OpenSIPS 3.6.6 ChangeLog

Released on May 20, 2026

OpenSIPS 3.6.6 is a security maintenance release for the 3.6 branch, collecting bounds-checking, malformed-input handling and buffer-safety fixes across the core parser, protocol modules and several application modules.

This release is security-focused and is recommended for all 3.6 deployments.

This changelog summarizes the user-visible changes from 3.6.5..3.6.6 and omits generated documentation rebuilds, version bumps and release mechanics.

Security Hardening and Input Bounds

  • Added broad bounds checks for input-derived lengths in core and parser paths, including base64 transformation output sizing, multipart body delimiter parsing, TCP Content-Length arithmetic, SIP-to-JSON header names and URI construction. 4d23613b65
  • Fixed SIP compression buffer accounting so preserved headers are rebuilt from the same normalized fields used during size calculation, avoiding overflow on headers with extra whitespace. 784938e42c
  • Fixed decompression bounds checks in the compression module. b23299a835
  • Bound the parsed SDP line count and rejected malformed SDP bandwidth lines before they can trigger unsafe parsing behavior. 245c8ad107 8fe74b01f6
  • Fixed cachedb contact matching in usrloc by using the correct match key size, and fixed a possible shared-memory leak in usrloc clustering. aa3b1bec04 da22f8d15c

Protocol Modules

  • Hardened SMPP string handling and bounded attacker-controlled sm_length values before GSM7/UCS2 decoding, fixing overflows reachable from malicious SMSC peers. dc241fb006 d8b5c5d6ca
  • Validated HEPv3 packet and chunk lengths and rejected HEPv3 frames without payload before callbacks or SIP parsing consume invalid payload state. 11a09c71f5 789281285a
  • Validated received BIN packet bounds and cleaned up packet-size logging/portable size printing. 33f4682915 6542037c93 d4d7e2a937
  • Validated resolved address families in jabber and xmpp before using resolved targets. 9f988787d4 d1590b0dd4
  • Fixed an out-of-bounds access in pi_http POST argument handling. ba31dfae3c

Presence, IMC and Messaging

  • Fixed a presence winfo XML overflow on long URIs. c5970d3ee2
  • Made presence parsing robust when Content-Type is missing, and ensured type/subtype checks happen after parsing. de5071a480 ec38f4f01f
  • Fixed IMC member-list buffer overflow by building replies into exact-sized buffers and rejecting oversized unknown-command replies. 2fae6df7b8 303fb58a61 1237093899

Routing and Dialog Modules

  • Dynamically grows temporary GRUU reply buffers in registrar instead of relying on fixed-size assumptions. 85da0c33a1
  • Bounded accounting AVP collection in aaa_diameter and topology packet counts in clusterer. 570076257e 83c02c65d4
  • Stopped oversized Replaces rewriting in b2b_logic and bounded generated RAck headers in b2b_entities. 8fe61f9a93 e7a0377d17
  • Bounded encoded Contact handling in topology_hiding and maddr URI construction in rr. 9148a16f6b 11ab0a0953
  • Fixed rtpengine pvar reset behavior, IPv6 destination handling and enforced-server loop avoidance. 520c36ab53 0d015c4759 c0197e4010

Runtime, Portability and Build Fixes

  • Fixed 32-bit architecture format-specifier warnings using portable C99 format specifiers and related inttypes updates. 1e0b8714ce e8fd9862f5
  • Limited -Wno-atomic-alignment usage to clang builds. af97ed5d75
  • Fixed the httpd return value and removed deprecated XML memory-dump calls from presence code. 72a9d6bbcc 14fd58cf5f
  • Updated GitHub Actions versions and fixed a missing cgrates module-parameter dependency terminator. 88b534330e bfcdd43eab