PJSIP version 2.15.1

Bug fixes

• SIP authentication: #4195
• Asynchronous conference bridge: #4198, #4200, #4208
• Dialog event subscription: #4214

See also PJSIP version 2.15.

PJSIP version 2.15

Release Focus

• Metal renderer for Mac and iOS (#3841)
• TLS/SSL backend: Windows Schannel (#3867)
• Dialog Event subscription, client only (#3754)
• Lyra codec (#3949)

Backward Incompatibility

• Asynchronous conference bridge operations (#3928):
  • For PJMEDIA port implementation, PJMEDIA port must use its own pool to avoid premature destroy (for more info, see potential issue no 1 in PR desc).
  • For PJMEDIA port implementation, due to the async nature of conf port removal, media port must be prepared to receive further get/put_frame() callbacks until the removal completes.
  • For application, caching pool factory used for creating a PJMEDIA port must not be destroyed before the port removal from the bridge is completed (for more info, see potential issue no 3 in PR desc).

• App cannot specify MD5 and AKA MD5 in a single credential (#4118)

For ticket list, please see Milestone 2.15

PJSIP version 2.14.1

Bug fixes

• Deadlock between stream and ICE: #3801
• Answering re-INVITE: #3770, #3818
• Transport loop: #3773

See also PJSIP version 2.14.

PJSIP version 2.14

Release Focus

• IPv4 & IPv6 dual stack option in account config (#3590)
• Video feature for Android and iOS sample apps: Android PJSUA2 Java & Kotlin (#3673), iOS Swift PJSUA (#3342), iOS Swift PJSUA2 (#3381).
• Xamarin samples for Android and iOS (#3584)

Backward Incompatibility

• Handle 2nd INVITE when in early state (#3458)
• Allow dialog establishment when remote does not provide To tag (#3394)
• Respond with ACK first before hanging up call for dialog fork (#3445)
• Consider session terminated on 408 and 481 response (#3457)

Security Issue

• Use-after-free in SRTP media transport
• And all the security issues listed in release 2.13.1

For ticket list, please see Milestone 2.14

PJSIP version 2.13.1

Security Issue

• Heap buffer overflow when decoding STUN message
• Heap buffer overflow when decoding STUN message (2)
• Heap buffer overflow when parsing DNS packet (2)

Bug fixes

• Video: #3325
• OpenSSL: #3583, #3577
• iOS native preview: #3350

See also PJSIP version 2.13.

PJSIP version 2.13

Release Focus

• UPnP (#3184)
• Support OpenSSL 3 (#3168)
• Fix video deadlock issue (#3166 and #3183)

Backward Incompatibility

• Call replace must now use the same account (previously PJSUA app can override the account used) (#3059)
• Our coding style now uses spaces instead of mixed tabs/spaces (#3210, #3292)

Security Issue

• Potential media transport downgrade from the secure version (SRTP) to the non-secure one (RTP)
• Potential buffer overflow in pjlib scanner and pjmedia
• Potential stack buffer overflow when parsing message as a STUN client
• And all the security issues listed in release 2.12.1

For ticket list, please see Milestone 2.13

PJSIP version 2.12.1

Security Issue

• Potential buffer overflow in pjsip_auth_create_digest() (GHSA-73f7-48m9-w662)
• Denial-of-service in XML parsing due to an infinite loop (GHSA-5x45-qp78-g4p4)
• Potential stack buffer overflow when printing SDP into a buffer (GHSA-f5qg-pqcg-765m)
• Potential out-of-bound read/write when parsing RTCP FB RPSI (GHSA-vhxv-phmx-g52q)
• Potential infinite loop when parsing WAV format file (GHSA-rwgw-vwxg-q799)
• Potential heap buffer overflow when parsing DNS packets (GHSA-p6g5-v97c-w5q4)

Bug fix

• Android Camera2: #3044, #3063
• Android Oboe: #3046
• Call hangup: #3026

See also milestone 2.12.1

PJSIP version 2.12

Release Focus

• WebRTC updates with AEC3 & AGC2 (#2722)
• Support Oboe for Android (#2707)

Backward Incompatibility

• UAS INVITE transaction no longer terminated upon transport error/disconnection (#2683)

Security Issue

• Potential integer underflow upon receiving STUN message (GHSA-2qpg-f6wf-w984)
• Use after free of dialog set (GHSA-ffff-m5fm-qm62)
• Missing unreleased of locks in failure cases (GHSA-8fmx-hqw7-6gmc)
• Potential out-of-bounds read when parsing RTCP BYE message (GHSA-3qx3-cg72-wrh9)
• Prevent OOB read for RTCP XR block (GHSA-r374-qrwv-86hh)
• Potential buffer overflow in pjsua_player_create(), pjsua_recorder_create(), pjmedia_wav_player_create(), and pjsua_call_dump() (GHSA-qcvw-h34v-c7r9)
• Potential out-of-bound read during RTP/RTCP parsing (GHSA-m66q-q64c-hv36)
• Prevent OOB read in multipart parsing (GHSA-7fw8-54cv-r7pm)
• Use after free of dialog set (GHSA-ffff-m5fm-qm62)

For ticket list, please see Milestone 2.12

PJSIP version 2.11.1

Release Focus

Security update. This version is recommended for all users to improve the security of applications using PJSIP.

For more information, please see Milestone 2.11.1

PJSIP version 2.11

Release Focus

• Trickle ICE
• iOS native SSL
• Android native codecs (H264, VP8, VP9, AMR-NB & AMR-WB)
• iOS Swift and Android Kotlin sample apps.

For ticket list, please see Milestone 2.11