OpenSIPS 4.0.0-rc2 ChangeLog

Released on June 17, 2026

OpenSIPS 4.0.0-rc2 is a release candidate update for the 4.0 series, focused on security hardening, protocol validation, TCP cleanup and late RC fixes. It also includes the documentation tree move to docs/ and generated Markdown module manuals.

This release includes security fixes for stack/heap buffer overflows and malformed BIN input handling. Upgrade from earlier 4.0 RC builds is strongly recommended.

This changelog summarizes the user-visible changes from 4.0.0-rc1..4.0.0-rc2 and omits generated documentation bulk output where it does not alter runtime behavior.

Security Fixes and Memory Safety

  • Fixed a stack overflow while receiving MI parameters over BIN in clusterer. b879bbe3ea
  • Fixed a stack buffer overflow in the $(cT[*]) pseudo-variable. 99458d6c1d
  • Fixed a heap-buffer-overflow in stir_shaken_disengagement(). e8884da19e
  • Fixed a potential heap/buffer overflow in b2b_sca URI construction when escaping display names. ee9a0baaf5
  • Fixed a shared-memory leak in cfgutils when using re.subst with replacement-side $shv() variables. 03f64d954e

Network and Protocol Handling

  • Validated BIN stream packet lengths before marking packets complete, avoiding repeated dispatch of invalid frames. 5913c99305
  • Fixed TCP connection cleanup in the main process, including failed connection release, private TCP state cleanup and initialized-connection reuse. ec25922a3e 6965b267e6 b11fad8b7e
  • Fixed malformed body generation in msilo for stored messages with non-text/plain content, such as CPIM. b70ffccaed
  • Implemented FAST_LOCK support for aarch64. 65a42d11f9
  • Fixed wolfSSL syntax and older hiredis compatibility issues, and kept cachedb_redis C89-compatible. da3bb84392 2fc7e39af1 fa52bd8911

Registrar and UAC Registrant

  • Fixed SIP Instance formatting according to RFC 5626 by enclosing +sip.instance values in angle brackets. de00824ccb
  • Added GRUU unit tests for ;+sip.instance= handling. fa1d3a9b79
  • Fixed uac_registrant extraction of min-expires from 423 replies. ade15cdc27
  • Stored the configured expires value and reused it for each re-REGISTER, avoiding unwanted decreasing expiration values. 7193d4adbf
  • Honored pn_refresh_timeout while waiting for Push Notification branches. e3a1c2867a

Dialog, B2B and Routing

  • Handled late PRACK received inside an existing conversation. eaf859613a
  • Fixed pua_dialoginfo early-state lifetime handling and cleanup of dangling early branches. 43c43ae426
  • Fixed rewrite_ruri() with RW_RURI_PREFIX and an empty prefix, avoiding malformed URIs. 23e905edff
  • Fixed b2b_entities behavior by avoiding 408 replies on completed transactions. cd473d710a
  • Fixed dialog cleanup and replication statistics transitions for replicated dialogs. fe68e15b06 5d8a230f30
  • Fixed drouting hashing for the carrier sort algorithm. 29058e8fef

Media and RTP Handling

  • Improved rtp_relay reply handling by parsing the reply To header. 57dff88373
  • Clarified rtp_relay peer pseudo-variable scope and fixed peer-leg creation to use the opposite tag in requests. f1adb6ce4a 6c4e49017e
  • Drained RTPProxy timeout notification sockets until empty, preserving partial commands and cleaning up notification connections consistently. a9413f0236
  • Guarded RTPProxy commands against NULL SIP messages. c18fc3d954

Build, CI and Documentation

  • Renamed the documentation tree from doc to docs. 8beb9d0f9e
  • Added generated Markdown module README files and generated manual pages for 4.0. 6109ec4a89
  • Updated rtp.io CI to work with the latest voiptests and publish images to a dedicated GHCR package. c599d3e209 c24722763e
  • Migrated Slack notifications to the official action and inherited the Slack token in reusable workflows. 7b92858b40 28a226f2b6