Kazoo v4.3.124

Version Release Notes from October 13, 2020 (over 3 years ago)

« Changelog History

Kazoo v4.3.124 Release Notes

Release Date: 2020-10-13 // over 3 years ago

🔄 Changes for 4.3.124

🔄 Changes to branch 4.3 after version 4.3.123.

Commits
HELP-17551: allow disabling voicemail callback - by James Aimonetti

Prior to this change, an malicious caller could leave a voicemail with

a bogus Caller ID number (typically an international number for

fraud) to a compromised voicemail box. Calling back into the voicemail

box, the malicious caller could select the callback option and place a

call to the fraudulent number.

If the account or owner of the voicemail box allowed international

calling, the fraud would progress.

This PR introduces two toggles to give system administrators more

control over callback functionality.

The first global config should_disable_callback can toggle whether

to allow the caller to select the callback option in general. If set

to true, the callback feature will be disable cluster-wide.

The second global config should_disable_offnet_callback requires the

caller to be using an authorized device. If set to true, the caller

must place the call from a device known to the account (authorizing_id

must be present).

Presumably, if the malicious caller has compromised SIP credentials,

they can place the fraudulent calls directly without the voicemail

callback. It is recommended to at least toggle

should_disable_offnet_callback to true.

Awesome Self Hosted is part of the LibHunt network. Terms. Privacy Policy.