Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Internal_display_only |
---|
CSS Stylesheet |
---|
h1, h2, {font-size: 18pt !important;} h3 {font-size: 14pt !important;} h4 {font-size: 12pt !important;} |
Panel | ||||
---|---|---|---|---|
|
This release note describes new features, the latest hardware and software requirements, known limitations and other pertinent release information for the latest release of SBC Core.
Info |
---|
Please note that all Ribbon bugs reported by customers on a given software release will be fixed in the latest release on that software release branch. To view and download the latest End of Product Sale (EoPS) and other End Of Life (EOL) notices, navigate to the Resource Library on the corporate website (https://ribboncommunications.com/company/get-help/resource-library). |
Ribbon Release Notes are protected under the copyright laws of the United States of America. This work contains proprietary information of Ribbon Communications, Plano, TX 75023, USA. Use, disclosure, or reproduction in any form is strictly prohibited without prior authorization from Ribbon Communications.
Anchor | ||||
---|---|---|---|---|
|
The following Ribbon announcements (formerly known as WBAs) are referenced in this release note:
Bulletin ID | Description | Fixed In Release |
---|---|---|
Warning-14-00020748 | Verify system and databases are fully in sync prior to Live Software Upgrade (LSWU). Applies to all SBC platforms (HW, SWe, Cloud) except the SBCs deployed in a Distributed SBC (D-SBC) architecture. | N/A |
Warning-21-00029972 | The SBC upgrade may truncate the SQL configuration database due to too many historical alarms. | N/A |
Tip | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
For problems or questions, contact the Global Support Assistance Center:
Ribbon Support Portal: https://ribboncommunications.com/services/ribbon-support-portal
Voice: +1-833-RIBBON1 (1-833-742-2661)
Pagebreak |
---|
The SBC Core platforms address the next-generation needs of SIP communications by delivering media transcoding, robust security and advanced call routing in a high-performance, 2RU, and 5RU form-factor devices enabling service providers and enterprises to quickly and securely enhance their network by implementing services like SIP trunking, secure Unified Communications and Voice over IP (VoIP).
For more product information, refer to the section About SBC Core in the main documentation space.
When using H.323-SIP and SIP-H.323 call flows, an additional Re-invite/Update may get generated towards the SIP side. To suppress this, enable the IP Signaling Profile (IPSP) flag Minimize Relaying Of Media Changes From Other Call Leg
at the SIP side.
Info | ||
---|---|---|
| ||
H.323 is not supported on SBC SWe cloud deployments. |
Tip | ||
---|---|---|
| ||
When upgrading your network, ensure to upgrade each product to the most current release to take advantage of the latest features, enhancements, and fixes. |
Info | ||
---|---|---|
| ||
For complete interoperability details between various Ribbon products, including backwards compatibility, refer to Ribbon Product Interoperability. |
Refer to the SBC Core Portfolio Interoperability Matrix for the latest and minimum compatible product versions supporting this release.
There are no new features in this release.
To view features in previous releases, refer to the following release notes:
Pagebreak |
---|
To instantiate the SBC instances, the following templates can be used:
Div | ||||||||
---|---|---|---|---|---|---|---|---|
SBC Heat Templates
|
Info | ||
---|---|---|
| ||
Example template files are packaged together in .tar.gz and .sha256 files separate from the SBC Core application installation and upgrade files:
|
The system hosting the SBC SWe Cloud must meet the following requirements.
Expand | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||
OpenStack Hardware
OpenStack Software
S-SBC
M-SBC
OAM Node
I-SBC
|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
KVM/RHV Hardware
KVM/RHV Software
|
Pagebreak |
---|
Expand | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
VMware Hardware
VMware Software
|
The following tarball file is required to use the Infrastucture as Code IaC environment to deploy SWe N:1 deployments on VMware:
The environment in which you place and expand the IaC tarball must include:
For more information on IaC, refer to Using the Ribbon IaC Environment to Deploy SBC SWe on VMware.
Pagebreak |
---|
The following SBC 5400 and SBC 7000 software and firmware versions are required for this release. For 5xx0, the BIOS is installed during application installation; whereas, for 5400 and 7000, the BMC/BIOS is included in the firmware package and installed during the firmware upgrade.
Div | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Required Software and Firmware Versions
|
Info | ||
---|---|---|
| ||
The firmware package of SBC 5400 and 7000 includes BMC, BIOS, and other binaries. The firmware is upgraded from the BMC. |
Pagebreak |
---|
Use the EMA to verify the currently installed software and firmware versions.
Log on to the EMA, and from the main screen navigate to Monitoring > Dashboard > System and Software Info.
The following software release bundles are available for download from the Customer Portal:
Download the appropriate software packages for your desired configuration from the Customer Portal (https://ribboncommunications.com/services/ribbon-support-portal-login) to your PC.
Include Page | ||||
---|---|---|---|---|
|
firmware-5XX0-V03.23.00-R000.img
firmware-5XX0-V03.23.00-R000.img.md5
bmc5X00_v3.23.0-R0.rom.md5sum
bmc5X00_v3.23.0-R0.rom
Info | ||
---|---|---|
| ||
Perform the Method Of Procedure (MOP) only for upgrading the FPGA image of an SBC 7000 DSP-LC card when the SBC 7000 DSP-LC FPGA version is 0x14. The MOP can be applied at any version time, with the only restriction being that the BMC firmware version is at least 1.25.0. However, if the SBC application is running version V05.01.00R000 or higher, then the DSPs will be set to disabled and transcoding and transrating calls will fail if the SBC 7000 DSP-LC FPGA version is 0x14. Therefore, it is necessary to upgrade the SBC 7000 DSP-LC FPGA if the version is 0x14, before upgrading the SBC to 5.1.0. However, the MOP can be applied if the application version is higher than 5.1.0. Click Here to view the 550-06210_DSP-LC_FPGA_Upgrade_MOP. |
The ConnexIP Operating System installation package for SBC Core:
Info | ||
---|---|---|
| ||
Once the ConnexIP ISO procedure is completed, the SBC application package is automatically uploaded to SBC platforms. |
Info | ||
---|---|---|
| ||
Release 9.2 includes a new set of OS security patches, and also a new version of confD. Release 9.2.1 includes a new set of OS security patches including the fix for CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit). |
Anchor | ||||
---|---|---|---|---|
|
The SBC Core application installation and upgrade package includes the files:
sbc-V09.02.05R009-connexip-os_08.02.04-R003_994_amd64.qcow2
sbc-V09.02.05R009-connexip-os_08.02.04-R003_994_amd64.qcow2.sha256
sbc-V09.02.05-R009.x86_64.tar.gz
sbc-V09.02.05-R009.x86_64.md5
For detailed information on installation and upgrade procedures, refer to SBC Core Software Installation and Upgrade Guide.
Excerpt Include | ||||||
---|---|---|---|---|---|---|
|
Snapshot name: /subscriptions/1c125f94-dd63-4190-97e3-2c353ca68b96/resourceGroups/SBC-Core-Images-RG/providers/Microsoft.Compute/snapshots/release-sbc-v09-02-05r009-08-02-23-18-42.snap
AMI_ID: ami-01de812bd340d8341
ROHOS is the hardened and tested Host OS that Ribbon provides for qualified servers. ROHOS is the operating system component of Ribbon "whole-box" offerings containing the server hardware, solution software, and operating system.
The latest version of ROHOS is Version 02.04.01
These files are for SBC SWe deployments in the OpenStack cloud using VNFM.
For VNFM deployment, the VNF Descriptor (VNFD) file is provided in a Cloud Service Archive (CSAR) package for the type of SBC cluster being deploying. VNFs are independent and CSAR definitions are imported into the VNFM via an Onboarding mechanism. There is a procedure for producing the required CSAR variant, for different personalities (S-SBC, M-SBC), different interface types (virtio, sriov).
Files required for CSAR creation:
For detailed information on installation and upgrade procedures, refer to SBC Core Software Installation and Upgrade Guide.
For details on CSAR creation, refer to Creating a CSAR Package File.
Pagebreak |
---|
Anchor | ||||
---|---|---|---|---|
|
Warning | ||
---|---|---|
| ||
Using older versions of ESXi can trigger a VM instance shutdown. To prevent this from occurring, you must upgrade the VMware ESXi -- refer to the End of General Support column on https://lifecycle.vmware.com/#/ for supported versions. |
Warning | ||
---|---|---|
| ||
A LSWU on an SBC 7000 should only be performed when the total number of active calls on the system is below 18,000. If the criteria is not met, a double failure during the upgrade may occur, thereby losing all active calls. If such a failure occurs, both active and standby SBC services will go down. Contact Ribbon Support immediately. |
Warning | ||
---|---|---|
| ||
Customers upgrading from 9.2.2R1 using VMware or KVM need to run the following command as root user on both the active and standby instances: touch /opt/sonus/conf/swe/capacityEstimates/.indexMarker This is not required for upgrades from earlier releases. |
Info | ||
---|---|---|
| ||
Once the installation or upgrade completes on the SBC SWe platform, the copy of the installation package (SBC Core Installation and Upgrade Package) is automatically removed from the system. |
Info | ||
---|---|---|
| ||
Release 9.2 and later requires additional user account security practices for SBC SWe deployments in Openstack cloud environments. During upgrade of SBC SWe cloud instances deployed using Heat templates, you must use a template that includes SSH keys or passwords for the admin and linuxadmin accounts. The example Heat templates have been updated to include information on how to specify this type of data in the userdata section of a template. |
Info | ||
---|---|---|
| ||
In order to take advantage of performance improvements due to hyper-threading refer to the following MOP to increase the number of vCPUs prior to SBC SWe (KVM Hypervisor or VMware) upgrades from pre-07.01.00R000 release to 07.01.00R000 or higher. |
Info | ||
---|---|---|
| ||
The number of rules across SMM profiles in a system is limited to 10000, and the number of actions across profiles in a system is limited to 50000. Ensure the above conditions are met before LSWU. |
Info | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
In NFV environments, the method used for upgrades involves rebuilding the instance, which requires additional disk space on the host. The minimum disk space needed for this operation is listed in the table below. Disk Space Requirements
|
Pagebreak |
---|
Info | ||
---|---|---|
| ||
SWe SBC software enforces I-SBC instances to run only with a single vNUMA node in order to achieve deterministic performance. SWe SBC VM having >8 vCPUs hosted on dual-socket physical server with VMware ESXi software needs to follow the steps below to correct vNUMA topology before upgrading to latest SWe SBC software:
If any of the above settings requires modification, follow the steps below on SWe SBC HA system:
numa.autosize.once = FALSE numa.nodeAffinity’ = 0 or 1 (based on PKT port NIC affinity) On ESXi 6.5 and above releases, vSphere web client can be used to add above rows under Edit settings > VM options > configuration parameters > add parameters; On ESXi 6.0 and below releases, it can be added under Edit > Advanced > general > configuration parameters > add rows using vSphere client.
For more information, refer to: |
Info | ||
---|---|---|
| ||
Before beginning the upgrade on a SBC running code prior to 8.2R0, the following commands on all the DNS Groups needs to be issued if “ednsSupport” is enabled. Failure statistics are not being mirrored correctly, and the LSWU state may stay in “syncing” if the “ednsFailures “ count is non-zero.
admin@PLUM> request addressContext default dnsGroup DnsGrp dnsServerReset { ipAddress 10.xx.xx.xx; queries 0; timeouts 0; errors 0; referrals 0; totalTcpConnection 0; tcpConnectionFailed 0; tcpConnectionSuccess 0; tcpConnectiontorndown 0; tcpFallback 0; ednsStatus supported; ednsFailures 0; } [ok][2020-11-06 04:08:22] 2. Disable the ednsSupport to stop mirroring of the statistics if the error count is constantly incrementing or likely to increase during the upgrade. set addressContext default dnsGroup DnsGrp ednsSupport disabled Note: The ednsServer stats will be lost/reset during the upgrade. |
Info | ||
---|---|---|
| ||
If the TRF/MRB Features are configured and enabled – some calls are unable to be cleared post upgrade if using the TRF/MRB attributes. The upgrade is successful and calls continue but some calls may fail to clean up release post upgrade. Session KeepAlive and RTP Inactivity functions will clean any stale calls. Enable the sessionKeepalive or rtpInactivity monitoring to ensure that mirrored calls are cleaned up post upgrade. set addressContext default zone ZONE_AS sipTrunkGroup TG_AS_SIPP signaling timers sessionKeepalive <value> OR set system media mediaPeerInactivity <value> set profiles media packetServiceProfile DEFAULT peerAbsenceAction peerAbsenceTrapAndDisconnect |
Info | ||
---|---|---|
| ||
Upgrade from a pre 8.2 release with globalization support for registration enabled will see a registration drop during an upgrade. If the following localNumberSupport is enabled, those registrations will be dropped after first switchover during LSWU. % set addressContext <name> zone <name> sipTrunkGroup <name> signaling localNumberSupport <disabled | enabled> |
Warning | ||||||
---|---|---|---|---|---|---|
| ||||||
The following names are not allowed: tty disk kmem dialout fax voice cdrom floppy tape sudo audio dip src utmp video sasl plugdev staff users nogroup i2c dba operator Note: Any CLI usernames consisting of digits only or not conforming to new user naming rules will be removed after performing a restore config. |
Pagebreak |
---|
CPU resource allocation requirements for SBC SWe VM are strictly enforced. You must review and verify these VM settings (including co-hosted VMs) against the documented "VM Configuration Recommendations" on the For VMware page in the Hardware and Software Requirements section before upgrading.
