report_events' that causes the variable to automatically be included in all events on that channel.
To allow this, variables can now be either name value pairs (the current format):
<variable_name>: '<value_string>'
- or -
<variable_name>: {value: '<value_string>', report_events: [true|false]}
If the old format is used or 'report_events' is not included, it will default to false and retain current behavior.
Second, this extends both reported and unreported variables to Bridges so they too may have stateful information.
Resolves: #1910
UserNote: Bridge variables now can be set and retrieved via the following paths:
/bridges/{bridgeId}/variable
/bridges/{bridgeId}/variables
Both Bridge and Channel variables can now be set with an optional 'report_events'
boolean flag that will cause those variables to be included on all events on that
object. The 'report_events' flag will default to False if not set to maintain
backwards capability.
To allow this, variables can now be either name value pairs (the current format):
<variable_name>: '<value_string>'
- or -
<variable_name>: {value: '<value_string>', report_events: [true|false]}
Author: Ben Ford Date: 2026-04-15
Two new paths exist for ARI to get and set multiple channel variables at the same time. This is done via GET and POST like the single get and set variable equivalents. Leading and trailing whitespace will be stripped from the variable names for both paths. When setting variables, the values will be read as-is, whitespace included. GET takes in a single string with comma-separated values, while POST takes in a dictionary of key value pairs. The code follows the same paths as when setting multiple variables when originating a channel via ARI.
UserNote: Added new ARI paths for getting and setting multiple channel variables at a time. For GET, this takes in a single string of comma-separated variable names, while POST takes in a dictionary of key value pairs. The behavior is the same as passing in variables when originating a channel.
Author: Bernd Kuhls Date: 2026-05-02
https://github.com/openssl/openssl/issues/29117
Signed-off-by: Bernd Kuhls bernd@kuhls.net
Resolves: #1952
Author: Bernd Kuhls Date: 2026-05-02
tcptls.c: In function '__ssl_setup': tcptls.c:417:52: error: implicit declaration of function 'SSLv3_client_method'; did you mean 'SSLv23_client_method'? [-Wimplicit-function-declaration] 417 | cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
SSLv3_client_method was removed from OpenSSL 4.0.0: https://github.com/openssl/openssl/blob/openssl-4.0.0/doc/man7/ossl-removed-api.pod?plain=1#L440
Signed-off-by: Bernd Kuhls bernd@kuhls.net
Resolves: #1952
Author: mikhail_grishak Date: 2026-05-26
libical 4.0 removed the icaltime_add() function in favor of icaltime_adjust(). Additionally, the callback signature for icalcomponent_foreach_recurrence() was updated to use a const pointer for the icaltime_span argument.
This commit adds conditional compilation using ICAL_MAJOR_VERSION to support both libical 3.X and the new 4.X API, ensuring backward compatibility.
Fixes: #1957
Author: UpBeta Date: 2026-05-23
When a hangup occurs while app_record is playing the initial beep, the application does not detect the hangup and continues running until the maxduration timeout expires.
Replace the manual ast_streamfile() + ast_waitstream() sequence with ast_stream_and_wait(), which properly detects hangup and returns non-zero, allowing the application to exit immediately with RECORD_STATUS set to HANGUP.
Resolves: #1950
Author: smtcbn Date: 2025-04-25
Avoids unnecessary prepare for simple INSERT statements that cause issues with ProxySQL (prepared statement counter overflow).
Resolves: #1217
Author: Alexander Bakker Date: 2026-05-20
Previously, the lingering timerfd would cause a tight loop if the channel enters a BridgeWait after the jitter buffer was disabled.
Fixes: #1762
Author: Sean Bright Date: 2026-05-26
The reference identifier (what the client provides - in this case a
hostname) must start with a domain label, not a ..
The current implementation will match .seanbright.com against
*.seanbright.com which is incorrect.
Author: George Joseph Date: 2026-05-20
If the channel is locked when calling ast_set_variables and any of the variables contained dialplan functions, there's a possiblilty of a deadlock. To prevent this, either the explicit locks were removed or the call to ast_set_variables moved out of the lock scope. A warning to not hold channel locks is also added to the documentation for ast_set_variables.
Resolves: #1936
Author: smtcbn Date: 2026-01-23
Under high concurrency, update_queue() may be invoked multiple times for the same call, causing member->calls and queue-level counters to be incremented more than once.
The existing starttime check is not atomic and allows concurrent execution paths to pass. Treat member->starttime as a single-use token and consume it via CAS to ensure the call is counted exactly once.
This also prevents incorrect call distribution when using strategies such as fewestcalls.
Observed as a regression after upgrading to 20.17.
Resolves: #1736
Author: George Joseph Date: 2026-05-21
When openr2 is installed mfcr2_show_links_of() is no longer ifdeffed out which makes gcc-16 complain with 'variable ‘x’ set but not used'.
Resolves: #1947
Author: Sebastian Jennen Date: 2026-03-06
This tests checks [slin -> codec -> slin] and then compares slin in vs out regarding signal noise ratio and delay.
Near-lossless codecs (ulaw, alaw) are checked with a maximum per-sample error bound. Lossy codecs are checked with a per-codec SNR threshold. Cross-correlation alignment compensates for algorithmic delay in codecs like speex and opus.
Covered codecs: ulaw, alaw, adpcm, g726, g726aal2, gsm, speex, speex16, speex32, ilbc, codec2, lpc10, g722, opus.
Resolves: #1812
Author: Sean Bright Date: 2026-05-20
Author: George Joseph Date: 2026-05-20
chan_websocket now tells res_http_websocket to accumulate incoming CONTINUATION frames into 1024 byte TEXT or BINARY frames.
Resolves: #1941
Author: George Joseph Date: 2026-05-19
AST_RTP_STAT_SET(AST_RTP_INSTANCE_STAT_LOCAL_STDEVMES, \
AST_RTP_INSTANCE_STAT_COMBINED_MES, stats->local_stdevmes, \
rtp->rtcp->stdev_rxjitter);
Should have been
AST_RTP_STAT_SET(AST_RTP_INSTANCE_STAT_LOCAL_STDEVMES, \
AST_RTP_INSTANCE_STAT_COMBINED_MES, stats->local_stdevmes, \
rtp->rtcp->stdev_rxmes);
Note the last macro parameter name.
Resolves: #1938
Author: Stanislav Abramenkov Date: 2026-05-13
UpgradeNote: jansson has been upgraded to 2.15.0. For more information visit jansson Github page: https://github.com/akheron/jansson/releases/tag/v2.15.0
Resolves: #1931
Author: George Joseph Date: 2026-05-12
The original trigger for setting the RTP stats in ast_softhangup() came from an ARI issue where stats weren't being set in time to be reported on STASIS_END events. The thought was that setting them in a common place like ast_softhangup() would ensure the stats were set in possibly other scenarios. Unfortunately, setting the RTP stats variables in ast_softhangup() broke ABI as it required that no channel locks be held which was not the case earlier.
Given that the original issue was ARI, we can move setting the stats to ast_ari_channels_hangup() in resource_channels just before it calls ast_softhangup(). This might not catch all cases of the stats not being set, but it won't break ABI or deadlock either.
Resolves: #1928
Author: George Joseph Date: 2026-05-05
If a hostname is specified for stunaddr in rtp.conf, periodic DNS resolution is enabled based on the TTL returned in the DNS results. If the TTL returned is 0, it means that the next time the IP address is needed, it must be looked up again. I.E. Don't cache. Historically (and incorrectly) however, res_rtp_asterisk stopped the periodic resolution and never re-resolved the hostname again.
Besides what's mentioned in the user notes...
* Additional debugging was added in various STUN/DNS functions.
* The rtp show settings CLI command shows more detailed STUN info.
* Some debugging was added to dns_core.c and dns_recurring.c.
UserNote: A new stunaddr_reresolve_ttl_0 parameter has been added to rtp.conf
that allows control over what happens when a STUN server hostname lookup
returns a TTL of 0. The values can be set as follows:
- 'no': This is the historical (and current default) behavior of not doing
any further lookups and continuing to use the last successful result until
Asterisk is restarted or rtp.conf is reloaded.
- 'yes': Use the last cached result for the current call but trigger
re-resolution in the background for the benefit of future calls.
If the result of the background lookup is a ttl > 0, periodic resolution
will be restarted otherwise the next call will use the new cached value
and will trigger a background lookup again.
UserNote: A new CLI command rtp resolve stun hostname has been added
that will force a resolution of the STUN hostname and (re)start periodic
resolution if the result has a TTL > 0.
