PJSIP version 2.12.1

Security Issue

• Potential buffer overflow in pjsip_auth_create_digest() (GHSA-73f7-48m9-w662)
• Denial-of-service in XML parsing due to an infinite loop (GHSA-5x45-qp78-g4p4)
• Potential stack buffer overflow when printing SDP into a buffer (GHSA-f5qg-pqcg-765m)
• Potential out-of-bound read/write when parsing RTCP FB RPSI (GHSA-vhxv-phmx-g52q)
• Potential infinite loop when parsing WAV format file (GHSA-rwgw-vwxg-q799)
• Potential heap buffer overflow when parsing DNS packets (GHSA-p6g5-v97c-w5q4)

Bug fix

• Android Camera2: #3044, #3063
• Android Oboe: #3046
• Call hangup: #3026

See also milestone 2.12.1

PJSIP version 2.12

Release Focus

• WebRTC updates with AEC3 & AGC2 (#2722)
• Support Oboe for Android (#2707)

Backward Incompatibility

• UAS INVITE transaction no longer terminated upon transport error/disconnection (#2683)

Security Issue

• Potential integer underflow upon receiving STUN message (GHSA-2qpg-f6wf-w984)
• Use after free of dialog set (GHSA-ffff-m5fm-qm62)
• Missing unreleased of locks in failure cases (GHSA-8fmx-hqw7-6gmc)
• Potential out-of-bounds read when parsing RTCP BYE message (GHSA-3qx3-cg72-wrh9)
• Prevent OOB read for RTCP XR block (GHSA-r374-qrwv-86hh)
• Potential buffer overflow in pjsua_player_create(), pjsua_recorder_create(), pjmedia_wav_player_create(), and pjsua_call_dump() (GHSA-qcvw-h34v-c7r9)
• Potential out-of-bound read during RTP/RTCP parsing (GHSA-m66q-q64c-hv36)
• Prevent OOB read in multipart parsing (GHSA-7fw8-54cv-r7pm)
• Use after free of dialog set (GHSA-ffff-m5fm-qm62)

For ticket list, please see Milestone 2.12

PJSIP version 2.11.1

Release Focus

Security update. This version is recommended for all users to improve the security of applications using PJSIP.

For more information, please see Milestone 2.11.1

PJSIP version 2.11

Release Focus

• Trickle ICE
• iOS native SSL
• Android native codecs (H264, VP8, VP9, AMR-NB & AMR-WB)
• iOS Swift and Android Kotlin sample apps.

For ticket list, please see Milestone 2.11

PJSIP version 2.10

Release Focus

• WebRTC interop for video:
  • RTCP-FB PLI
  • VP8 and VP9 video codec
• Audio Enhancements
  • Voice Processing IO for MacOS
• Timer refactoring

Backward incompatibility

1. Due to #2209 (Insufficient variable storage to contain Expires header field/ parameter):
   • Any sign comparison of expiration fields MUST be modified, for example: pjsip_contact_hdr.expires < 0 should be changed to pjsip_contact_hdr.expires == PJSIP_EXPIRES_NOT_SPECIFIED.
   • Direct setting/comparison with -1 should still work, for example: pjsip_pres_inititate(sub, -1, ...) or pjsip_contact_hdr.expires == -1. This is because PJSIP_EXPIRES_NOT_SPECIFIED == (unsigned) -1. Nevertheless, for future compatibility, it is recommended to change any -1 to PJSIP_EXPIRES_NOT_SPECIFIED.
2. Due to #2233 (Change enumeration typemaps in SWIG Java), Java applications needs to be updated:
   • Accessing enumeration value is no longer using swigValue() method, e.g: pjsip_inv_state.PJSIP_INV_STATE_CONFIRMED.swigValue() must be changed to pjsip_inv_state.PJSIP_INV_STATE_CONFIRMED.
   • All enumeration types are now int, e.g: pjsip_status_code code must be changed to int code.
3. Due to #2251 (Deadlock between PJSUA LOCK and conference mutex):
   • pjmedia_*_set_eof_cb() and pjmedia_*_set_cb() are deprecated and replaced with pjmedia_*_set_eof_cb2()/set_cb2(). The callbacks will now be asynchronous.
4. Due to #2265 (Compatibility issues on Python 3.7 or above):
   • PJSUA2 async field in OnCallRxReinviteParam is renamed to isAsync.

For ticket list, please see Milestone 2.10

PJSIP version 2.9

Released on 2019-06-13T10:14:40Z

Release Focus

• Video conference
• Darwin (Mac & iOS) native SSL backend
• NAT enhancement: TURN over TLS
• SIP multiple listeners

For more details about the ticket list, please see Release Notes

PJSIP version 2.8

Released on 2018-09-05T05:35:44Z

Release Focus

• OPUS param on the fly

• WebRTC interopability - RTP/SAVPF - SSRC

Backward incompatibility

• Application using PJMEDIA API directly should explicitly invoke pjmedia_transport_media_start() to start receiving RTP packets. Application that does not use SDP can simply pass zero/null for pool and SDP params, e.g: pjmedia_transport_media_start(tp, 0, 0, 0, 0). Please check #2097 for more info.

For more details about the ticket list, please see Release Notes

PJSIP version 2.7.2

Released on 2018-02-21T03:15:18Z

Release Focus

Security update. This version is recommended for all users to improve the security of applications using PJSIP.

For more details about the ticket list, please see Release Notes

PJSIP version 2.7.1

Released on 2017-11-08T03:23:59Z

Release Focus

Security update. This version is recommended for all users to improve the security of applications using PJSIP.

For more details about the ticket list, please see Release Notes

PJSIP version 2.7

Released on 2017-09-25T06:23:19Z

Release Focus

• DTLS for SRTP keying

• iOS (and Mac) H.264 Native Encoder and Decoder
• NAT64

For more details about the ticket list, please see Release Notes