If you encounter a problem, correct the CPU reservation settings as specified in step 6 of the "Adjust Resource Allocations" procedure on Creating a New SBC SWe VM Instance with VMXNET3:
Multiexcerpt include | ||||
---|---|---|---|---|
|
If the VM uses the same number of vCPUs as the number of physical processors on the server, this reservation may not be possible. In this case, reduce the number of vCPUs assigned to VM by one and set the CPU reservation to the appropriate value.
When using the show table system serverSoftwareUpgradeStatus
command during the upgrade, the Standby server's LSWU status will always display "Upgrading" even though the upgrade may have failed due to host checker validation. To check if host validation failed for the Standby, check for HostCheck Validation Failed message in the upgrade.out
log.
As a prerequisite for SWe LSWU/upgrade, disable the Call Trace feature prior to performing the LSWU/upgrade and re-enable it once the LSWU/upgrade is completed.
Pagebreak |
---|
Perform the following procedure on the Standby to check for the Hostcheck Validation Failed message in the upgrade.out
log.
/opt/sonus/staging/upgrade.out
(this log shows the Hostcheck Validation Failed error).show table system serverSoftwareUpgradeStatus
to confirm the successful upgrade.Info | ||
---|---|---|
| ||
As of release 9.2.0R1, the Platform Manager (PM) runs an LSWU infrastructure, providing the ability to perform LSWU upgrades to later releases using the PM. However, this feature is not currently supported in 4.2.x releases and should not be used at this time. |
Warning | ||
---|---|---|
| ||
Operators who are using the SBC to interoperate with MS Teams need to review and compare their configuration against the latest configuration guide, especially the SMM, as it might result in call failures after upgrade if the older SMM is left in place. For more information, refer to SBC 9.2 - MS Teams Solution Guide. |
Pagebreak |
---|
Note | ||
---|---|---|
| ||
This release includes all bug fixes implemented in the releases which are documented in the Supported Upgrade Paths table of this release note. To view bug fixes in previous releases, refer to the release note(s) of interest from the SBC 5xx0-7000-SWe Documentation Home page. |
Info | ||
---|---|---|
| ||
The 7.x and 8.x software is EOSL as of Q3 2022. |
The SBC Core supports Live Software Upgrade from releases listed in the table below:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Supported Upgrade Paths
|
Pagebreak |
---|
The following security vulnerabilities were resolved in V09.02.05R000 with an OS patch update as of 8/12/2022:
CVE ID | Severity | Description |
---|---|---|
CVE-2017-12562 | Critical | Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
CVE-2021-39713 | Critical | Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel |
CVE-2022-29155 | Critical | In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. |
CVE-2022-1292 | Critical | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). |
CVE-2022-1664 | Critical | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. |
CVE-2022-1968 | High | Use After Free in GitHub repository vim/vim prior to 8.2. |
CVE-2022-23038 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2022-0413 | High | Use After Free in GitHub repository vim/vim prior to 8.2. |
CVE-2019-2201 | High | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. Th is could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is n eeded for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338 |
CVE-2022-0417 | High | Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. |
CVE-2022-1621 | High | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution |
CVE-2021-4156 | High | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted fi le (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-o f-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploita tion of other flaws. |
CVE-2021-23177 | High | An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the li nk. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A loc al attacker may use this flaw to change the ACL of a file on the system and gain more privileges. |
CVE-2022-1898 | High | Use After Free in GitHub repository vim/vim prior to 8.2. |
CVE-2022-23039 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2022-0443 | High | Use After Free in GitHub repository vim/vim prior to 8.2. |
CVE-2021-27219 | High | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bi t platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. |
CVE-2022-0351 | High | Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. |
CVE-2020-1712 | High | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and el evate their privileges, by sending specially crafted dbus messages. |
CVE-2021-26720 | High | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allo ws a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. |
CVE-2022-1720 | High | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing t he software, memory modification, and possible remote execution. |
CVE-2021-3903 | High | vim is vulnerable to Heap-based Buffer Overflow |
CVE-2017-16932 | High | parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. |
CVE-2022-23040 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2022-23041 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2022-23042 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2022-1851 | High | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0572 | High | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-23037 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2021-27218 | High | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4G B or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
CVE-2022-0943 | High | Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. |
CVE-2022-2126 | High | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
CVE-2022-24958 | High | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
CVE-2022-23036 | High | Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains wh ich aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removi ng access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malici ous backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will alw ays succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend ca n keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus drive r has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-230 36 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, us bfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep a ccess to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG _ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
CVE-2022-2124 | High | Buffer Over-read in GitHub repository vim/vim prior to 8.2. |
CVE-2022-21476 | High | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported vers ions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22. 0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical dat a or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidenti ality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
CVE-2017-5130 | High | An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. |
CVE-2021-31566 | High | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flag s of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when tryi ng to extract the archive. A local attacker may use this flaw to gain more privileges in a system. |
CVE-2022-1616 | High | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, By pass Protection Mechanism, Modify Memory, and possible remote execution |
CVE-2022-0261 | High | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-23308 | High | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
CVE-2022-27223 | High | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. |
CVE-2022-1154 | High | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. |
CVE-2022-1619 | High | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are cap able of crashing software, modify memory, and possible remote execution |
CVE-2022-21426 | Medium | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
CVE-2022-29824 | Medium | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. |
CVE-2022-21496 | Medium | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). |
CVE-2018-1108 | Medium | kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. |
CVE-2019-19221 | Medium | In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. |
CVE-2021-4149 | Medium | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. |
CVE-2022-26691 | Medium | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
CVE-2017-5969 | Medium | ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." |
CVE-2022-21434 | Medium | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). |
CVE-2021-28153 | Medium | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) |
CVE-2016-9318 | Medium | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. |
CVE-2021-3468 | Medium | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. |
CVE-2022-26966 | Medium | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. |
CVE-2022-21443 | Low | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
To view security vulnerabilities in previous releases, refer to the following release notes:
Pagebreak |
---|
Include Page ALLDOC:_RN Resolved Issues note ALLDOC:_RN Resolved Issues note
The following issue is resolved in this release:
Div | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
|
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||
|
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||
|
Pagebreak |
---|
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||
|
Pagebreak |
---|
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||
|
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-122915 | SBX-122469 (10.1.3) | 1 | An EG UAT SWe SBC switchover occurs when SRTP and SRTCP calls are made. Impact: SWe_NP process cores and a switchover occurs when the SBC processes certain types of malformed RTCP packets for SDES CNAME replacement with RTCP passthrough. Root Cause: A defect in the RTCP SDES parsing code resulted in memory corruption. Steps to Replicate:
| The code is modified to alter the RTCP SDES CNAME replacement code in order to correct (if possible) or drop various types of malformed RTCP packets. Workaround: Disable CNAME replacement and ssrcRandomizeForSrtp features in PSP (if possible). |
SBX-120982 | N/A | 1 | An SCM process core occurred on the Server. Impact:An SCM process cores due to a double free of an internal structure. Root Cause: An SCM cores due to a double free of an internal structure. The structure is in an array of these structures. The array is a fixed size. When attempting to add a new entry to this array, we consolidate the array by removing some of the free entries. In the unlikely event that all of the array entries are in use, we remove the oldest entry and consolidate the array by moving the other entries up. There is a bug in this consolidation code that causes a double free when the entire array is later freed. Steps to Replicate: The steps are not reproducible. | The code is modified to clear out the pointers in an array entry after it moves up to the previous entry during consolidation. This ensures that there are no leftover/stale pointers that might cause a double free. Workaround: None.. |
SBX-122577 | N/A | 1 | A core dump occurs on a customer SBC with a processAbnormalTermination. Impact: The CPX cores when deleting a CDR server. Root Cause: The code was missing a check for element type when processing a deletion in the CDR server. Steps to Replicate: The steps are not reproducible. | The code is modified so the element type is processed before deleting. Workaround: None. |
SBX-123455 | SBX-122225 (10.1.4) | 1 | Call trace status getting enabled after a switchover using the EMA. Impact: Call Trace staying enabled in new active node when switching over, when disabled on the current active. Root Cause: No notifications were getting sent to the standby SBC after issuing a stop command. Steps to Replicate:
Test Result: The call trace state is disabled on the new active. | The code is modified so the correct notification is sent to update the standby node when Call Trace is being disabled. Workaround: Without the fix, the workaround is to disable call trace using new active node's EMA or CLI on, if it is enabled after switchover. |
SBX-122331 | N/A | 1 | A customer SBC switchover occurred due to an SCM core. Impact: The SCM cores when processing a call that is using SIP Recording. Root Cause: The code is attempting to access a SIP Recorder call block that is already freed. This occurs because of an edge case call scenario where the call block is freed. Steps to Replicate: This bug was found using the back-trace and through code inspection. The core is happening after the call block gets freed. Attempts to recreate the issue are unsuccessful. | The code is modified to always remove the SIP Recorder call block from the hash table before freeing the call block. Workaround: None. |
SBX-120218 | N/A | 1 | The SBC is slow to relay the first register. Impact: PES process is slow to process a D+ request when no call notification group attached to TG. Root Cause: While processing the call notification criteria matching, PES processes all the required strings from called and calling number and then it used to check if there is a call notification group attached to the TG. This is done for each and every route. This process previously took up the processing time when there is no call notification group is attached. Steps to Replicate: Make a basic call and find the difference between the start and end time of PES processing the call. Performance related - may only see difference under a load. | The code is modified to check if the call notification criteria is attached to the TG, and then only process the rest of the required strings. Workaround: None. |
SBX-122865 | SBX-122304 (10.1.4) | 1 | The standby M-SBC did not take over when the active SBC rebooted in an N:1 cluster. Impact: Switchover did not occur after the SWENP process crashed due to a race condition. Root Cause: Infrequently, a switchover event may not be sent to the standby in specific case of SWENP process crash on an active SBC. Steps to Replicate: The steps are not reproducible. | The code is modified to ensure a switchover event is sent and processed by standby on SWENP crash and other switchover scenarios. Workaround: None. |
SBX-123175 | N/A | 1 | In the 925R4, a few calls fail with "NrmaAllocResCmd: paramInsert failed" error Impact: Multi-streams call with large SDP (due to crypto and other attributes) fails if DM and DTLS enabled at the SBC. Root Cause: Interprocess communication buffer requirements for multi-stream call is higher compared to other call flows. However, at present, higher buffer is allocated only if number of streams in call is six. Since the number of streams is not six, higher buffer is not allocated resulting in failure. Steps to Replicate: Enable SRTP/DTLS/DM at the SBC. To re-create the issue: UAC sends INVITE to the SBC with 5 streams (mix of audio/video/application) with crypto and other attributes. Expected Result: The call is accepted by the SBC and succeeds. Actual Result: The call is rejected by the SBC. | The code is modified to allocate a higher buffer if the call involves four or more streams. Workaround: None. |
SBX-122403 | N/A | 1 | SWE PAID and FROM translation tables not working post 9.2.4R2 upgrade Impact: The SWE PAID and FROM number translation criteria (cpe type: tgWithCallingNumber) are failing to match after an upgrade or restoration of the backup. Root Cause: When the backup is restored, the info table of tollfree prefix info is not populated properly with the length of the calling number (call processing element type 3). It is getting populated with the length of the trunk group (call processing element type 1). In call processing, when trying to find the record of the trunk group with the calling number, the SBC uses the length of the calling number and not the length of the Trunk group. The same series of events occurs in the upgrade scenario, so the customer encountered this issue post upgrade. Steps to Replicate:
| The code is modified to populate the toll-free prefix info table properly for restore and upgrade cases. Workaround: None. |
