Skip to content

4.3.124
Compare
Choose a tag to compare
@k-anderson k-anderson released this 13 Oct 20:47
· 74 commits to 4.3 since this release
4.3.124
47cb8a8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Generic badge

Changes for 4.3.124

Changes to branch 4.3 after version 4.3.123.

Commits

  • HELP-17551: allow disabling voicemail callback - by James Aimonetti

    Prior to this change, an malicious caller could leave a voicemail with

    a bogus Caller ID number (typically an international number for

    fraud) to a compromised voicemail box. Calling back into the voicemail

    box, the malicious caller could select the callback option and place a

    call to the fraudulent number.

    If the account or owner of the voicemail box allowed international

    calling, the fraud would progress.

    This PR introduces two toggles to give system administrators more

    control over callback functionality.

    The first global config should_disable_callback can toggle whether

    to allow the caller to select the callback option in general. If set

    to true, the callback feature will be disable cluster-wide.

    The second global config should_disable_offnet_callback requires the

    caller to be using an authorized device. If set to true, the caller

    must place the call from a device known to the account (authorizing_id

    must be present).

    Presumably, if the malicious caller has compromised SIP credentials,

    they can place the fraudulent calls directly without the voicemail

    callback. It is recommended to at least toggle

    should_disable_offnet_callback to true.

Assets 2
Loading