Resolves: #1858
Author: Jaco Kroon Date: 2026-05-07
Rather than merely showing
dtls_verify : Yes/No
in pjsip show endpoint xxx it will now be shown what exactly is being checked, ie, one of:
dtls_verify : No dtls_verify : Fingerprint dtls_verify : Certificate dtls_verify : Yes
Where Yes implies both Fingerprint and Certificate.
Signed-off-by: Jaco Kroon jaco@uls.co.za
Author: Naveen Albert Date: 2026-05-05
If we are sending digits (either DTMF, MF, or SF) to the called channel after receiving progress or a wink, and the callee hangs up before we have finished sending it digits, there are several problems that can ensue:
This is generally an edge case that occurs due to some kind of signaling failure, but to better handle this:
Resolves: #1915
UserNote: If a called channel sends progress or wink and the caller begins sending digits but the callee answers and then hangs up before digit sending can finish, the call is now answered before being disconnected. If the callee hangs up without answering, the call now continues in the dialplan.
Author: Maximilian Fridrich Date: 2026-05-07
When a message is sent via ARI, the ARI endpoint only provides a To field which is also used as destination field. This means that the To field might not necessarily contain a SIP URI but might instead specify an Asterisk endpoint (in MessageDestinationInfo format). This led to many warnings even though the message was sent correctly.
The fix is to only call ast_sip_update_to_uri if the To field starts
with the sip: or sips: scheme.
Resolves: #1357
Author: Stanislav Abramenkov Date: 2026-04-27
Resolves: #1888
UserNote: Bundled pjproject has been upgraded to 2.17. For more information about what is included in this release, see the pjproject Github page: https://github.com/pjsip/pjproject/releases/tag/2.17
Author: Mike Bradeen Date: 2026-05-06
crypto_utils uses ast_asprintf to allocate the search string when checking the certificate subject, but was not using ast_free to free it. This caused a crash when Asterisk was built with malloc_debug
Resolves: #1921
Author: Joshua C. Colp Date: 2026-05-04
Due to stasis filtering the stasis callback for AMI type messages is guaranteed to only receive messages that can be turned into AMI events, so remove the check done in the callback.
The sessions container usage for the stasis callbacks has also been simplified by having a reference on the message router subscription instead of having to acquire the sessions from the global object each time.
Author: Peter Krall Date: 2026-04-17
Modified the bridge playback teardown so the worker thread removes only the playback control, while the after-bridge callback removes the playback wrapper once the announcer has actually left the bridge.
This avoids a stale window where a new playback request could create a replacement announcer before the old announcer had fully exited the holding bridge.
Also replaced the flexible trailing bridge_id storage in the shared worker thread data with an optional bridge_id pointer, since recording paths use the same structure without a bridge id.
Fixes: #1861
Author: Sebastian Denz Date: 2026-03-26
Author: George Joseph Date: 2026-05-05
ast_softhangup() was locking the channel before calling ast_rtp_instance_set_stats_vars() which, if the channel was in a bridge, then locked the bridge peer channel. If another thread attempted to set bridge variables on the peer, it would lock that channel first, then this channel causing a lock inversion. ast_softhangup() now holds the channel lock while retrieving the rtp instance, then unlocks it before calling ast_rtp_instance_set_stats_vars(), then locks it again after it returns.
Resolves: #1907
Author: Charles Langlois Date: 2026-04-16
When a PJSIP endpoint is configured with set_var invoking a dialplan function (e.g. PJSIP_HEADER(add,...)), chan_pjsip_new() calls pbx_builtin_setvar_helper() while holding the channel lock. For function-style variables, this dispatches to ast_func_write() which, in the case of PJSIP_HEADER, calls ast_sip_push_task_wait_serializer() -- blocking synchronously while the channel lock is held.
If a concurrent operation (ARI, AMI, rtp_check_timeout) traverses the channels container via ast_channel_get_by_name(), it acquires the container lock then tries to lock individual channels in the iteration callback (by_uniqueid_cb/by_name_cb). When the serializer thread also needs the container lock, a circular dependency forms:
channel_lock -> serializer_wait -> container_lock -> channel_lock
This causes a complete Asterisk freeze. In the observed case, 36 threads were blocked on the container lock until res_freeze_check triggered SIGABRT after its 30-second timeout.
