Release 4.0#140
Merged
Merged
Conversation
(cherry picked from commit 127788c)
* docs: add generated README.md files * docs: add generated manual [skip ci]
When sending stored messaged, do not attempt to add any extra text info to the body, unless is text/plain. Any other type, like cpim, will result into a broken body (as syntax, as cpim is xml) Reported by Robert Dyck <rob.dyck@telus.net> (cherry picked from commit 7311575)
Reported by Hu Xinyao ( huxinyao0011@gmail.com ) https://github.com/OpenSIPS/opensips/security/advisories/GHSA-p96q-v5qf-w24h (cherry picked from commit 94bd74a)
(cherry picked from commit 2a81b43)
The re.subst transformation stores replacement-side PV specs by value inside
its cached subst_expr. When the cached expression is replaced, the embedded
$shv() spec could leave behind its shared-memory pvv buffer.
This can be triggered with a dynamic substitution expression such as:
$var(re) = "/^s=before/s=$shv(voip_sdp_session)\r/g";
$var(sdp) = $(var(sdp){re.subst,$var(re)});
Track pvv ownership, mark $shv() buffers as SHM-owned, and release them when
freeing cached re.subst replacement specs.
Fixes OpenSIPS#3872
(cherry picked from commit 09ec061)
Credits go to @NicoFrLy and @david-b71 for reporting this in ticket OpenSIPS#3720 and providing valuable troubleshooting information (cherry picked from commit beb690d)
_dm_release_message_response() is the only function that frees the SHM-backed cJSON reply tree (cond->rpl.json). In dm_send_request(), the release call was gated inside "if (rpl_avps_pv)", so every call without an output PV leaked the entire SHM cJSON tree. The same issue existed in dm_send_request_async_reply(): the release was guarded by "if (rpl_avps)", which was NULL both when no output PV was configured and on the read() failure path — even though the reply callback had already populated cond->rpl.json. _dm_release_message_response() safely handles a NULL rpl_avps argument (cJSON_PurgeString is a no-op on NULL), so removing both guards is safe. Found during a systematic audit of dm_send_request() paths following commit 1e8001f. (cherry picked from commit f40e0da)
After cJSON_AddItemToArray(avps, item) transfers ownership of item to
avps, item is not cleared. Any subsequent FD_CHECK_GT failure in the
same or next loop iteration jumps to the out: label, which calls
cJSON_Delete(item) — freeing memory already owned by avps.
This double-free corrupts the SHM heap, affecting all worker processes.
The affected paths include:
- FD_CHECK_GT(fd_msg_browse()) at the skip: label (next-iteration
advance)
- FD_CHECK_GT(fd_msg_avp_hdr()) and FD_CHECK_GT(fd_dict_getval())
at the start of the next iteration
Fix: clear item immediately after the ownership transfer so that any
later cJSON_Delete(item) at out: is a safe no-op.
Found during a systematic audit following commit 1e8001f.
(cherry picked from commit 7fef081)
..and changes are made to the request. This is a temporary work around (to prevent the crashing) until the full fix is tested (see 434162d). Credits for the fix go to @NormB Derived from a first itertation of OpenSIPS#3822, fixing OpenSIPS#3796
(cherry picked from commit 6c9a802604df8ba5101ca7d97f1a1e12202c698e)
(cherry picked from commit 4fd6491b95b46737dd6ce252320ea88846d1442d)
(cherry picked from commit 64ec3a5944e257a3e80e941c641a39b3b0203502)
(cherry picked from commit 67521fe90ff1229dc92b50bf06ae8a1f0563de12)
(cherry picked from commit 2560a405e02189aae97a875f783e4149e52f8e45)
(cherry picked from commit 30b735974b18c940257aabe96df5654e314354ba)
(cherry picked from commit b7fd498b476e6dc8ac394d8a0684c35c57566474)
(cherry picked from commit 7bad0e8)
As the attendant is the one forking all new procs (while doing auto-scaling), these new procs will inherite the cfg from attendant - but this proc is not updated with reloaded cfg (has no IPC, scripting support, etc). So all new auto-scaled procs will start with the original cfg. To fix this, when new auto-scaled procs are started, we run a self-upate - check if there was any successful script reload and if so, do a local cfg reload before start processing anything else. Fixes OpenSIPS#3947 Reported by @gcuppers (cherry picked from commit bee7bf4) (cherry picked from commit 1a1beaf)
(cherry picked from commit 4002a1a)
Fixes the race in `full-sharing-cluster` mode where peers received REPL_URECORD_INSERT packets with an empty kv_storage. The serialization that 343f452 added shipped whatever was in r->kv_storage at replicate time, but mid_registrar's store_urecord_data() ran *after* ul.insert_urecord() — so peers saw an empty store and later failed to issue De-REGISTERs: ERROR:usrloc:store_deserialize: bad JSON input or oom ERROR:mid_registrar:unregister_record: 'from' key not found, skipping De-REGISTER ERROR:mid_registrar:mid_reg_aor_event: failed to unregister contact Mirror the existing ucontact pattern (ucontact_info_t.pre_replicate_cb): extend insert_urecord() with an optional pre-replication callback that the caller can use to attach record-level data between mem_insert and replicate_urecord_insert. mid_registrar wires mid_reg_store_aor_data into the throttle-AoR save path so the kv_storage is populated before the INSERT packet is built. Closes OpenSIPS#3845 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> (cherry picked from commit 3400961)
(cherry picked from commit c61c65e)
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 58 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
SubhashC37
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These are the commits up to the final tagged release of 4.0.0, these are purely upstream commits