SBX-123081 | N/A | 1 | The SBC cores after upgrade to v09.02.05R003 Impact: The SBC PRS Process cores with NP indicating multiple cores failing. Memory dump analysis shows problem in the RFC2833 DTMF digit detection area of the code. Root Cause: The problem happens when an ICE/DTLS call is established followed by the endpoint sending RFC2833 DTMF digit packets and with DTMF Trigger Profile is enabled. A pointer to store the digit detected in memory is getting reset to zero after the ICE/DTLS call is established. Steps to Replicate:
| The code is modified to set the pointer to store digits detected properly after the ICE/DTLS call is established. Workaround: Disable DTMF Trigger Profile. |
SBX-123245 | N/A | 1 | The SCM Process cores and switched over Impact: Direct Media with multiple audio and ICE call may cause the SBC to core. Root Cause: When receiving multiple audios with ICEs, Ingress is passing only one ICE info of active stream to egress. When the egress leg tries to retrieve the ICE info, it expected to receive two ICE info for two streams. As a result, it reads garbage data which may cause the SBC core. Steps to Replicate:
| The code is modified to correct the logic on the ingress leg that passes all ICE info for each stream to the egress leg. Workaround: Disable ICE. |
SBX-123720 | N/A | 1 | No Beep Tone issue Impact: The egress endpoint did not hear a Beep Tone from ingress. Root Cause: When the ingress leg switched to tone player to play beep tone, the resource chain was rebuilt and NAPT learning was restarted on egress leg with RTP flow mode = rcv-only. Hence, no RTP packets are sent to the egress endpoint. Steps to Replicate:
| The code is modified to set RTP flow mode to duplex, if the SBC already learns the remote IP address, when enabling NAPT re-learning process. Workaround: None. |
SBX-123628 | N/A | 1 | Transparency profile causes a core dump SBC-GW-GW-SBC Impact: SCM may core during a GW-GW call while transparently forwarding P-Sig-Info header:
Root Cause: The core occurs because the code that is processing the P-Sig-Info header is attempting to access invalid memory. Steps to Replicate: - Call is GW-GW NOTE: This may not be easily reproducible. This code hasn't changed in a long time - but we haven't seen this issue before. This is probably because most of the time this bug may not cause a core. Sometimes it will simply set the pointers in P-Sig_info to addresses that are incorrect but still within the valid memory space (which will NOT cause a core). | The code is modified to ensure that the internal representation of the P-Sig-Info header points to valid memory. Workaround: Remove P-Sig-Info from Transparency Profile. |
SBX-122606 | N/A | 1 | There was an SSN issue with ICE/TLS/SRTP/P2P Impact: Possible audio issue involving an incorrect SSN when using ICE/TLS/SRTP/P2P. Root Cause: The SSN value 0 was incorrectly saved in XRES on deactivation for the case when the RID was never enabled in NP while performing NAPT or ICE learning. Steps to Replicate: Use on hold and transfer signaling to interrupt learning during the early stages of the call to potentially get a random SSN and ROC values, which the far end rejects. | The code is modified after the NAPT or ICE learning of a remote address is completed, ignoreRocSsn is set and causes NP to use the random SSN/ROC values from RID memory block. This fix is a similar fix to SBX-119900. Workaround: None. |
SBX-123411 | SBX-123228 (10.1.3) | 1 | DTMF Intermittently not working post upgrade. Impact: Audio loss after DTMF digits. Root Cause: After ingress received a re-INVITE for a media reconfig, we used a new RID to replace the previous RID. But when the resource chain was re-activated, the new RID was programed SSN = 0 that caused the audio loss. Steps to Replicate: The steps are not reproducible. | The code is modified to:
Workaround: Enable “SSRC Randomize For Srtp”. |
Pagebreak
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-123142 | N/A | 2 | Unnecessary re-INVITE was removing a 2833 message Impact:A DTMF telephony-event gets dropped in response to a mid-call re-INVITE. Root Cause:A previous enhancement to support both 8K and 16K DTMF and to transcode 16K, when necessary, contained a defect in the logic that resulted in a call appearing to be a pass-through call. Steps to Replicate:
| The code is modified to correct the logic that was not correctly identifying a call as transcoded between DTMF payload types 100 and 101. Workaround: None. |
SBX-122322 | N/A | 2 | SWe_NP - NP crashed with SIGSEGV Impact: The SWe_NP crashes due to a SIGSEGV event. Root Cause: The Segmentation table (a table that points to announcement buffers and has meta data for a call) gets initialized during ANN PLAY command. Since an ANN play command was never issued for a given call, the segmentation table was never initialized. The state machine in NP allowed the execution of a second disable command to proceed (which ideally should not be allowed) and tried to flush and build an announcement packet. Since the Segmentation table was never initialized, the source buffer pointer was NULL and crashed with SIGSEGV. Steps to Replicate: The steps are not reproducible. | The code is modified to the flush and disable the code to handle such conditions. Workaround: None. |
SBX-123225 | N/A | 3 | An EMA Prefix Profile display issue occurred after upgrading to 9.2.5R1 Impact: In the Prefix Profile Entry, the values for the following parameters (Matching Pattern, Match Start Location, Total Min Digits, Total Max Digits, Digit Type, DM PM Rule, Apply DM Rule and Determine Area) are not displayed for matching pattern starting with '+'. Root Cause: The URLDecoder was replacing the symbol '+' with blank space ' ' in the method decodeTextFromUI. Steps to Replicate:
Values for the following parameters display (Matching Pattern, Match Start Location, Total Min Digits, Total Max Digits, Digit Type, DM PM Rule, Apply DM Rule and Determine Area). | The code is modified to replace the symbol '+' with '%2B' before decoding in the method decodeTextFromUI. Workaround: None. |
SBX-122516 | N/A | 2 | A customer SBC failed-over Impact: For t140<=>baudot interworking, if the t.140 packet with a t.140 block contains a long string with alternating letter and numbers, then it can cause a DSP core dump (Swe_UXPAD). The following string was observed to cause crash "q1q1q2q1q1q221q1q1q1q1q1q2 1q". The SBC allows maximum length of 36 bytes for a t140 block. Root Cause: The buffer allocated to convert t140 block to baudot characters was insufficient for a long character string with frequent transition between figure and letter characters. Baudot character sets have FIGURE and LETTER modes and to switch between the two, a mode switch character has to be inserted. A long character string with frequent transitions resulted in buffer overflow and caused crash. Steps to Replicate:
| The code is modified to increase the buffer size to the maximum possible baudot string size (i.e. 72 baudot characters). Workaround: None. |
SBX-122070 | N/A | 2 | SO-SBC (4+1) sends out-of-order 200-OK (SUB) and NOTIFY Impact: The SBC is processing the NOTIFY ahead of the 200 OK for SUBSCRIBE message in certain scenarios where there is no delay between the 200 OK and NOTIFY messages arriving at the SBC. Root Cause: The SBC uses the two digits before the B in the following branch prefix = z9hG4bK18B. In this example, '18' identifies the SCM process which handled the 200 OK response. Due to a bug in the code, the SBC was only looking at one digit, and so the SCM process could not be determined. The SBC had to hold up the 200 OK response until it did a TRM query to determine the SCM process that handled the message. Steps to Replicate: Continually run a call flow where the SBC relays SUBSCRIBE messages and the remote party sends back 200 OK SUBSCRIBE and NOTIFY at the same time. Check that the SBC forwards the messages in the same order; i.e., a 200 OK SUBSCRIBE first, and then a NOTIFY to the A-party. | The code is modified to use the two digits of the branch parameter to route the 200 OK for SUBSCRIBE so there is no delay in processing and the messages are processed in order. Workaround: None. |
SBX-123254 | SBX-121606 (10.1.4) | 3 | Allow user-config-import on the OAM Impact: The user-config-import command is unavailable on an OAM node. Root Cause: This limitation is being removed as part of an enhancement request. Steps to Replicate:
| The code is modified to allow for the user-config-import command on an OAM node. This should only be used for greenfield deployment of a new cluster using the configuration from an existing golden configuration of another cluster. Workaround: Back up the configuration in CLI format and then edit the CLI to use the correct import order into the new cluster. Update the new cluster specific configuration in the CLI file and then source it in. |
SBX-122280 | SBX-122159 (10.1.4) | 2 | The ICE process does not immediately respond to a call audit Impact: The call cleanup process always takes the full five seconds to complete, even when all the expected processes respond. Root Cause: The five-second timer for a process starts, but a response never occurs. As a result, the cleanup process is delayed by five minutes. Steps to Replicate:
| The code is modified to reduce the amount of unnecessary calls in the ICE process. Workaround: None. |
SBX-122674 | N/A | 3 | Rework on the SBX-115152 logic. Impact: Additional logic change for SBX-118384/SBX-115152 resolved originally in 9.2.5R0. Root Cause: In certain call scenarios, the call control block gets reset on the egress side. This results in the SBC deleting a data pointer to one call leg, thus affecting the SBX-115152/SBX-118384 9.2.5R0 bug fix.. Steps to Replicate:
| The code is modified to add the call control block based on the call direction. Workaround: None. |
SBX-119319 | N/A | 2 | The GSX generates a STOP CDR while corresponding with ATTEMPT CDR and not STOP record in the SBC Impact: In a SBX-GSX GW call, the GSX generates a STOP CDR while the SBC generates an ATTEMPT CDR instead of a STOP CDR. Root Cause: This issue is not fully understood and cannot be recreated. Steps to Replicate: Not identified. | The code is modified to add enhanced logging to collect more info. Workaround: None. |
SBX-122734 | N/A | 2 | The SBC 5400 is stuck in a LSWU after a switchover or restart Impact: Sync does not complete after a switchover or restart when using Call Notify functionality. Root Cause: Sync does not complete after a switchover or restart when using Call Notify functionality because the standby code detects a duplicate entry in the Call Notify array and returns an error. Steps to Replicate:
For more details on this configuration, see Configuring the SBC to Send Unsolicited Call Notifications to Application Servers. | The code is modified to replace the existing entry in the Call Notify array with the new one when a duplicate is detected. Workaround: None. |
SBX-123713 | SBX-123550 (10.1.4) | 2 | During a LSWU, audio was lost for incoming calls, but was present for outgoing calls Impact: When ssrcRandomizeForSrtp is enabled, a one-way audio issue occurs after the SBC switches over to the standby node Root Cause: If ssrcRandomizeForSrtp is enabled, the NRMA generates an SSRC for the SRTP leg. The SSRC is sent to the NP when enabling the associated RID. In a hot standby setup, that SSRC is mirrored to standby, but it is not sent to the NP when enabling the same RID on the standby. Instead, the NP adapts the SSRC from the incoming RTP stream or the DSP's SSRC. Once the standby node becomes active, the NP changes the SSRC. If the endpoint sees a new SSRC, it starts decrypting using ROC=0. However, the NP was encrypting on send on the SRTP leg with ROC=2 that prevented the endpoint from decrypting, which resulted in one-way audio. Steps to Replicate:
| The code is modified to send NRMA generated SSRC to NP when enabling the RID on standby node so that NP does not adapt incoming RTP stream's SSRC. Workaround: None. |
SBX-123627 | N/A | 2 | Special characters incorrectly display using the "View CLI" option Impact: In the SMM GUI, a couple of special characters incorrectly display in the "View CLI" option. Root Cause: The '<' character is sent as '&' instead of '<' and the \\r\\n => double backslash escaped properly but display as a single backslash in HTML. Steps to Replicate:
The CLI commands display as expected. | The code is modified to replace those occurrences with correct responses to address the issue. Workaround: None. |
SBX-123459 | N/A | 2 | Multiple PRS process cores occurred on the server Impact: The PRS process cored due to a XRM task failed health check. Root Cause: The sigPortList in the XRM got corrupted. Numerous freed XRESs were left in it. When trying to activate a new signaling port, the XRM task got stuck in the loop and failed a health check. Steps to Replicate: The steps are not reproducible. | The code is modified to properly free already allocated XRES for other pool(s) during a signaling port allocation routine Workaround: None. |
SBX-121394 | N/A | 2 | A call transfer (REFER with Replaces) fails with an OA status 0x54 Impact: An attended call transfer failed due to a race condition when the transferor sends an off-hold INVITE and REFER with Replaces in rapid succession. Root Cause: While the SBC is in the process of bridging a transferee and transfer target, the off-hold INVITE from the transferor triggered a new modify request towards transferee, which caused an offer-answer timeout internally due to previous modify still being processed that leads to a call failure (OA status 0x54). Steps to Replicate:
| The code is modified so that the internal offer-answer timeout is handled to avoid call transfer failure. Workaround: None. |
SBX-123595 | N/A | 3 | A unique tag is created for a Notify when the 200 OK was not sent yet in response to a Subscribe Impact: When a Notify received before the initial 200 OK response to Subscribe, the SBC may send an invalid tag in 200 OK Subscribe. Root Cause: After receiving a Notify from Egress, the SBC is using egress service group id as part of tag in 200 OK Subscribe for sending to the ingress. Steps to Replicate: Run the following configuration: Subscribe ->Subscribe | The code is modified to relay a 200k Subscribe to the Ingress service group id. Workaround: None. |
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-120361 | N/A | 1 | Receiving a syslog spam about ACL Stats from the SBC1b. Impact: /var/log/syslog fills up with cpsi log entries about unable to read ACL statistics. Root Cause: A problem was found in CPS (Common Platform Service) library retrieving the next resource. CPS keeps a list of allocated resources and the CpsXyzGetNext API is used to grab the next entry in the list. The next resource information was stored in common shared memory and was not thread safe. If multiple threads invoked the same API simultaneously, the result would be unpredictable. Steps to Replicate: The steps are not reproducible. | The code is modified to add a limit to the loop count for the number of allocated resources to ensure the caller of the function passes in a CpsXyzGetNext API storage location to make it thread-safe. Workaround:None. If the kernel syslog gets filled, you must reboot Linux to stop the problem. |
SBX-121444 | N/A | 1 | The LWRESD process keeps restarting causing the SBC app to not come up. Impact:The LWRESD Process continues to restart as the interface used by it for ENUM/DNS signaling was down. Root Cause: When a SIP SIG port is selected as the signaling interface for LWRESD, by design the SBC uses the query-source-address parameter in the slwresd.conf file. Upon getting this parameter, the bind stack tries to create a socket on that IP and port. If it is unable to create the socket, the bind stack exits abnormally. Steps to Replicate:
The SBC app does not come up in service as the LWRESD process keep on restarting. | The code is modified to generate the default slwresd conf file if both the SIP signaling port type is 'SIP Signaling IP' and if the signaling port is disabled, since LWRESD cannot perform DNS signaling. The process generates the slwresd.conf based on the configuration when the interface is changed to the in-service state using the CLI.