Unlock the channel before iterating endpoint channel_vars so that dialplan functions can block without holding the channel lock. Re-lock the channel for ast_channel_stage_snapshot_done() so the batched snapshot is published under lock and captures the full channel state including the variables set during the loop.
Fixes: #1872
Author: mattia Date: 2026-04-01
Add rtp_port_start and rtp_port_end options to PJSIP endpoint configuration, allowing each endpoint to use a dedicated RTP port range instead of the global rtp.conf setting.
This is useful for scenarios where different endpoints need isolated port ranges, such as firewall rules per trunk, multi-tenant systems, or network QoS policies tied to port ranges.
The implementation adds ast_rtp_instance_new_with_port_range() to the RTP engine API, which sets the port range on the instance before the engine allocates the transport. The default RTP engine (res_rtp_asterisk) checks for per-instance overrides in rtp_allocate_transport() and falls back to the global range when none is set.
Both options must be set together, with values >= 1024 and rtp_port_end > rtp_port_start. Setting both to 0 (the default) preserves existing behavior.
Resolves: https://github.com/asterisk/asterisk-feature-requests/issues/71
UserNote: PJSIP endpoints now support rtp_port_start and rtp_port_end options to configure a dedicated RTP port range per endpoint, overriding the global rtp.conf setting.
UpgradeNote: An alembic database migration has been added to add the rtp_port_start and rtp_port_end columns to the ps_endpoints table. Run "alembic upgrade head" to apply the schema change.
DeveloperNote: New public API: ast_rtp_instance_new_with_port_range() creates an RTP instance with a per-instance port range. ast_rtp_instance_get_port_start() and ast_rtp_instance_get_port_end() allow RTP engines to query the override. Third-party RTP engines can use these getters to support per-instance port ranges.
Author: phoneben Date: 2026-04-26
app_queue: Fix raise_respect_min not copied in copy_rules() causing rN rules to be ignored.
copy_rules() never copied raise_respect_min into the per-call rule list, so the flag was always 0 when a timed penaltychange rule fired, making rN behave like plain N and raising members below min_penalty that should have been excluded.
Also fixes update_qe_rule() not propagating the flag from qe->pr to qe, and dropping the r prefix when saving back to QUEUE_RAISE_PENALTY.
Resolves: #1901
Author: phoneben Date: 2026-04-09
app_voicemail_odbc: fix msgnum race and crash on failed STORE
Two concurrent callers leaving voicemail to the same mailbox could be assigned the same msgnum because ast_unlock_path() was called before STORE(), allowing a second thread to read the same LAST_MSG_INDEX() before the first INSERT committed. The losing thread got a duplicate key error, but execution continued into notify_new_message() -> RETRIEVE() because the STORE() return value was not checked. RETRIEVE() then fetched the winning thread's DB row, mmap'd its blob size against the locally truncated file, and crashed with SIGBUS.
Hold the path lock through STORE() and bail out on failure.
Fixes: #1653
Author: George Joseph Date: 2026-04-22
session_cleanup() now saves the websocket type before unlinking the session from the session registry. This prevents a FRACK when cleaning up per-call websockets when MALLOC_DEBUG is used.
session_shutdown_cb() and outbound_sessions_load() now call pthread_cancel() to cancel the session handler thread to prevent the thread from continually trying to connect to a server after the connection config has been removed by a reload. This required the thread to use pthread_cleanup_push() to clean up its reference to the session instead of RAII because RAII destructors don't get run when pthread_cancel() is used.
Resolves: #1894
__STDC_VERSION__ is not attempted for c++.Author: George Joseph Date: 2026-04-27
__STDC_VERSION__ is specific to C but up until gcc 16, the g++ compiler
also defined it. With g++ 16.0 it's no longer defined (which is the correct
behavior) so compiling channelstorage_cpp_map_name_id.cc fails. The
check for __STDC_VERSION__ in compat.h is now skipped if we're compiling
a C++ source file.
Resolves: #1903
Author: phoneben Date: 2026-04-22
Backport pjsip/pjproject#4941 which fixes a build/link failure when compiling against OpenSSL < 1.1.0 (e.g. OpenSSL 1.0.2k on CentOS 7).
