[OpenSIPS-Users] [Minor Release] OpenSIPS 3.6.6 and 4.0.0-rc1
Răzvan Crainea
razvan at opensips.org
Thu May 21 11:41:55 UTC 2026
Hello!
We would like to announce the OpenSIPS 3.6.6 and 4.0.0-rc1 releases,
which include a significant set of security fixes and related hardening
improvements.
Over the last two weeks, we received and analyzed around 30 security
reports from multiple researchers. This resulted in 24 security-related
commits, 12 security advisories and 6 CVEs assigned for the confirmed
vulnerabilities.
Most of the issues require specific configurations, modules or traffic
scenarios in order to be triggered. However, given the security nature of
these fixes, we strongly recommend upgrading to the latest available
version as soon as possible.
We also published a blog post with more context on this recent wave of
security reports and on how OpenSIPS handles such fixes with priority:
https://blog.opensips.org/2026/05/21/recent-security-fixes-in-opensips/
Full changelogs:
https://opensips.org/pub/opensips/3.6.6/ChangeLog
https://opensips.org/pub/opensips/4.0.0-rc1/ChangeLog
Security advisories:
https://github.com/OpenSIPS/opensips/security/advisories
Packages are/will be available at:
DEBs: https://apt.opensips.org
RPMs: https://yum.opensips.org
We would also like to thank the security researchers who responsibly
reported these issues and helped us improve OpenSIPS.
Please upgrade as soon as possible.
Best regards,
OpenSIPS Team
More information about the Users
mailing list