Note: These steps are only required for an upgrade procedure if the signaling type is 'signalingIP' for the LWRESD Profile. Workaround: None. |
SBX-121955 | SBX-120330 (11.0.0) | 1 | UX_PAD is dumping core while running evrc to g729 load. Impact:A UXPAD Crash observed while running EVRC calls on GPU. Root Cause:As an oversight, the GPU software does not initialize all GPU EVRC decoder context variables, including the variable used as an index to an array. This led to an illegal memory access occurrence. Steps to Replicate: The steps are not reproducible. | The code is modified so the decoder context variables are initialized to their default values. Workaround: None. |
SBX-122011 | SBX-115363 (11.10) | 1 | AWS: eth1 and eth2 subnets are getting interchanged in an HFE instance. Impact: The AWS HFE Node can sometimes have the wrong IPs assigned to the interface. Root Cause: The AMI image incorrectly sets the interface configuration. Steps to Replicate:
| The code is modified to:
Workaround: None. |
SBX-122149 | N/A | 1 | Dead air after call is resumed from hold Impact: SSN/ROC reset after hold that caused one-way audio. Root Cause: In order to prevent reading random values of SSN/ROC in the RID’s memory block, XRM has cleared the remote address saved in XRES's security context. But that change should only apply to the case when the call flow uses a new RID after call modification. In this call flow, the same RID was used after hold. But the SSN/ROC got reset unnecessarily after hold. Steps to Replicate:
| The code is modified to introduce a new flag in XRES's security context. The flag is only set to "true" when XRM detects a new RID. Then when NAPT learning times out, XRM checks this flag to determine whether or not to clear the XRES-saved remote address. Workaround: None. |
SBX-122352 | N/A | 1 | GW-GW calls are failing after an upgrade from 9.2.3R3 to 9.2.5R2. The SBC stops processing the call after parsing the MCS EST_CONF message from the egress GSX. Impact: Calls between the SBC and GSX may cause an SCM core dump. Root Cause: A bug was introduced in an internal function. CpcMsgInfoCreateCopy(), which copies the CPC Optional Parameters that are used to pass information about a call between processes and between systems. This bug causes us to calculate the offset to the next parameter incorrectly. When the pointer is incorrect, the code that validates the CPC Optional Parameter will detect an error and cause a core dump. Steps to Replicate: This issue was found by code inspection. The steps are not reproducible. | The code is modified so that it now calculates the offset to the next parameter correctly. Workaround: None. |
SBX-122359 | SBX-113502 (10.1.0) | 1 | CE_2N_Comp_ScmP SYS_ERR generated Impact: Calls between the SBC and GSX may cause an SYS_ERR and not process the internal parameter content correctly. Root Cause: A bug was introduced in an internal function - CpcMsgInfoCreateCopy(), which copies the CPC Optional Parameters that are used to pass information about a call between processes and between systems. This bug causes us to calculate the offset to the next parameter incorrectly. When the pointer is incorrect, the code that validates the CPC Optional Parameter will detect an error and cause a core dump. Steps to Replicate: This issue was found by code inspection. | The code is modified so that it now calculates the offset to the next parameter correctly. Workaround: None. |
SBX-122509 | N/A | 1 | There was a core and failover on the SCM Process coredump and the SBC failed over. Impact: The SCM process cores after an attempt to free a memory block that is already free. Root Cause:A memory block was freed but did not clear the pointer to that freed memory block that is stored in the main Call Block. As a result, the app does not know that this memory block has already been freed. If the app tries to free it a second time, a core is caused. Steps to Replicate: This bug was found by code inspection, and is therefore not reproducible. | The code is modified to clear the pointer to the freed memory block that is stored in the main Call Block. Workaround: None. |
The following Severity 2-4 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-120807 | N/A | 2 | A memory leak occurred in an Advanced SMM dialog variable. Impact: A memory leak occurred in an Advanced SMM dialog variable. Root Cause: When the egress leg responds with 18x, the SBC fails to update the call control block with new dialog variable ID. As a result of the call teardown before 2xx, the SBC fails to delete the memory of SMM dialog variable. Steps to Replicate:
| The code is modified to always update the call control block with new dialog variable ID when received the responds from peer. Workaround: Disable Advanced SMM. |
SBX-121159 | SBX-120826 (10.1.3) | 2 | ASAN - run-time error " runtime error: load of value 32524, which is not a valid value for type 'SIP_TRANSPORT_ENUM' in sanitizer logs Impact:ASAN reported "runtime error" error while reading a value related to the transport type while processing a 407 response to a REGISTER message. Root Cause:The code was reading from uninitialised memory while processing the 407 message, which led to reading an unexpected value. Steps to Replicate:Only reproducible while running failed registrations in Ribbon lab using ASAN build. | The code is modified to ensure data is initialised correctly to avoid the problem. Workaround: None. |
SBX-121897 | N/A | 2 | The SBC sent SYN to a client port instead of port 5060 Impact:The SBC tried to reopen TCP connection to the client for an incoming call and with the SBC in role of server side using TCP and the connection is already closed. The SBC should not try to reopen connection. Root Cause: The same logic will be applied for the SBC TCP connection as a client Steps to Replicate:
The packet capture shows the SBC trying to reopen the connection in order to send a status message. | The code is modified to prevent the SBC from reopening a connection for an SBC TCP connection as a server. Workaround: None. |
SBX-122000 | SBX-121620 (11.1.0) | 2 | The SBC is not adding country code +81 in Request URI while sending out INVITE towards egress peer in E2E call flow. Impact:The SBC is not adding country code in Request URI of INVITE. Root Cause:The SBC is not globalizing the number by assuming that calledURI is already globalized. Steps to Replicate:
Expected Result: Check whether the SBC is adding the country code in RURI, the SBC does add country code for RURI. | The code is modified to check whether the calledURI globalized or not. If it is not globalized, the SBC does globalize it and adds a country code. Workaround: None. |
SBX-122029 | SBX-121633 (10.1.4) | 2 | Missing UI control for Level 4 Trace Messages configuration Impact:
Root Cause: Level 4 Trace Message has been added as an Enhancement in EMA. Steps to Replicate:
| The code is modified to add Level 4 Trace Message configuration:
Workaround: None. |
SBX-122086 | SBX-122013 (10.1.3) | 2 | RCS SBC - Dropping ingress TCP-segmented MSRP packets (parsing error) Impact: Dropping ingress TCP-segmented MSRP packets (parsing error). Root Cause: The transaction ID was getting mismatched due to low buffer ENUM used for the transaction ID copy, truncating the transaction ID that is later compare to match the End of the Packet. Steps to Replicate: Test the MSRP message having Transaction ID of length 32 characters. | The code is modified to increase the buffer size to 4 bytes to compensate for the full length of the transaction ID that can be at maximum length of 32. Workaround: None. |
SBX-122140 | SBX-122015 (11.1.0) | 2 | The P-charging vector header has ipx3.xxx.com.1 instead of ipx3.xxx.com.2 Impact: On the egress Leg, the SBC is sending wrong PCV values in the PCV Header. Root Cause:On the egress leg, the SBC was supposed to add PCV header. However, the SBC is applying transparency logic to PCV header and as a result, the SBC send wrong values in PCV header. Steps to Replicate: An INVITE is received with PCV header P-Charging-Vector: icid-value=a9fbd640-30e4-1032-00-00-00-10-6b-03-18-01;icid-generated-at=10.xx.yy.zz;orig-ioi=operatorb.com;transit-ioi="operator_A.1" The sendPCVHeader is enabled on egress leg and PCV transparency is enabled. The SBC sends the generated PCV header and not transparently. | The code is modified so when the SBC adds a PCV header, the transparency is not applied again. Workaround: None. |
SBX-122182 | N/A | 3 | SBC manager path check URL character violation Impact: An SBC Configuration Manager path check creates a URL character violation. Root Cause:Since the values are not encoded, the ^ symbol creates an issue. Steps to Replicate:
| The code is modified to encode the values of form elements, which resolves the URL character violation. Workaround: None. |
SBX-122219 | SBX-122178 (11.1.0) | 2 | The SBC is not rejecting the INVITE received over unsupported transport protocol Impact: The SBC is not rejecting the INVITE received over unsupported transport protocol. Root Cause: The SBC returns a failure in an early stage that causes the SBC to select the default sipSigPort. Due to this, the SBC is further processing the INVITE. Steps to Replicate:
| The code is modified to not select the default sipSigPort. Workaround: None. |
SBX-122368 | SBX-120767 (10.1.4) | 2 | RESTAPI having 'set' operation limitation when using POST API commands. Impact: RESTAPI having 'set' operation limitation when using POST API commands. Root Cause: The validation point for the /META:metadata table was counting all changes in the current transaction, not just changes to the META:metadata table. This caused the limit of metadata table transactions of 1000 to be exceeded. Steps to Replicate:
| The code is modified to only count changes to the META:metadata table. Workaround: Split the REST request into smaller requests to avoid this issue. |
SBX-122399 | N/A | 3 | API packets dropped at the kernel layer Impact: NP continuously reports badRidCb errors. Root Cause: RTCP RID is enabled at the same time as RTP RID is enabled in NP. But when BRM is deactivating the LE2LE_RTCPTERM BRES, it incorrectly sets disableRtcpRid flag to "true" in the RTCP Gen disable command. Even the corresponding RTCP RID was not enabled due to XRM having not resolved the destination MAC address. Steps to Replicate:
| The code is modified to allow the BRM code to set disableRtcpRid flag properly in the RTCP Gen disable command. Workaround: None. |
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-121854 | N/A | 1 | A MAJOR event containing "PORT_RANGE: id xxxxx not found" regularly seen in DBG log Impact: A MAJOR event containing "PORT_RANGE: id xxxxx not found" is regularly seen in the DBG log. Root Cause: When a registration expires, there is a 52-second window (based on default retry counts) after the port range control block is deleted and before registration control block is freed. Any SIP subscribe request received within this window is forwarded to egress to use the connection ID of an already-freed port range control block, and results in this error message. Steps to Replicate:
In addition to above tests, please also verify following:
| Corrected the logic which only checked registration status when the usePortRangeFlag feature is enabled. Workaround:None. |
SBX-121889 | N/A | 1 | ScmProcess may coredump when logging an INFO level message (or Call Trace message) related to secure media IP change after on-hold/off-hold signal sequence Impact: The ScmProcess may core when logging an INFO level message (or Call Trace message) related to a secure media IP change after a on-hold/off-hold signal sequence. Root Cause:The IPUtilGetStr function was called to retrieve the previous and current IP for logging, which was used as an argument that got passed into the logging function without any additional parameters. In this scenario, the function uses local memory for storing the value. Without specifying a buffer to store the data, the local buffer gets overwritten when called two consecutive times. Consequently, when stringcopy or write is called, the first dataset is gone resulting in a null pointer access that causes a core. Steps to Replicate: Run at INFO level logging and put secure media leg on-hold and take off-hold to reproduce the core. | The code is modified to remove the IPUtilGetStr from the call to log the DBG message. Workaround:None. |
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-121121 | N/A | 1 | The SBC application is not coming up Impact: Synchronization of the SIP REC call data may fail due to deficiencies in the synchronization algorithm. Root Cause:The algorithm used to the synchronize of SIP REC call data to the standby system suffered from deficiencies, making the algorithm unreliable. Steps to Replicate:
| The code is modified to correct the algorithm's reliability issues. Workaround:Disable (inhibit) SIP REC calls before bringing up the Standby system or performing LSWU upgrade. |
SBX-121031 | N/A | 1 | The SBC 5400 failover occurred on server Impact:The SCM cores due to memory corruption. Root Cause:The memory corruption is caused by a bug where the length field of a structure wrapped around the size of the USHORT that it is stored in is causing an incorrect length value. We use this length to calculate the address where we’re going to copy data into. Therefore, when the length is incorrect the incorrect location data is copied, causing memory corruption. Steps to Replicate: The steps are not reproducible. | The code is modified to prevent the length field from wrapping when it becomes very large. Workaround:None. |
SBX-118290 | N/A | 1 | SWE Traffic Profile sync problem in HA Impact: The traffic profile fails to get applied on 1-to-1 SBC 9.2.3R0 Openstack VM registered with V13.02.06R000 EMS when the SBC VM is spawned with the large memory config Profile. Root Cause:1-to-1 mode SBC registered with EMS fails to apply the large config profile as part of init operations on an active SBC. This results in the creation of a marker file (skipRebootMarker). The presence of this marker file causes the application to reject the traffic profile activation from CLI/EMS on an active SBC. Steps to Replicate:
| The code is modified to update the logic for introducing the marker file. The marker file was introduced incorrectly as part of the large config profile activation. Workaround:
|
SBX-121723 | N/A | 1 | Incoming SIP SUBSCRIBE requests from registered endpoints were incorrectly rejected with a SIP 403 Forbidden response Impact: The SBC incorrectly rejects incoming SIP SUBSCRIBE requests from registered endpoints with a SIP 403 Forbidden response. Root Cause: The logic that was added for SBX-119915 to check an endpoint's registration status while processing the incoming SIP SUBSCRIBE request should only apply when the usePortRangeFlag feature is enabled. Steps to Replicate:
| Reverted the SBX-119915 code change. Workaround: None. |
Pagebreak
Severity 2-3 Resolved Issues
The following issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-106015 | SBX-120493 | N/A | 2/3 | Ingress T.38 Fax fails when the Egress is SIP or TDM (SBX-12043) / T.4 data size exceeds expected size based on fax speed (SBX-106015) Impact:
Root Cause:
Steps to Replicate: SBX-106015:
SBX-120493:
| To overcome when T.38 peers send TCFs earlier than expected, the stack code is modified to delay TCF generation until the DCS is modulated. Additionally, the T.38 stack code changes are rolled back to produce 72-byte packets for 14.4. TCF. Workaround:
|