Two symbols introduced in OpenSSL 1.1.x were called unconditionally in ssl_sock_ossl.c without version guards:
TLS_method() in init_ossl_ctx() is now guarded with
OPENSSL_VERSION_NUMBER < 0x10100000L, falling back to
SSLv23_method() on older OpenSSL.
SSL_CTX_set_ciphersuites() is now guarded with
OPENSSL_VERSION_NUMBER >= 0x1010100fL since this function
was introduced in OpenSSL 1.1.1 and is absent in 1.0.x.
Without this fix, linking fails with:
undefined reference to TLS_method'
undefined reference toSSL_CTX_set_ciphersuites'
when building Asterisk with bundled pjproject on systems such as CentOS 7 with OpenSSL 1.0.2k.
Resolves: #1892
Author: George Joseph Date: 2026-04-22
Line 2729 has #if HAVE_LIBEDIT_IS_UNICODE instead if #ifdef. Since
macros defined by autoconf are either set to 1 or not set at all,
older distros where libedit isn't unicode won't have that macro defined
and will fail to compile.
Resolves: #1896
Author: phoneben Date: 2026-04-21
cdrel_custom: fix SQLite compatibility for versions < 3.20.0
Replace sqlite3_prepare_v3 + SQLITE_PREPARE_PERSISTENT with a version-guarded fallback to sqlite3_prepare_v2 for older SQLite builds.
Resolves: #1885
Author: Sebastian Jennen Date: 2026-04-02
The default (codec) still uses the codec provided samples. Additionally
different sample_types can be used with eg: translate sampletype speech
and then running core show translation comp 10 to measure performance
of different audio scenarios.
Resolves: #1807
Author: Daniel Donoghue Date: 2026-02-25
Adds two optional modules: res_stasis_broadcast.so: Infrastructure for broadcasting a single incoming channel to multiple ARI applications with atomic first-claim-wins semantics.
app_stasis_broadcast.so: Provides the StasisBroadcast() dialplan application which invokes the broadcast infrastructure.
Both modules are self-contained; if neither is loaded there is zero runtime impact. Loading them does not alter existing Stasis or ARI behavior unless explicitly used.
Key Features (only active when modules are loaded): Fisher-Yates shuffled broadcast dispatch for fair claim races Atomic claim operations using mutex + condition variable signaling Configurable broadcast timeouts Safe regex application filtering with validation to mitigate ReDoS risk Thread-safe channel variable snapshotting (channel locked during reads) Late-claim safety: broadcast context kept alive until after the Stasis session ends so concurrent claimants always receive 409 Conflict rather than 404 Not Found Memory safety via RAII_VAR, ast_json_ref/unref, and ao2 reference counting
Components Added: res/res_stasis_broadcast.c: Core broadcast + claim logic apps/app_stasis_broadcast.c: StasisBroadcast() dialplan application include/asterisk/stasis_app_broadcast.h: Public API header res/ari/resource_events.c: Integrates POST /ari/events/claim endpoint rest-api/api-docs/events.json: New CallBroadcast and CallClaimed events
Implementation Notes: Broadcast contexts reside in an ao2 hash container keyed by channel id. Each context holds atomic claim state, winner application name, timeout metadata, and a condition variable for waiters. Broadcast contexts are kept alive until after stasis_app_exec() returns so that concurrent claimants racing against the timeout always receive 409 Conflict. Broadcast dispatch calls stasis_app_send() directly for each matching application in shuffled order. Regex filters are validated with bounded length, group depth, quantified group count, and alternation limits to reduce pathological backtracking. Timeout calculation uses timespec arithmetic with overflow-safe millisecond remainder handling. Event JSON follows existing Stasis/ARI conventions; references are managed correctly to avoid leaks or double frees.
Optional Nature / Impact: No changes to existing APIs, events, or applications when absent. Clean fallback: systems ignoring the modules behave identically to prior versions.
Development was assisted by Claude (Anthropic). All generated code has been reviewed, tested, and is understood by the author.
UserNote: New optional modules res_stasis_broadcast.so and app_stasis_broadcast.so enable broadcasting an incoming channel to multiple ARI applications. The first application to successfully claim (via POST /ari/events/claim) wins channel control. StasisBroadcast() dialplan application initiates broadcasts. CallBroadcast and CallClaimed events notify applications. When modules are not loaded, behavior is unchanged.
