sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
asterisk/doc/UPGRADE-staging
History
George Joseph 7e3a6e158f manager.c: Prevent the Originate action from running the Originate app 
If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.

Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned

If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.

ASTERISK-28580
Reported by: Eliel Sardañons

Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
 		2019-11-21 09:41:07 -06:00
..
AMI-Originate.txt manager.c: Prevent the Originate action from running the Originate app 2019-11-21 09:41:07 -06:00
README.md build: Revise CHANGES and UPGRADE.txt handling. 2019-04-09 09:45:04 -05:00

README.md

DO NOT REMOVE THIS FILE!

The only files that should be added to this directory are ones that will be used by the release script to update the UPGRADE.txt file automatically. The only time that it is necessary to add something to the UPGRADE-staging directory is if you are making a breaking change to an existing feature in Asterisk. The file does not need to have a meaningful name, but it probably should. If there are multiple items that need documenting, you can add multiple files, each with their own description. If the message is going to be the same for each subject, then you can add multiple subject headers to one file. The "Subject: xxx" line is case sensitive! For example, if you are making a change to PJSIP, then you might add the file "res_pjsip_my_cool_feature" to this directory, with a short description of what it does. If you are adding multiple entries, they should be done in the same commit to avoid merge conflicts. Here's an example:

Subject: res_pjsip Subject: Core

Here's a pretty good description of my new feature that explains exactly what it does and how to use it.

Here's a master-only example:

Subject: res_ari Master-Only: True

This change will only go into the master branch. The "Master-Only" header will never be in a change not in master.

Note that the second subject has another header: "Master-Only". Changes that go into the master branch and ONLY the master branch are the only ones that should have this header. Also, the value can only be "true" or "True". The "Master-Only" part of the header IS case-sensitive, however!

For more information, check out the wiki page: https://wiki.asterisk.org/wiki/display/AST/CHANGES+and+UPGRADE.txt