[SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

[Alex Balashov]

In the eyes of people who are not doing the work themselves, everything 
always warrants something.

The reality of open-source is it cannot be all things to all people. If 
you want to be a security-conscious user of Kamailio, you need to 
monitor the mailing lists.

Doubtless, very, very critical issues will get wider exposure. For 
everything else, such as this issue and issues like it which fall into 
the vast middle of the curve--that is, problems which could affect some 
users from time to time in some releases--one just has to be plugged 
into what's going on with the project.

Yes, users should be able to count on the project to be reasonably 
secure and diligent in addressing identified issues, which it has. There 
is no less of credibility here with anyone; the issue was readily 
identified, immediately acknowledged, and fixed in _minutes_ (I was 
there watching it), and has been or is in the process of being 
backported to stable maintained branches. What more could you possibly 
want from an open-source project?

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/