DeveloperNote: New public APIs in stasis_app_broadcast.h: stasis_app_broadcast_channel(), stasis_app_claim_channel(), stasis_app_broadcast_winner(), and stasis_app_broadcast_wait(). New ARI event types (CallBroadcast, CallClaimed) added to events.json. All code is isolated; no existing ABI modified.
Author: Sven Kube Date: 2026-04-22
This commit implements the handling of non-voice or DTMF frames like the chan_websocket handling added in #1588. Rather than treating unsupported frames as fatal errors, silently ignore CNG frames and log a warning for other unsupported types.
Author: George Joseph Date: 2026-04-21
Before ast_func_read and ast_func_write call their respective read and write callbacks for registered dialplan functions, they use the module pointer in the registered ast_custom_function structure to increment the module use count. They then decrement the usecount when the callback returns. This prevents the providing module from being unloaded while there's a call using the function.
Some modules, notably func_odbc, create and destroy dialplan functions based on the contents of a config file. Since the ast_custom_function structure is dynamically allocated, it could be destroyed on reload which means when the module's read or write callback returns to the ast_func calls it would try to decrement the usecount using the module pointer from an ast_custom_function structure that has already been freed. Proper locking or reference counting by the module can reduce the possibility of this happening but it can't prevent it because it doesn't have control after its read or write callback has returned to ast_func_read or ast_func_write.
To address this, ast_func_read, ast_func_read2 and ast_func_write save the module pointer to a local variable before calling the module's callback, then use the saved pointer to decrement the use count. The module pointer will always be valid if the module is loaded regardless of the state of the ast_custom_function structure.
Resolves: #1818
Author: Naveen Albert Date: 2026-04-18
Add a property to the CHANNEL method to retrieve the auth method, which can be used to retrieve the specific auth method actually negotiated for a call (e.g. RSA, MD5, etc.).
Also clean up some of the documentation for the secure properties to clarify how these relate to call encryption.
Resolves: #1878
UserNote: CHANNEL(auth_method) can now be used to retrieve the auth method negotiated for a call on IAX2 channels.
Author: phoneben Date: 2026-04-21
pjproject 2.16 (bundled) fails to build on GCC 4.8 (CentOS/RHEL 7) due to a false positive C11 atomics detection introduced in pjproject commit #4570. A fix has been submitted upstream to pjproject (#4933).
Adding a local patch to third-party/pjproject/patches/ until a fixed version of pjproject is bundled in Asterisk.
Fixes build error: ../src/pj/os_core_unix.c:52:27: fatal error: stdatomic.h: No such file or directory
Resolves: #1883
Author: George Joseph Date: 2026-04-16
The rtp_ioqueue_thread_destroy() function was destroying the the ioqueue thread and releasing its pool but not destroying the ioqueue itself. This was causing the ioqueue's epoll file descriptor to leak.
Resolves: #1867
Author: Daniel Donoghue Date: 2026-03-10
Introduces res_pjsip_maintenance, a loadable module that allows operators to place individual PJSIP endpoints into maintenance mode at runtime without unregistering or disabling them.
While an endpoint is in maintenance mode: * New inbound INVITE and SUBSCRIBE dialogs are rejected with 503 Service Unavailable and a Retry-After: 300 header. * In-progress dialogs (re-INVITE, UPDATE, BYE, etc.) are unaffected and complete normally. * Outbound originations via Dial() or ARI originate are refused before any SIP session is created.
State is held in-memory only and is cleared on module unload or Asterisk restart.
This module was developed with AI assistance (Claude). All code has been reviewed and tested by the author, who takes full responsibility for the submission.
CLI interface:
pjsip set maintenance
AMI interface:
Action: PJSIPSetMaintenance
Endpoint:
Action: PJSIPShowMaintenance
Endpoint: <name> (optional; omit to list all)
Emits PJSIPMaintenanceStatus events per result, followed by
PJSIPMaintenanceStatusComplete. State changes also emit an
unsolicited PJSIPMaintenanceStatus event.
To support outbound blocking, a new session_create callback is added to ast_sip_session_supplement. Supplements that set this callback are invoked at the start of ast_sip_session_create_outgoing() in res_pjsip_session, before any dialog or invite session resources are allocated. res_pjsip_maintenance registers itself as a session supplement and uses this callback to gate outbound session creation on a per-endpoint basis.