SBX-121662 | SBX-112437 (10.1.0) | 2 | The SCM Process and SAM Process core observed for Enhanced Local Redirection Impact:SCM cores when processing a SIP message that contained 10 Contact Headers and Multiple Identity headers. Root Cause:The length of the data became too large to be stored in a length field that is a USHORT. The contents of the length field wrapped around the size of the USHORT that it is stored in, causing an incorrect length value. This length is used to calculate the address where it is going to copy data into. Therefore, when the length is incorrect it copies into an incorrect location causing memory corruption. Steps to Replicate:Run a test where a SIP message that contained 10 Contact Headers and Multiple Identity headers is sent to the SBC. This message is processed correctly and there was no core. | The code is modified to add defensive code to prevent the length field from wrapping when it becomes very large. Workaround: None. |
SBX-121509 | SBX-114422 (10.1.4) | 2 | SBC 7000 Trunk Group Stats contain Parent CAC trunk group (a.k.a Shared CAC-Limits Pool) stats with strings "key not found in" instead of Zone name and AC name Impact:SBC 7000 Trunk Group Stats contain Parent CAC trunk group (Shared CAC-Limits Pool) stats with strings "key not found in" instead of Zone name and AC name Root Cause:The Trunk Group Stats considers sharedCacLimitsPool as a TG and since sharedCacLimitsPool is not linked to address context or zone, those fields are populated with 000, and later while trying to fetch value for the TrunkGroupStatusStats file it is updated as "key not found in." Steps to Replicate:
| The code is modified to skip the TrunkGroupStatusStats entry for sharedCacLimitsPool. Workaround: None. |
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||
|
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||
|
Pagebreak
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Issue | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-120433 | N/A | 1 | Unexpected switchover on the SBC SWe pair. Impact:The SCM process coredumps after processing a Dialog Event. Root Cause: The cause of the coredump is the code accessing a structure where elements are freed. As a result, the code de-references pointers in this structure that is set to NULL. Steps to Replicate: This issue is not reproducible. | The code is modified to free the Dialog structure only after freeing the elements it points to. This fix prevents dereferencing pointers in this structure that are set to NULL. Multiple stack traces show the same routine in the code as being deficient - this is where additional checking logic is added. Workaround: There is no workaround. |
SBX-119679 | N/A | 1 | SBC Switchover processAbnormalTermination with core Impact: Subscribe relay with multiple crank back failures may cause the SBC to core. Root Cause: When retransition eventually times out and multiple application crank back failures take place for Subscribe Relay, there may be a core observed due to a stack recursion. This results in a duplicate free of the relay control block. Steps to Replicate: Not able to reproduce due to specific customer configuration. | The code is modified to process the freeing of the relay control block in a separate thread. Workaround: Avoid crank back. |
SBX-118299 | N/A | 1 | Load Testing - Packet Loss Impact: SWe_NP was not able to handle traffic burst, and observed packet loss. Root Cause: Due to high wakeup latencies in SWe_NP caused by scheduling and CPU idle time management, the packets accumulated in the hardware queue are not drained by SWe_NP in time. Steps to Replicate: The reproduction of this test requires simulating the traffic burst. | The code is modified to change the scheduling policy of SWe_NP to Realtime (SCHED_FIFO) and change the idle behavior of the CPU to poll, instead of halt. Workaround: Reduce the number of calls and number of call generators. |
SBX-117435 | N/A | 1 | Running a sysdump on a SBC 5400 triggers packet port down/up condition Impact: Port link failure observed while running sysdump on the SBC 5400. This could cause an SBC switchover. Root Cause: Enhancements made to collect more Network Processor (NP) memory area caused interference for the interface driver reading the port link status. This interference caused the driver to falsely report link down. The link status is obtained from the NP processor's (Octeon) register. Steps to Replicate: Run np_mem_dump.pl while the SBC application is running while the mgt/pkt interfaces are in a link up state. | The code is modified to allow the utility function to collect NP memory and NP registers in order to access the Octeon register through the driver instead of directly accessing the register. This avoids concurrent access of the register which caused the false link failure. Workaround: Do not run sysdump or /opt/sonus/bin/np/np_mem_dump.pl while the SBC is running. |
SBX-119464 | N/A | 1 | The SBC performed switchover with processAbnormalTermination error code Impact: The SCM process cored due to a Healthcheck timeout. Root Cause: An infinite loop is encountered when mirroring Subscription CBs. Steps to Replicate:The steps are not reproducible. | The code is modified to prevent the SBC from spinning in this particular loop. Workaround: None. |
SBX-118608 | N/A | 1 | After a 491 response due to re-INVITE contention, the SBC continues the call even though the SDP is unmatched. Impact: After 491 response, the SBC sends re-INVITEs with invalid application media format. Root Cause: When the application processes the queued request internally, it loses the other leg application media format that it used for the remote to send out. Steps to Replicate:
| The code is modified to properly store the other leg application media format in SIPS, so that it can send out correctly when it processes the queued message. Workaround: None. |
SBX-117393 | N/A | 1 | The SCM Process cores and causes a switchover. Impact: The SCM Process cores when attempting to allocate memory. Root Cause: The SCM Process cores when attempting to allocate memory because the memory management code has detected memory corruption. Steps to Replicate: The steps are not reproducible. | The code is modified to prevent writing into this memory block after it is freed. Workaround: None. |
SBX-119111 | N/A | 1 | The SBC Core has a switchover twice during the day. Impact: SCM cores in SIP code when using SIP Refer Relay. Root Cause: The core is due to an attempt to dereference a NULL pointer while processing a message related to SIP Refer Relay. Steps to Replicate: The root cause was found by code inspection. | The code is modified to make sure the pointer is valid before attempting to dereference it. Workaround: Disable the SIP Refer Relay. |
SBX-120416 | N/A | 1 | SIPSG code cores due to accessing pktCcb pointer that has been set to NULL Impact: SIPSG code cores due to accessing the pktCcb pointer that has been set to NULL. Root Cause: The fix in the past included a change that sets fsmCcb->pktCcb to NULL after clearing out the contents of the pktCcb. The reason for setting fsmCcb->pktCcb to NULL after clearing out the contents of the pktCcb was to prevent executing the code in SgOaClearPktCcb() more than once. The previous fix was unnecessary because SgOaClearPktCcb() already checks every field for NULL before attempting to free it. Steps to Replicate:The steps are not reproducible | The code is modified to remove the change that sets fsmCcb->pktCcb to NULL. Workaround: None. |
SBX-117476 | N/A | 1 | Congestion Memory issue. Impact: The SCM process leaks memory when "sendSBCSupportedCodecsForLateMediaReInvite" is enabled in the IP Signaling Profile. Root Cause: The SCM process may not free internally allocated structure when "sendSBCSupportedCodecsForLateMediaReInvite" is enabled in IP Signaling Profile. Steps to Replicate: Run load with “sendSBCSupportedCodecsForLateMediaReInvite” enabled in the IP Signaling Profile and confirm the leak. NOTE: The call flow must result with sending a "NRMA Modify" internally. | The code is modified to ensure that these structures are freed when "sendSBCSupportedCodecsForLateMediaReInvite" is enabled in IP Signaling Profile. Workaround: Disabling "sendSBCSupportedCodecsForLateMediaReInvite" may prevent this issue. However, there may be other code paths or scenarios which may trigger this leak. |
SBX-115937 | N/A | 1 | A switchover occurs on the SBC due to a deadlock issue. Impact:A switchover occurs on the SBC due to a deadlock issue. Root Cause:When the the authPassword is being fetched multiple times a second, that call was occuring at the exact same time as the CpxTrunkGroupMediaIpSecondaryInterfaceGroupNameValidate was called. Both routines use the same global maapiSocket to do maapi calls to read the confd database. Since the same global socket was being used, the maapi_exists call is hung. Steps to Replicate: In one CLI session, make a lot of calls to get the authPassword: | The code is modified so that the CpxTrunkGroupPassGetElem function performs a 'cdb get' action to get the authPassword, so there is no contention for the global maapiSocket. Workaround: Do not get the authPassword at the same time as setting the mediaIpSecondaryInterfaceGroupName. |
SBX-118999 | N/A | 1 | After an SBC 9.2.3 SW upgrade, the ACLs are blocking traffic when enabled. Impact: The IPACL rule is incorrectly installed in the NP. Root Cause: You can configure the IPACL rules with or without an ipInterface. If an IPACL rule is configured with an ipInterface, it is not installed in the NP until the associated ipInterface is created and enabled in the NP. The IPACL task tries to re-add those rules that are waiting on the ipInterface for it to receive a 'port up' notification from the NRS. When mixing a set of IPACL rules, some rules that are not defined with the ipInterface are installed in the NP during the startup of the applications, while other rules that are defined with the ipInterface may get delayed while waiting for the associated ipInterfaces to become ready. All of the IPACL rules are ordered by precedence in the CPS context and will be programed in the NP in the same order. When the IPACL task tries to re-add the rules that are waiting on ipInterface, the order of the rules is changed. The new rules are inserted at the proper location in the CPS context, based on their precedence. But there is no corresponding shuffling at the NP layer which causes some newly-added rules to randomly overwrite some existing rules. Steps to Replicate:
This should result in rule 3 showing match counts instead of rule 2. | The code is modified to add all the rules in the NP, including the ones already added on the IPACL retry. Workaround: None. |
SBX-119106 | N/A | 1 | The SBC application restarts. Impact: A SAM process encounters a core due to a Healthcheck timeout when the SIPCM attempts to open a TLS connection. The security certificate named in the tlsProfile is expired. Root Cause: Two threads are hung while attempting to write a security certificate update () to the DB using the same socket. The purpose of the update is to change the state of the certificate to EXPIRED. Steps to Replicate:
| The code is modified to add a lock preventing two threads from writing to the DB using the same socket. Workaround: Renew PKI Security Certificates before they expire. |
SBX-118402 | N/A | 1 | SBC Ethernet Port Packet Port Statistics have peak value equal zero. Impact: SBC Ethernet Port Packet Port Statistics have incorrect peak value equal to zero. Root Cause: The SBC has reset the bandwidth peak value after statistics collection. Steps to Replicate: Execute a call load for hours and collect ethernet port packet stat. | The code is modified allowing the SBC to reset the bandwidth counter before it collects the real data. Workaround: None. |
SBX-115213 | N/A | 1 | Node B unexpectedly restarts when Node A is in SyncInProgress for a long time. Impact: The Call/Registration Data on the SBC shows syncInProgress for an extended period of time. Root Cause: A redundancy message buffer is not large enough to hold the data and causes the sync to be incomplete. This results in the Call/Registration Data to remain in a syncInProgress state. Steps to Replicate: Run multiple Registration/Calls on the SBC. | The code is modified to address the issue. Workaround: None |
SBX-115911 | N/A | 1 | Application restarted due to processAbnormalTermination Impact: SSREq process coredumped while receiving message with length =0. Root Cause: When the message length is =0, the third party software, Xalan, crashes when allocating memory. Steps to Replicate: Perform SSREq request to ERE when configured for external PSX. | The code is modified to add a check to not process messages with length=0. Workaround: Stop the SSREq process. |
SBX-118473 | N/A | 1 | The SBC resets SRTP encryption sequence number after a re-INVITE; the anti-replay protection at the far end (on another SBC) discards the incoming SRTP packets until the sequence number approaches the highest recorded sequence number. Impact: Intermittent one-way audio with a duration of more than 10 seconds may occur during call transfers when the remote connection media IP address changed on the secure RTP (SRTP) call leg. The RTP sequence number (SSN) of the outgoing SRTP stream encrypted by the SBC may roll back to a lower value that causes the SRTP packets being discarded by SRTP anti-replay protection at the receiver's end. Once the SSN of the SRTP stream reached the highest recorded value, the audio was back and both parties could hear each other. Root Cause: After the call transfer, the remote connection media IP address on the SRTP call leg was modified without deactivating the media resource chain. This caused the delay in applying the security configuration to the media resource chain, which in turn caused the first one of several SRTP packets being sent with a high SSN number and the roll back of the SSN to a lower value. The remote end discarded the SRTP packets with a lower SSN than the highest recorded SSN. Steps to Replicate:
| The code is modified so in a modify offer or answer for a SRTP call, if the remote connection media IP address is modified on the SRTP call leg, the new IP and security configuration are applied at the same time, without a delay. Workaround: None. |
SBX-119079 | N/A | 1 | SBC delay in processing Late Media re-INVITE Impact: The SBC is not able to relay/responds to the late media re-INVITE after call is connected. Root Cause: There is a race condition where ingress connects first before egress. The SBC received reInvite and forwards to egress. Egress internally responds 491 because egress is not in the connected state yet. However, internally the CC subsystem is ignoring to relay the 491 and responds due to the wrong state. Steps to Replicate: Configure the passthru latemedia:
| The code is modified to correct the CC logic to relay the 491 responds to ingress. Workaround: Disable passthru latemedia. |
SBX-118991 | N/A | 1 | Transcoding is failing for T.38 involving SRTP Impact: The SBC is not sending SRTP attributes in an outgoing offer for the G711 fax call. Root Cause: This issue is specific to a call flow where the initial audio call is a pass-through with non-G711 codec and later transitions to fax using G711. In this call flow, the SBC fails to offer SRTP crypto attributes during the fax call. Steps to Replicate: Configuration:
Without fix: The re-Invite at step 3 is sent with out SRTP. | The code is modified to offer crypto attributes even when the initial audio call is using a non-G711 codec. Workaround: None. |
SBX-119574 | N/A | 1 | SIP to SIP call had no response to PRACK. Impact: The SBC is unable to respond to PRACK with new SDP offer while the call is in terminating state. Root Cause: Call is in terminating state. Steps to Replicate: The Ingress configuration disconnected the treatment.
