OpenSIPS 3.6.7 ChangeLog

Released on June 17, 2026

OpenSIPS 3.6.7 is a maintenance release for the 3.6 branch, focused on security fixes, protocol validation, registrar and dialog correctness, RTP handling and build/documentation updates.

This release includes security fixes for stack/heap buffer overflows and malformed BIN input handling. Upgrade from earlier 3.6 releases is strongly recommended.

This changelog summarizes the user-visible changes from 3.6.6..3.6.7 and omits generated documentation bulk output where it does not alter runtime behavior.

Security Fixes and Memory Safety

  • Fixed a stack overflow while receiving MI parameters over BIN in clusterer. d967744fb8
  • Fixed a stack buffer overflow in the $(cT[*]) pseudo-variable. f8935fe12a
  • Fixed a heap-buffer-overflow in stir_shaken_disengagement(). 3925140275
  • Fixed a potential heap/buffer overflow in b2b_sca URI construction when escaping display names. d6a21d5436
  • Fixed a shared-memory leak in cfgutils when using re.subst with replacement-side $shv() variables. 85207da3bb

Protocol and Message Handling

  • Validated BIN stream packet lengths before marking packets complete, avoiding repeated dispatch of invalid frames. 5a91d8ac1d
  • Fixed malformed body generation in msilo for stored messages with non-text/plain content, such as CPIM. 3ec7d0c30e
  • Fixed rewrite_ruri() with RW_RURI_PREFIX and an empty prefix, avoiding malformed URIs. 0430f1d6c3
  • Implemented FAST_LOCK support for aarch64. b3953c20c4
  • Aligned wolfSSL shared-memory allocations in the 3.6 branch. c2a655a27b

Registrar and UAC Registrant

  • Fixed SIP Instance formatting according to RFC 5626 by enclosing +sip.instance values in angle brackets. 04d5367ab4
  • Added GRUU unit tests for ;+sip.instance= handling. 1703868201
  • Fixed uac_registrant extraction of min-expires from 423 replies. 457f09d0ea
  • Stored the configured expires value and reused it for each re-REGISTER, avoiding unwanted decreasing expiration values. 2d8f046871
  • Honored pn_refresh_timeout while waiting for Push Notification branches. 5dbbd997f7

Dialog, B2B and Routing

  • Handled late PRACK received inside an existing conversation. 382d02be28
  • Fixed pua_dialoginfo early-state lifetime handling and cleanup of dangling early branches, including a 3.6 backport syntax fix. 3489076916 b17f7fda5f
  • Fixed b2b_entities behavior by avoiding 408 replies on completed transactions. 4f6c86c0ef
  • Fixed dialog cleanup and replication statistics transitions for replicated dialogs. b596d3faf5 d6427ec4bc
  • Fixed drouting hashing for the carrier sort algorithm. b10c6af6c8

Media and RTP Handling

  • Improved rtp_relay reply handling by parsing the reply To header. 584f826db1
  • Clarified rtp_relay peer pseudo-variable scope and fixed peer-leg creation to use the opposite tag in requests. 0a078e4a0a 5cce875c73
  • Drained RTPProxy timeout notification sockets until empty, preserving partial commands and cleaning up notification connections consistently. 1dc7d08617
  • Guarded RTPProxy commands against NULL SIP messages. 1dffc0d4b0

Build, CI and Documentation

  • Renamed the documentation tree from doc to docs. ec25c321d0
  • Added generated Markdown module README files and generated manual pages for 3.6. 0fa1146886
  • Migrated Slack notifications to the official action and inherited the Slack token in reusable workflows. dc328f2c9b f372f2f209