OpenSIPS 3.4.18 ChangeLog

Released on May 6, 2026

OpenSIPS 3.4.18 is a maintenance release for the 3.4 branch, collecting stability, interoperability, packaging and build-system fixes since 3.4.17.

This changelog summarizes the user-visible changes and omits generated documentation rebuilds, version bumps and other release mechanics.

Core, TCP and Transaction Handling

  • Fixed a file descriptor leak in reactor_proc_add_fd() which could lead to "too many open files" failures, especially in rtpproxy notification timeout scenarios. 6e1ed478e
  • Fixed a potential TCP buffer overflow by rejecting Content-Length values larger than the input read buffer. The same protection was added to the WebSocket handshake helpers used by proto_ws and proto_wss. 314581187
  • Fixed tm behavior after chained async() resumes, where $rd could be reverted incorrectly after returning from async processing. c546b2536

TLS

  • Fixed an OpenSSL per-thread state double-free across fork(). OpenSIPS now clears OpenSSL thread-local state before forking, so child processes do not inherit stale OpenSSL ERR/DRBG state from the parent. b1e34a27b
  • Fixed TLS client authentication handling so that a client certificate is not required unless the TLS domain configuration explicitly asks for it. This affects both OpenSSL and wolfSSL TLS backends through tls_mgm. 0b482b86b
  • Adjusted tls_wolfssl packaging/build handling so wolfSSL flags can be provided externally. 1f62bb716

Registrar, mid_registrar and Push Notification Support

  • Added the allow_dup_cseq option to registrar and mid_registrar. When enabled, it allows accepting same Call-ID REGISTER requests with an equal CSeq, useful for deployments which need interoperability with such endpoints while keeping the previous strict behavior as the default. 9d14556ec
  • Fixed Push Notification assisted call handling so that both PN and non-PN branches, plus branches previously added with append_branch(), are included in the t_wait_for_new_branches() wait count. This prevents the caller-side transaction from ending before a PN-triggered branch has a chance to wake the callee and connect the call. 958cfe172 c82dcbe27
  • Improved the default timeout used for failed PN-assisted calls, avoiding unnecessarily long stalled INVITEs when a call is rejected while waiting for new branches. 958cfe172
  • Improved registrar error reporting around lookup and branch handling. 8aa0ba413
  • Fixed mid_registrar memory management around max_contacts trimming, avoiding use-after-free cases while iterating and trimming contacts. A related rare usrloc memory leak edge case was fixed as well. bbc7b7486

B2B and Media Handling

  • Fixed b2b_logic bridge cleanup when a transfer fails, ensuring the bridge initiator state is turned off correctly. 5993a1f9b
  • Fixed b2b_entities state tracking by updating last_method before forwarding the request. 92fdbed2a
  • Demoted a b2b_entities log message from error to debug level where the condition is expected and not an actual runtime failure. 0218c54f9
  • Fixed a NULL dereference in rtpengine event generation when cJSON_PrintUnformatted() fails due to allocation failure. 1ec9abcaa
  • Fixed rtp_relay so in-dialog RTP handling is not run for non-SDP requests. 4e18e7920

Database and Cache Backends

  • Fixed db_mysql recovery when MySQL returns ER_UNKNOWN_STMT_HANDLER (1243). This can happen when a backend such as AWS Aurora preserves the TCP connection while dropping server-side prepared statement state during a live upgrade. OpenSIPS now reconnects and re-prepares instead of failing the query. 954ca72bb
  • Fixed db_sqlite return codes so sql_cacher can load tables correctly through the db_sqlite query API. a13d98a48
  • Improved db_sqlite prepared statement error handling, avoiding dangling prepared-statement pointers and leaks on NULL result paths. cab2968d7
  • Fixed cachedb_redis initialization when redisConnect() returns NULL. 5d8038795
  • Fixed cachedb_cassandra and cachedb_memcached NULL dereferences on allocation failure while creating backend client objects. d133b7aed 891ebc9a5

Protocol and Application Modules

  • Fixed jsonrpc NULL dereferences when cJSON_Print() fails and fixed a leaked parsed cJSON object in jsonrpc_handle_cmd(). 6f712264d
  • Fixed sip_i to use the correct ISUP message type for 200 OK replies to INVITE requests. bfff51448
  • Fixed dialplan substitution output-vector copying. 82ef55ccd
  • Added PCRE2 support for dialplan and regex while keeping PCRE3 compatibility where applicable, including compile-context handling and build-system detection fixes. 39eb7b260 0135ffb87 c108bdc3b 96ac94c82 22ddc7e6a a777c61c8 374327fb0 ae16f6819

Build and Packaging

  • Improved Debian 13 compatibility for the python module and packaging, where the unversioned python binary is no longer provided by default. e502f581c ce9dbe41b
  • Adjusted Debian build dependencies around libcurl OpenSSL/GnuTLS variants, librdkafka and Python development packages. 1c34e2369 62e2975c9 fe2921323 ca951da32
  • Fixed RedHat/Fedora packaging around PCRE development package names and a regression introduced by the stable-branch PCRE dependency changes. e15cde507 617a05d19
  • Fixed packaging file matching for editor swap files, relaxed wolfSSL packaging errors where needed and corrected an OS-check merge issue in the build scripts. b39bf1192 2c0457bc4 7b3052b03
  • Made the Makefile logic more robust by avoiding failing $(shell ...) expansions in build probes. ed13171e7
  • Removed obsolete LGTM badges from README.md. 2b0e36104