| The code is modified so the SBC rejects a 500 error response to a PRACK request with an SDP offer. Workaround: Disable PRACK or disable disconnected treatment. |
SBX-119797 | N/A | 1 | Video call disconnects abruptly due to ACK not getting propagated Impact: The SBC is unable to answer ACK for re-INVITE on ingress leg. Root Cause: The Egress leg is resetting the end-to-end ACK feature after receiving 200 OK offer for latemedia call. As a result, this causes the ACK to not send on Ingress for re-INVITE. Steps to Replicate:
| The code is modified to turn on the e2e ACK feature back after the ACK send out for latemedia call. Workaround: Disable e2e re-INVITE or e2e ACK. |
SBX-117963 | N/A | 1 | SAM Process coredumps are causing a switchover if FAC enabled and call Id is longer than 24 characters. Impact: While reporting statistics for a Fault Avalanche Control (FAC), the SAM process may core if reporting on a call with a callId larger than 24 characters. Root Cause: While reporting statistics for FAC, an incorrect "maximum size" is used when copying a callId - resulting in the code writing past the end of an allocated buffer and corrupting memory. Steps to Replicate: Run some calls with FAC while collecting FAC statistics. The callids for these calls should be longer than 24 characters. | The code is modified to use the correct "maximum size" when copying the callId. Workaround:Disable FAC. The FAC feature blocks SIP messages of certain key elements that caused multiple coredumps in the past. Disabling FAC will block them from getting processed again |
SBX-119885 | N/A | 1 | An SCM Process core occurred on both servers. Impact: The SIPCM process cores. Root Cause: The SIPCM process cores because it was accessing a Packet CCB that had already been freed. Steps to Replicate: The steps are not reproducible. | The code is modified to add defensive code to prevent SIPSG from accessing a Packet CCB that is already freed. Workaround: None. |
SBX-120363 | N/A | 1 | The SBC cores along with disk errors seen (2ndcore) Impact: The SCM cores while attempting to update SIP protocol specific fields in the accounting record. Root Cause: The code is using the wrong function to get a pointer to the URL header structure. Therefore, the SBC is using an invalid pointer and operating on invalid data.. This resulted in an attempt to dereference a NULL pointer, which caused a Segmentation Fault. Steps to Replicate: This issue is not reproducible. The code has been the same since prior to the 7.2 release and this issue hasn't been seen before. Low risk of reoccurrence. | The code is modified to use the correct function to get the pointer to the header. Workaround: Disable CDRs. |
SBX-119908 | N/A | 1 | sanitizer.CE_2N_Comp_CpxAppProc & CE_2N_Comp_DiamProcess Impact: A small amount of memory leaks while configuring diameter peer IP addresses Root Cause: The configuration validation routines were allocating memory while cross-checking the new CDB configuration and this memory was not freed at the end of the validation. Steps to Replicate: Create diameter peer IPs and check for no memory leaks in an ASAN enabled build. | The code is modified to update the validation routines to make sure the memory is freed so there is no leak. Workaround: None. |
SBX-119912 | N/A | 1 | LeakSanitizer in CE_2N_Comp_CpxAppProc, CE_2N_Comp_ScmProcess0,1,2,3 Impact: While sending a SIP SUBSCRIBE message, the code was leaking memory if there were PATH headers in the associated subscribed registration data. Root Cause: The code was creating copies of the PATH header information to map into the P-Asserted-ID header and not freeing up all the associated information once the subscription processing completed. Steps to Replicate: Run various SUBSCIRBE for REGISTER event test cases and check there are no memory leaks. | The code is modified to make sure all P-Asserted-ID header memory is correctly freed up. Workaround: None. |
SBX-118384 | SBX-115152 (8.2.6) | 1 | Unknown header is not relayed with re-INVITE call flow in PSX. Impact: Unknown Header Transparency for BYE message do not work in call scenario where SBC receives a re-INVITE from Egress peer and BYE is received from Ingress Peer. Issue is observed only when Re-INVITE is auto-answered by SBC Root Cause: SIP request data for Re-INVITE is not cleared from SIP call control block after Re-INVITE offer-answer completion. This results in duplicate entries for SIP request data in the SIP call control block when the SBC receives the BYE message. During handling of the BYE message at Egress leg, request data pointer is retrieved from call control block to set transparency mask for unknown header, request data pointer of Re-INVITE is picked always instead of BYE message. This results in unknown header transparency issues for BYE. Steps to Replicate:
| The code is modified so that SIP request data is cleared properly for Re-INVITE. Workaround: None. |
SBX-120335 | SBX-120128 (9.2.4) | 1 | The SBC 5400 switchovers occur after an upgrade to v09.02.04R003. Impact: The SCM process may core while attempting to set the original peer SDP address when either NAPT for Media is enabled and the SDP is received, or if ICE is enabled and ICE is in the SDP. Root Cause: In the above two scenarios, the software did not protect against using a NULL packet SG control block address. Steps to Replicate: The steps are not reproducible. | The code is modified to prevent the NULL packet SG control block address from causing the SCM process to core. Workaround: None. |
SBX-118371 | SBX-115304 (8.2.6) | 1 | The SBC replies with a 481 message for INVITE with occasional replaces. Impact: The SBC replies a 481 message for INVITE with occasional replaces. Root Cause: In early dialogue, the state to-tag is not updated in the Hashtable but the from-tag is updated. This issue is why when we tried to look up using only the call ID. As a result, it fails to fetch original call as the original INVITE and the INVITE with replaces had the same call ID. Steps to Replicate:
| The code is modified to look up both the call ID and from-tag for the ingress leg. Workaround: None. |
SBX-118081 | SBX-118049 (10.1.2) | 1 | The SRTP decryption and encryption fail after an upgrade to 9.2.4R0/10.1.0R2. Impact: The SBC fails to decrypt the incoming SRTP packets, causing a static noise instead of audio on the SRTP calls. Root Cause: Since 9.2.0x, one flag is used in the XRM. XRM_SRTP_SESS_UNENCRYPTED is used for both the unencrypted SRTP and unencrypted SRTCP. When this flag is set, the XRM sends cipherType = NP_CIPHER_TYPE_sRTP_NULL to the NP. The SBC does not to decrypt the incoming SRTP packets. Steps to Replicate:
| A new flag is added, for unencrypted SRTCP: XRM_SRTCP_SESS_UNENCRYPTED The modified NRMA and XRM adopt the new flag for SRTCP. Workaround: Disable the UNENCRYPTED_SRTCP in the cryptoSuiteProfile |
SBX-118086 | SBX-115231 (11.0.0) | 1 | Possible stack overflow vulnerability in the RTCP processing. Impact: Potential stack overflow vulnerability was identified through the internal code review in the RTCP generation subsystem of SWe NP module. Root Cause: The root cause of the problem was identified to the use of variables of an incorrect storage size. Steps to Replicate: The steps cannot be reproduced. | The code is modified to address the vulnerabilities. Workaround: No workaround. |
SBX-118382 | SBX-114456 (8.2.6) | 1 | The AMRWB is transcoded although negotiated end-to-end. Impact: The Transcode option for "different2833PayloadType" feature considers only the 8,000 DTMF payload and the 16,000 DTMF payload is not compared with the opposite leg Peer PSP DTMF, unlike the 8,000 DTMF in earlier releases. This leads to unnecessary transcoding when the same 16,000 DTMF is present in both Ingress Offer and Egress Answer. Root Cause: The SBC does not compare the 16,000 DTMF payload type of Ingress and Egress Leg when "different2833PayloadType:" is enabled, unlike 8,000 DTMF. The SBC should only transcode the call only when the 16,000 DTMF payload is different for both Ingress and Egress; otherwise, the SBC should treat the call for pass-through (PT). Steps to Replicate: TC1:
TC3:
| The code is modified to check both the 8,000 and 16,000 DTMF for a difference in payload type with the corresponding answered DTMF payload types, sent by Egress Peer in Offer Answer function to determine whether the call should be transcode or pas-through. If the DTMF payload types are same, the call is passed through and transcoded if the DTMF payload types are different. These checks are done when "different2833PayloadType" feature flag is enabled. Workaround: None. |
SBX-116769 | SBX-115616 (10.1.1) | 1 | Routing label settings could not be changed in the EMA if created by the CLI. Impact:Unable to change Routing label settings from the EMA UI if they were created using special characters in the CLI. Root Cause: CLI was allowing _ + - . : @ characters in the Routing Label name. The EMA, however, was only allowing _ character in Routing Label name. As a result, attempts to update the Routing Label from the EMA failed. Steps to Replicate:
| The code is modified to allow special characters + - . : @ in the EMA. Workaround: No workaround. |
SBX-117969 | SBX-117637 (11.1.0) | 1 | The SCM Process generates a core and a switchover occurs due to null pointer in a forked call. Impact: The SCM is coring when trying to free memory that has already been freed. Root Cause: The SCM process cores when trying to free memory because of a non-reproducible edge case scenario which causes the memory to be freed before returning from a subroutine. The calling function doesn't handle this correctly. NOTE: This scenario only happens if a downstreamForkingSupport is enabled on the SIP Trunk Group. Steps to Replicate: The steps cannot be reproduced. | The code is modified to prevent the scenario. Workaround: None. |
SBX-118383 | SBX-115262 (8.2.6) | 1 | Unexpected UPDATE from the SBC after UPDATE with media inactive. Impact: Delayed RBT with the monitor profile in early dialog with DylRBT, there is an update from the caller to set the media to inactive. That triggers an UPDATE towards the called with media inactive. Just after that, the SBC sends a new UPDATE with the media direction "sendrcv" to the caller. Root Cause: Since in this case tone is playing and dlrbt is enabled, Update from ingress with DPM inactive is processed by the SBC and sent to egress. Egress responds with 200 OK with Media as inactive which is passed to ingress. The SIPSG sends notification to CC to STOP tone. Tone stops and cut-thru is set in CC. CC sends activate to NRMA and NRMA swaps tone context with cut-through context that has a DPM of sendrecv. NRMA sends update notify ingress with DPM of sendrecv, which is sent to ingress peer as an Update. Steps to Replicate:
| The code is modified to address the issue. Workaround: No workaround. |
SBX-118380 | SBX-114764 (8.2.6) | 1 | The G711 codec is used incorrectly during a G729 UPDATE. Impact: The SBC plays the incorrect media towards Ingress End Point after a call is established. Root Cause: Issue 1: Port is not updated after an UPDATE during tone play. After the SBC receives an UPDATE from Ingress End Point during tone play, the SBC updates the codecs and port information. But after a 200 OK for UPDATE is sent out, the SBC overwrites the new information with old information. After an UPDATE is received during a tone play, the SBC tends to suppress sending UPDATE/re-INVITE towards ingress during cut-thru (after tone play) by re-using the last tone codec on ingress leg. Steps to Replicate:
Expected Results:
| The code is modified for the following issues: Issue 1: The SBC now changes the port towards Ingress EP. Workaround: None. |
SBX-119175 | SBX-118191 (11.0.0) | 1 | An upgrade is successful but revert operation failed - V10.1.0R2 to V11.0. Impact: The SBC application does not come up after revert on cloud 1:1 mode. Root Cause: The SBC application gets stuck due to Openclovis model update cache on old active disk. Steps to Replicate:
| The code is modified to indicate this model update cache and perform a model update on standby after revert to remove any component that is not needed. Workaround:
|
SBX-116538 | SBX-111832 (10.1.0) | 1 | PRS Process and ENM Process coredumps observed in SLB during REGISTER Performance run Impact: The PRS and CHM processes were allowing switchover even when the sync was in progress, causing failures in restoring context in XRM. Root Cause: The sync completion check was incorrect and incomplete, thereby allowing a switchover to occur even when the sync is in progress. Steps to Replicate: Trigger the switchover while the sync is still in progress to check if standby either takes over, or if it restarts to prevent the switchover. | The code is modified to add a thorough sync completion check to the PRS and CHM processes to prevent a switchover when a sync is in progress. Workaround: None. |
SBX-118169 | SBX-118118 (9.2.4) | 1 | Both of the SBC units went down after an unregister from the EMS. Impact: Both of the SBC units went down after an unregister from the EMS Root Cause: The code in the ENM process notifies the deletion of the SnmpAgent snmpTargetMib snmpTargetAddrTable snmpTargetAddrEntry. The ENM process code spawns a thread to delete the corresponding trap from the oam snmp trapTarget table that shares a CDB socket with the SonusSnmpTrapTarget::ProcSubDelete. Steps to Replicate:
