[VoIP] Asterisk Version

Martin Harriss martin at Princeton.EDU
Wed Jul 18 22:35:43 CDT 2007 

To add to what Shane says, it's extremely important to keep up with 
security patches.  Asterisk 1.2.22 (and an accompanying 1.4 version) 
have just been released to forestall what looks like a rather nasty 
security issue.  It's a sad fact of life these days that anything 
listening on the Internet has the potential to have a security hole. 
The one that was just patched in 1.2.22 appears to be particularly nasty 
in that it could allow someone to take complete control of your computer.

The problem with staying with 1.2 is twofold: firstly, there will come a 
time when there are no more updates being done to 1.2 (but by then 1.6 
will have come out!) and secondly, as Shane says, you can fall so far 
behind that upgrading to a current version can be extremely painful. 
I've had first-hand experience of this, with other types of software, at 
work.

That said, I am still running 1.2, albeit the very latest version.  I 
wanted to wait until 1.4 had a few point releases put out, so as to 
avoid any teething troubles.  I do plan to upgrade to 1.4 when I get one 
of those round tuits.

Martin


Shane Young wrote:
> You might want to upgrade to the latest release of the version you are  
> on potentially for security issues:
> http://www.asterisk.org/security
>   and
> http://lists.digium.com/pipermail/asterisk-security/
> 
> Unless there is a particular feature you are looking for, there may be  
> no other pressing reason to upgrade.
> 
> Although, another reason to upgrade is to prevent some shock.  As  
> things mature with asterisk, sometimes they will be deprecated.  For  
> example, a dialplan application that worked a certain way in 1.0 may  
> be changed in 1.1.  When you first execute that option in 1.1 (with  
> the old syntax) you'll get a warning message that you should change to  
> the new syntax.  Then, in 1.2, the old syntax may not work at all.
> 
> If you use Asterisk only for a CNET gateway and nothing else, just  
> staying on top of any security issues is probably just fine.
> 
> 
> Quoting Doug Alderdice <ka2wft at arrl.net>:
> 
>> At 05:29 PM 7/18/2007 -0400, John Novack wrote:
>>> Perhaps you can elaborate on why those with working systems should move
>>> to 1.4.
>>> What is to be gained by this move?
>>> Simply moving to a new release for the sake of a new release isn't
>>> really warranted.
>>
>> Agreed.  I have a working, stable system that's running on a January '05
>> HEAD version (makes it a 1.1 something, maybe??) and see no reason to mess
>> around with that unless there's some really big benefit or feature to be
>> gained.
>>
>> So, why do we want (or should we want) to upgrade?
>>
>> Doug.
>>
>>
>> _______________________________________________
>> VoIP mailing list
>> VoIP at ckts.info
>> http://lists.ckts.info/mailman/listinfo/voip
>> Project Web Page: http://www.ckts.info/
>>
> 
> --Shane
> +1-821-7311 CNET
> 
> 
> _______________________________________________
> VoIP mailing list
> VoIP at ckts.info
> http://lists.ckts.info/mailman/listinfo/voip
> Project Web Page: http://www.ckts.info/
>

More information about the VoIP mailing list