MODULEINFO:
UserNote: New module res_pjsip_maintenance adds runtime maintenance
mode for PJSIP endpoints. Use "pjsip set maintenance
DeveloperNote: ast_sip_session_supplement gains a new optional callback - int (session_create)(struct ast_sip_endpoint endpoint, const char *destination). It is called from the global supplement list (not per-session) at the start of ast_sip_session_create_outgoing() via ast_sip_session_check_supplement_create(). Returning non-zero blocks the outgoing session. Modules that need to gate outbound SIP session creation should register a supplement with this callback set rather than hooking into chan_pjsip directly.
Author: Naveen Albert Date: 2026-04-11
Commit 2da221e217cbff957af928e8df43ee25583232d1 added a missing abort if datalen < 0 check on a code path and an assertion inside iax_frame_wrap if we ever encountered a frame with a negative frame length (which will eventually cause a crash).
Add another missing abort check for negative datalen, exposed by this assertion. (Similar to the previous commit, this is a video frame with a datalen of -1).
Resolves: #1865
Author: Mike Bradeen Date: 2026-04-08
The PJSIP outbound registration API has undocumented behavior when reconfiguring the outbound registration if the expires value being set is the same as what was previously set.
In this case PJSIP will remove the Expires header entirely from subsequent outbound REGISTER requests. To eliminate this as an issue we now check the current expires value against the configured expires value and only apply it if it differs.
This ensures that outbound REGISTER requests always contain an Expires header.
Resolves: #1859
Author: Sean Bright Date: 2026-04-08
Fixes: #1761
Author: Sean Bright Date: 2026-04-09
Fixes: #1862
Author: George Joseph Date: 2026-04-07
When res_pjsip is reloaded directly, it does the sorcery reload in a pjsip servant thread as it's supposed to. res_pjsip_config_wizard however was not which was leading to occasional deadlocks. It now does the reload in a servant thread just like res_pjsip.
Resolves: #1855
Author: Alexei Gradinari Date: 2026-04-06
The pjsua Python module and the pjsua/pjsystest apps were used by the Asterisk Test Suite for SIP simulation in dev mode builds. They are now fully obsolete for three independent reasons:
pjsua Python bindings officially deprecated upstream. The pjproject
maintainers added pjsip-apps/src/python/DEPRECATED.txt directing
users to the PJSUA2 SWIG binding instead. A build-fix PR
(https://github.com/pjsip/pjproject/pull/4892) was closed by the
maintainer explicitly citing this deprecation.
Removed from the Asterisk Test Suite. As confirmed by @mbradeen: > "We had to get rid of pjsua when we went to Python3 because it would > hang due to a conflict between async calls within pjsua and twisted. > There are still some old references to tests we couldn't fully convert > to sipp, but those are skipped."
Broken and unmaintained. Building with Python 2.7 (the only version
configure.ac searched for) fails with:
_pjsua.c: error: 'INIT_RETURN' undeclared (first use in this function)
due to a bug in pjproject 2.16's python3_compat.h that upstream
declined to fix.
This PR removes all pjsua-related build artifacts from Asterisk's bundled
pjproject build: the pjsua and pjsystest application binaries, the deprecated
Python (_pjsua.so) bindings, the asterisk_malloc_debug.c stubs, and the
PYTHONDEV detection from configure.ac. Also removes libpjsua from
Asterisk's main linker flags.
DeveloperNote: The pjsua and pjsystest application binaries, the deprecated
Python pjsua bindings (_pjsua.so), and the asterisk_malloc_debug.c stub
implementations are no longer built or installed as part of the bundled
pjproject dev mode build. The PYTHONDEV (python2.7-dev) build dependency
is also removed. Developers who relied on the pjsua binary for Test Suite
SIP simulation should use SIPp instead, which is the current Asterisk Test
Suite standard.
Fixes: #1840
Author: Milan Kyselica Date: 2026-03-25
Change rawdata buffer from char to unsigned char to prevent
sign-extension of TLV length bytes >= 0x80. On signed-char
platforms (all Asterisk builds due to -fsigned-char in
configure.ac), these values become negative when assigned to
int, bypass the if (res > 32) bounds check, and reach
memcpy as size_t producing a ~18 EB read that immediately
crashes with SIGSEGV.
Affects DAHDI analog (FXO) channels only. Not reachable via SIP, PRI/BRI, or DTMF-based Caller ID.
Fixes: #1839