| The SonusSnmpTrapTarget::DeleteTrapTargetThread routine is modified to use its own CDB socket to prevent contention from two threads for the same socket. Workaround: None |
SBX-116976 | SBX-114778 (10.1.1) | 1 | The STOP RECORD is missing from CDR VIEWER after a switchover. Impact: STOP RECORD IS MISSING from CDR VIEWER after a switchover. Root Cause: With the current Logstash configuration, the logstash reads the TRC and ACT files only from the time when the logstash was started, which means older data is not read by logstash. When a switchover occurs, by the time logstash is started all the calls would have completed thereby updates to TRC and ACT would have stopped. Logstash does not read the TRC and ACT files until they are updated again. When the updates start, logstash does read from the point where the new data is written and not the old data. This is the reason why stop record of the calls are not shown after the switchover Steps to Replicate:
The STOP record should display. | The code is modified to read the older data and not just the new data. Workaround: None. |
SBX-118378 | SBX-110857 (8.2.6) | 1 | The RTP stream with unknown port (5004) with Delayed RBT after 180. Impact: RTP packets being sent to port 5004 after 180. Root Cause: The RTP packet was the silence packet generated from DSP. Before RTP monitoring was enabled, the call had already been cut through. When RTP monitoring was enabled, NRMA sent a flow change to XRM to change the remote port to 5004. As a result, the DSP-generated silence packet got sent out to remote peer on port 5004. Steps to Replicate:
| The code is modified so the XRM ignores the remote RTP port change. So the RTP packets are sent to resolved remote IP and port. Workaround: None. |
SBX-106518 | SBX-105749 (8.2.6) | 1 | The RTP monitoring failed when the iteration is set to 1 or 2. Impact: The RTP Monitoring is not working as expected when the iteration is set to 1 or 2 Root Cause: When the monitoring period is over, it sends FIRST expiry and FINAL expiry together. As a result, this is not being handled properly leading to non-playing of LRBT. Steps to Replicate: Configure monitoring cycle to 1 and make calls. Ensure that LRBT is heard when monitoring cycle gets over. | The code is modified to play the tone. Workaround: Use n=3 or more. |
SBX-120270 | SBX-120264 (9.2.4) | 1 | The SCM Process continually cores on two SBC 7000s - possibly PCV IOI related. Impact: The SCM Process coredumped due to NULL pointer access for a (GSX) ISUP-GW-GW-SIP call after enabling Generate or Replace PCV feature. Root Cause: The code was trying to read a CPC parameter from the ingress side of the call and the parameter is NULL when the ingress side is ISUP. Steps to Replicate:
Expected result: The SCM Process cores. | The code is modified to ensure the CPC parameter is not NULL before accessing it. Workaround: Disable Signaling > Generate or Replace PCV and apply the fix. |
SBX-119267 | SBX-118822 (9.2.4) | 1 | The HA SBC fails to start on version 09.02.04R001 when the Direct IO Passthrough is used. Impact: The SBC application fails to start on a 44 vCPU instance. Root Cause: The maximum number of vCPUs supported is set to 40 in the SM module. This leads to corruption and a subsequent core-dump on instances with a size greater than 40 vCPUs. Steps to Replicate:
| The code is modified and now set to be in sync with other modules. Workaround: None |
SBX-118789 | SBX-118367 (9.2.4) | 1 | Missing CDR sub fields from Column: Ingress Protocol Variant Specific Data. Impact: Missing CDR sub fields from Column: Ingress Protocol Variant Specific Data. Root Cause: The CDR fields were not updated in SipSgFillProtocolSpecData function from where CDR was getting populated. Steps to Replicate:
| Updated SipSgFillProtocolSpecData function with the CDR field that were missing to address the issue. Workaround: None. |
SBX-119957 | SBX-119525 (11.1.0) | 1 | Observed the SCM Process core while running callflow sanity on the SBC 7000 Impact: Application gets crashed while running call flow sanity on the SBC 7000. Root Cause: During Call Progress when a timeout is hit and CANCEL is triggered towards endpoint then due to invalid/null pointer access core dump is observed. Steps to Replicate: Run a call flow sanity on an SBC 7000. | The code is modified to ensure the pointer is validated for NULL before accessing it. Workaround:None. |
SBX-118368 | SBX-114415 (8.2.6) | 1 | The SBC 7000 standby CE stopped functioning with file corruption and "read only" mode. Impact: When the file system turned to Read Only mode the server did not go for reboot. Root Cause: The SBC became stuck during the read only file system checking but the root cause cannot be determined. Steps to Replicate: The steps cannot be reproduced. | The code is modified to use different commands to check for read only status to try and ensure the SBC automatically reboots to recover. Workaround: An operator needs to manually reboot the SBC in order to recover it. |
SBX-119252 | SBX-113060 (10.1.2) | 1 | The SBC needs to open both protected TCP and UDP port in AKA mode. Impact: The SBC drops messages coming on the TCP when some phone does initial registration over UDP but later sends message over TCP in IMS AKA scenario. Root Cause: When initial REGISTER comes on UDP in IMS AKA scenario, the SBC does not open protected ports on TCP. This will cause problem with some phones, which do initial registration over UDP, but later may send some messages over TCP during call. Steps to Replicate:
| The code is modified so that the SBC opens protected ports on both TCP and UDP when the initial registration is over UDP. Workaround: None. |
SBX-119249 | SBX-118988 (11.0.0) | 1 | The sysDump saved with an owner as root even though sbcDiagnostic 2 is run with linuxadmin as user. Impact: In the Cloud SBC when sysdumps are generated using sbcDiagnostic command as linuxadmin user, linuxadmin is unable to copy the sysdumps due to restricted permissions. Root Cause: sbcDiagnostic was generating sysdumps with root ownership, which did not allow linuxadmin to copy them. Steps to Replicate:
With a fix, linuxadmin should be able to copy sysdumps. | The code is modified to allow copying. Workaround: None. |
SBX-118704 | SBX-118635 (11.0.0) | 1 | Observed the IpSockAddr (0.0.0.0) and Port (0) for Egress leg in GW1 and Ingress leg in GW2 for GW-GW HPC call scenario. Impact: The IpSockAddr and Port fields are 0 in the global callDetailStatus status command in a GW-GW HPC call scenario. Root Cause: In 9.2.4R001, the code is added to not send CPC_OP structures unknown to the GW-GW encoder layer over the GW-GW link to reduce the size of the GW-GW message sent to older SBCs and the GSX. However, it was found that at least one of these unknown CPC_OP Structures, CPC_OP_SIP_ZONE_AC_NAME_STR was used to transfer information used in the global callDetailStatus status command. Steps to Replicate:
| The code is modified to send the CPC_OP structures unknown to the GW-GW encoder layer over the GW-GW link. Workaround: None. |
SBX-118932 | SBX-116340 (9.2.3) | 1 | Customer reported DNS failures on 3 different occasions that appears to be related to "time to live" and negative cache functionality. Impact: DNS records (requests) can become stuck in RESOLVING state within the Agent, which causes the FQDN to become unreachable forever. Root Cause: A DNS request (or it's response), sent between the Agent (e.g., ScmProcess) and the Client (DNS Process), becomes lost. This causes the DNS record to become stuck in RESOLVING state, and the FQDN to become unreachable. Steps to Replicate: The steps cannot be reproduced. | The code is modified to:
Workaround: Manually clear the DNS cache or manually query the "stuck" FQDN. |
SBX-119169 | SBX-117469 (11.0.0) | 1 | Azure: Upgrade is failing from 9.2.3R4 build to 11.0.0 on standalone. Impact: Upgrades are failing in Azure using Ribbon IaC package. Root Cause: Newer versions of the Azure CLI change the way it authenticates, meaning it no longer works with the Ribbon IaC package. Steps to Replicate:
| The code is modified to install Azure CLI version 2.24.0 Workaround:
|
SBX-119434 | SBX-118683 (9.2.1) | 1 | The active T-SBC switches over to the standby T-SBC with a health check failure. Impact: The SWe UXPAD core-dumps due to an arithmetic exception. Root Cause:
Steps to Replicate: The issue is not reproducible. | The code is modified by setting the energy value to the maximum positive value if an overflow occurs. Workaround: None. |
SBX-120079 | SBX-117762 (10.1.3) | 1 | If there is only one m-line in the SDP of UPDATE with port ZERO, the SBC is having different behavior for Audio, Video and Application call flows Impact: Root Cause: The code was written to reject update when media is application and port is zero. Steps to Replicate: Send update with m-line application, video and audio with port as zero. The update should pass to the other side and C-line should be present in all the cases and port should be zero. | The code is modified to allow the call flow to function accordingly after the fix: Workaround: The call flow after the fix: |
SBX-118930 | SBX-118425 (9.2.4) | 1 | The SBC as a TLS server fails a TLS handshake attempt if an ECDHE cipher is used and the TLS client specifies an elliptic curve other than secp256r1 (prime256v1) Impact: The SBC as a TLS server fails a TLS handshake attempt if an ECDHE cipher is used and the TLS client specifies an elliptic curve name other than secp256r1 (prime256v1). Root Cause: The SBC uses the default elliptic curve name secp256r1 (prime256v1) when acting as a TLS server. Steps to Replicate: Use "openssl s_client" to trigger TLS handshake with ECDHE ciphers with curve names secp384r1 and secp521r1. | The code is modified to allow the SBC TLS server to select the Elliptic curve name automatically. Workaround: Do not specify the curve name, or use curve name prime256v1 (openssl 1.0's default on TLS server) when using a tls_ecdhe* cipher suite. |
SBX-117538 | SBX-116997 (8.2.6) | 1 | Late media pass-through calls fail after an upgrade from 8.2.2R0 to 8.2.6R0. Impact: Late media pass-through calls with "RTCP termination for passthrough" flag enabled failed. Root Cause: There are two receiver IDs in the RTCP termination Bus RESource definition. If one of the RIDs was not enabled during the BRES activation because the ingress XRES (ethernet resource) had not learned the destination MAC address yet, then the RTCP Gen was left enabled according to the design. When that BRES gets deactivated, we skip sending RID disable command to NP for that not enabled RID, and also missed issuing RTCP Gen disable command to NP. So when that BRES gets re-activated, the logic detected that RTCP Gen has already been enabled and failed the activation process, which then fails the call. Steps to Replicate: Establish a late media pass-through call with "RTCP termination for pass-through" flag enabled. The SBC sends a SIP BYE once it receives the SDP answer in the SIP ACK SDP. | The code is modified to send the RTCP Gen disable command to NP even when RID is not enabled. Workaround: Turn off the "RTCP termination for pass-through" flag. |
SBX-117578 | SBX-113233 (9.2.1) | 1 | Getting bulk alarms of "sonusSbxNodeResourcesNoPacketsReceivedNotification" Impact: The patch includes additional stats from SWe_NP, which can help in triaging false reporting of RTP inactivity issues better. In addition to this, the patch also includes fixes to prevent false reporting of RTP inactivity when policer mode is set to “Bypass” (from release 9.2.3), and preventing false RTP inactivity reporting in “call hold and unhold scenario” (from release 10.1.2R0). Root Cause: There is no root cause identified. Steps to Replicate: The steps are not reproducible. | The code is modified to add additional NP stats to help in triaging false reporting of RTP inactivity, and also backported some known false detection fixes. Workaround: None. |
SBX-119250 | SBX-118331 (10.1.2) | 1 | EMS re-Synchronization feature not working fine with SBC 7000 Impact: EMS trap resync logic does not work for standard SNMP traps e.g linkUp, linkDown. Root Cause: The EMA was not aware of the mapping from the standard OID traps to trap name and as a result it was unable to resync trap information to EMS. Steps to Replicate:
| The code is modified so that the EMA now understands the OID values for the standard SNMP traps and can resync the info to the EMS. Workaround: None. |
SBX-119172 | SBX-114533 (11.0.0) | 1 | CPX not handling the notification correctly from SDR Impact: SNMP traps destinations set by FQDN are not resolved correctly to IP Root Cause: ConfD CDB API return inconsistent data when reading from CDB_RUNNING. Steps to Replicate:
| The code is modified so that the Management Agent API (MAAPI) is now being used to read the SNMP trap target information instead of the CDB API. Workaround: Restart the SBC. |
SBX-118614 | SBX-116895 (10.1.1) | 1 | A SWe SBC switchover occurred because of an ENM Process core. Impact: The ENM Process crashed when an accounting file rolled over. Root Cause: If the fileCount for the accounting files is reduced substantially (ex. 2048 to 1024), and a rollover occurs, then a shell script is run for each file that needs to be deleted to reduce the file count to the new file count configured. This shell script deletes any hash files in the eventLogValidation directory associated with the deleted accounting file. Steps to Replicate:
