Asterisk 23.0.0 Lands with Critical Security Fix and Key Stability Upgrades

The Asterisk development team has announced the release of Asterisk 23.0.0, now available for download on GitHub and the project’s official website.

The new version addresses numerous user-reported bugs and introduces several enhancements aimed at improving system stability and configuration flexibility. The developers extended their gratitude to the community for its active participation in testing and issue reporting.

In total, the release includes 45 commits from 14 contributors, resolves 36 issues, and patches one security vulnerability (GHSA-64qc-9×89-rx5j) related to improper handling of the Authorization header in SIP requests — a flaw that could potentially cause Asterisk to crash.

Among the notable changes is a new global option, log_unpause_on_reason_change, in the app_queue module, enabling logging of UNPAUSE events when the pause reason changes. The pbx_builtins module now supports custom tones during WaitExten input prompts. The res_tonedetect module can automatically terminate signal detection after a defined number of matches, reducing the risk of race conditions within dial plans.

The sorcery module gains a new setting, update_or_create_on_update_miss, preventing the loss of objects during temporary backend outages. chan_websocket now supports custom URI parameters, while app_chanspy adds an option to disable automatic channel answering.

Additionally, deprecated components and options have been removed — including users.conf, the DeadAGI application, and legacy parameters from res_musiconhold, app_voicemail, and app_queue. Duplicate CLI commands were eliminated, and outdated functions like VALID_EXTEN were replaced with their modern equivalents, such as DIALPLAN_EXISTS.

For developers, a new ARI endpoint — /channels/{channelId}/progress — has been introduced, allowing the transmission of execution progress data to a channel.

Asterisk 23.0.0 represents another significant milestone in the evolution of this widely used IP telephony platform, focusing on improved reliability and configuration consistency. The release is now available from the official Asterisk repository on GitHub and the official download mirror.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy