[SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf
abalashov at evaristesys.com
Wed Sep 2 20:10:46 CEST 2020
In the eyes of people who are not doing the work themselves, everything
always warrants something.
The reality of open-source is it cannot be all things to all people. If
you want to be a security-conscious user of Kamailio, you need to
monitor the mailing lists.
Doubtless, very, very critical issues will get wider exposure. For
everything else, such as this issue and issues like it which fall into
the vast middle of the curve--that is, problems which could affect some
users from time to time in some releases--one just has to be plugged
into what's going on with the project.
Yes, users should be able to count on the project to be reasonably
secure and diligent in addressing identified issues, which it has. There
is no less of credibility here with anyone; the issue was readily
identified, immediately acknowledged, and fixed in _minutes_ (I was
there watching it), and has been or is in the process of being
backported to stable maintained branches. What more could you possibly
want from an open-source project?
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
More information about the sr-users