[sr-dev] Security vulnerability handling

Olle E. Johansson oej at edvina.net
Thu Feb 5 15:36:00 CET 2015


Friends,

I think today's issue with a 302 message sent to kamailio causing a crash is a security issue. It was dealt with swiftly, but I feel we need a more formal procedure for handling it, producing patches and releasing security information.

I've made a quick proposal that outlines a few simple things and policys. We should make it too complex, but I feel it's important for all our users that a project has some procedure on how to handle situations like this.

Please check the proposal in the dev meeting agenda and let's discuss it in the dev meeting.

http://www.kamailio.org/wiki/devel/irc-meetings/2015a

/O


More information about the sr-dev mailing list