| The code is modified so that instead of calling a shell script to delete the hash files, the EvmFileDeleteLogfiles routine has been changed to get a list of all the hash files of accounting files in the eventLogValidation, and deletes the associated hash file when an accounting file is deleted. This reduces the time to delete ~2000 files to less than a second. Workaround: Do not reduce that fileCount for the accounting log files more than 300 files at a time. Rollover the accounting file each time the count is reduced. |
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-119975 | SBX-118755 (9.2.1) | 2 | The S-SBC drops calls with 404 (Reason: Q.850;cause=3) with disconnected initiator is internal. Impact: If there is a connection issue with one of the TSBC, the S-SBC fails calls often trying to send allocation requests. Root Cause: This event had 8 T-SBCs:
Steps to Replicate: Configure the S-SBC with 8 T-SBC's. Add an ACL in one of the T-SBC for the port from the S-SBC and then make a few calls and monitor if the calls are not failing. | When attempting to se4nd the request, the RRM:
On receiving GW indication, the possible following scenarios can occur:
Workaround: None. |
SBX-105332 | SBX-105137 (8.1.0) | 2 | The SBC is not able to parse MSRP media packet 200 Impact: When the SBC received "200" as an MSRP response, it did not forward the same to the other end as it considers 200 as a invalid response in absence of "OK" string in 200. Root Cause: The SBC was strictly parsing "200 OK" for MSRP success response. Due to that, if it received "200" as a response, it did not forward the same to other end. Steps to Replicate: Test 1
Test 2
| The code is modified to update the parsing logic to consider 200 as valid MSRP response. Workaround: UAC/UAS needs to send MSRP response as "MSRP <transaction-id> 200 OK" to avoid this issue. |
SBX-114818 | N/A | 2 | 18x/200 Contact header sent by the SBC contains port number different than 5061 Impact: The SBC includes an incorrect port number in the Contact header of the outgoing SIP messages towards registered endpoints when the endpoints use TLS as a transport protocol and a Call Data Channel (CDC; a lawful intercept component) is enabled on the SBC. This behavior results in call failures since the endpoints send SIP requests to unused TCP port numbers. As an example, the SBC includes port numbers 5062, 5063 and others while the configured port number is 5061 (and SBC listens on that port number). Root Cause: A Lawful Intercept related subroutine changes the port numbers in the signaling port table which should always be the configured signaling port. Steps to Replicate: To reproduce the problem, create a basic SIP access scenario where an endpoint registers over TLS (REGISTER – 401 – REGISTER – 200). Then, as calea user, provision the following (the assumption is that you already created an IP interface group named LIG with at least 1 IP interface in it): | The code is modified so that the configured signaling port table is not changed. Workaround: This problem happens only when the CDC is configured and a SIP endpoint uses TLS as a transport protocol. If one of the conditions is not met, the problem will not happen. |
SBX-116271 | SBX-116184 (11.0.0) | 2 | Call is getting failed with 500 error while running call to Verify the Signalling latency in CNF cluster Impact: SLB was not able to determine the SBC instance name when dialogue transparency was enabled. Root Cause: With the ‘dialogTransparency’ flag enabled on both the ingress and egress zones of ISBC and SLB, the instance-ID tag is not stored correctly in an internal hash for the Dialogue data. Steps to Replicate: The fix has been verified for the following scenarios:
| The code is modified to extract the the instance ID from Call Info from request Message in case of dialog transparency call flow. Workaround: None. |
SBX-115994 | SBX-115994 (11.1.0) | 2 | Configuring the last trunk as incoming/outgoing direction wise is causing the SBC to remove DTG info on receipt of 3xx Impact: Configuring last trunk as incoming/outgoing direction wise is causing the SBC to remove DTG info on receipt of 3xx Root Cause: During a TRM lookup for DTG information in TrmProcessIpLookupCmd() in case TRM_IP_LOOKUP_EGRESS_TYPE_DTGNAME_ONLY, the SBC iterates through all the Contact headers and saves DTG information (such as TG name, blocking status and Trunk Type ) in CPC_OP_TRM_IP_TRUNKGROUP_LOOKUP_DATA_STR *entry. The same CPC structure is used in SipSgFillDestTgrpToCpcMsgInfo() to copy DTG information of all TGs in CPC_MSG. This DTG information is then used to route the call where TRM lookup is done through DTG name. But in the TrmProcessIpLookupCmd(), TG blocking status "status" and TRM_IPTG_CB_STR *ipTgCbPtr of last Contact header is used to send TRM reply. Since, the DTG of Last Contact is blocked, the TRM reply fails and causes the DTG to lose information. Steps to Replicate:
| Two new local variables TRM_IPTG_CB_STR *ipTgCbPtrTemp and UCHAR statusTemp are created in caseTRM_IP_LOOKUP_EGRESS_TYPE_DTGNAME_ONLY. After each iteration, when the status is != FOUND_BLOCKING, these new local variables are populated and then used in TrmIpSendLookupRpyNfy() for TRM reply. Then while the loop has to iterate for each contact header, the user must populate CPC_OP_TRM_IP_TRUNKGROUP_LOOKUP_DATA_STR. Because we are passing good values of status and ipTgCbPtr in TrmIpSendLookupRpyNfy(), the TRM reply does not fail. Workaround: None. |
SBX-120784 | N/A | 2 | The SBC call fail: Extra +1 added to globalized INV R-URI and To header (+1+1) Impact: The SBC sends "+1+1..." in user part of To and Ruri. Root Cause: When the flag related to "Use Called URI as R-URI" is enabled, the SBC duplicates globalization of the user part. Steps to Replicate:
| The code is modified so that there is no need to perform globalization if the flag is enabled. Workaround: Disable "Used Called URI as R-URI". |
SBX-120494 | N/A | 2 | The S-SBC is dropping few calls after the S-SBC restart operation. Impact: The SBC was releasing more than one standby call instance when the active call instance was released due to the call cleanup procedure: Root Cause: The standby instance was deleting call instances based on the lowest 24 bits of the GCID while processing the call clean up scenario and check for the same value in all standby contexts. The bottom 24 bits of the GCID are not unique across all standby contexts which resulted in other standby call instances being removed. The code has now been updated to check for the full GCID value while removing instances as part of the call clean up procedure. This was not a problem when the call was released normally on the active instance because it was only removed from the specific context on the standby instance. Steps to Replicate:
| The code is modified so that the standby process code verifies the full GCID value between the standby instance and the call cleanup message so that only the unique call is deleted from the standby. Workaround: None. |
SBX-120758 | N/A | 2 | I-SBC is not framing the "P-Charging-Vector" header correctly in UPDATE message Impact: The SBC was incorrectly sending a truncated P-charging-vector header in a SIP UPDATE message, resulting in the UPDATE message causing a parsing error at the next SBC and the call being released. Root Cause: The functionality introduced in 9.2.3 supports a maximum of 63 characters when processing each of the fields in the P-charging-vector header. Functionality was always passing the PCV information over from the ingress side of the call to the egress side of the call and using it even if the feature was not enabled. Steps to Replicate:
| The code is modified to only use the internal data associated with SBX-107845 at the egress side when the configuration is enabled so it is no longer being used for PCV header creation at egress unless it's enabled. This avoids the SBC sending the PCV header in the UPDATE message. Workaround: None. |
SBX-117592 | SBX-117592 (8.2.6) | 3 | An end-to-end re-INVITE is not working after a 491. Impact: After the SBC responds with an 491 and sends out a re-INVITE, some transparency headers were missing. Root Cause: A logical error that did not check the state of the call correctly. As result, the SBC treats this re-INVITE as an internal re-INVITE (not e2e). Steps to Replicate:
As a result, the transparent headers may missing. | The code is modified to address the issue. Workaround: None. |
SBX-120765 | SBX-117302 (11.1.0) | 2 | PRS Process and the SMC Process are crashing. Impact: The PRS process was crashing while processing an MRSP message due to the first header line not being present: Root Cause:If the SBC does not receive the MSRP header, line it was coring while processing the transaction id later. Steps to Replicate:Verified with MSRP message without header line. | The code is modified to add a NULL check for transaction ID before processing. Workaround: None. |
SBX-115444 | N/A | 2 | CDR jitter value incorrectly calculated if DTMF 2833 packets in the stream Impact: The SBC media jitter stats as reported in the CDRs are calculated incorrectly for received media flow containing DTMF digit events that span multiple DTMF digit packets. Root Cause: For DTMF digit events that span multiple packets, all of the DTMF packets for that event contain the same RTP timestamp (corresponding to the beginning of the event), despite being sent over an interval that could span multiple seconds (for long digit events). The SBC previously included all DTMF digit packets in the media flow's jitter calculations, which in this case would be much larger than the actual jitter. Steps to Replicate: Validate media jitter stats when the DTMF digit events spanning multiple DTMF packets are injected into a media flow received by the SBC. | The code is modified so that the SBC now omits DTMF digit packets (identified by their DTMF payload type) from media jitter stats calculations. Workaround: None. |
SBX-119058 | N/A | 2 | Call forking - XRM has at least two XRESs referencing same media resource Impact: The NP reports 0xF0 error for set grace command(0x2C) because the associated media flow has already been enabled. The call works, but this error in turn triggers unsolicited call cleanup. Root Cause: For ATCF or SIP Forking calls, XRM allocates a single IP address/UDP with multiple XRES resources (w/ different GCIDs) all referencing the same Media Resource structure. The XRM process uses a reference count in the XRM_MEDIA_RES_STR. The media flow is enabled when the parent XRES is activated. Then when allocating child XRES, XRM sends a set grace command to NP for the same media flow after it has been enabled in NP. Steps to Replicate:Watch for "Unsolicited Call Cleanup" log messages to be written in DBG upon activation of resource chain involving forked calls. | The code is modified to add a check for media flow reference count, and only sends the 'set grace' command to the NP when the reference count equals "1". Workaround: None. |
SBX-118335 | N/A | 2 | *NP 0 error counter macError, mgt0 static route missing and the rx_errors are increasing Impact: Customer upgraded the SBC 5400 from 7.2.x to 9.2.3R4 and the management ports went from 100Mbps to 1Gbps due to feature located in the SBC 8.0.0 release. On some occasions, the management port become inaccessible and CRC errors are reported in the port statistics [ethtool -S mgt0]. Root Cause: The problem is specific to the SBC 5400. When the NRS (Network Resource Service) thread issues an interface stop, followed immediately by an interface start request for all management (mgt) ports, resulting in the following behavior:
However, if the rx/tx are stopped and started in a short time (< 10 milliseconds), the remote link ignores the notification and does not renegotiate the clock/speed/duplex. This leads to the data becoming out of sync with the remote end, which causes CRC errors on the packets received. Steps to Replicate: Run the sbxrestart command multiple times. When the SBC application is running, issue "ethtool -S mgt0" and ensure rx_crc_errors is still 0. | The code is modified to power down the PHY to a low power state when the port stop request is received. Thus, when the port start request is issued, the PHY is powered up to a normal power state. This forces the remote end to detect a link down and then a link up. Workaround: If rx_crc_errors is increasing, disable and enable the mgt port. Use the following Linux commands: ifconfig mgt0 down ifconfig mgt0 up (Replace mgt0 with the mgt port name where rx_crc_errors is increasing.) |
SBX-118051 | N/A | 2 | The DTLS client Hello was being ignored. Impact: The SBC may ignore DTLS Client Hello message and cause no audio in STUN/ICE/DTLS calls when the endpoint performs STUN checks for two candidates and the two checks overlap. Root Cause: The SBC is storing remote IP/port in the nominated candidate list, even if BREQ/BREQ_UC messages are already sent. Then when resending the BREQ message, the SBC uses the remote IP/port from the stored nominated candidate array and that is causing confusion. Steps to Replicate: Establish a STUN/ICE/DTLS call and have the endpoint initiate STUN connection checks with two candidates. The STUN checks should overlap in the following manner:
| The code is modified to:
Workaround: None. |
SBX-117900 | N/A | 2 | The Azure-SWe SLB reboots as a result of memory corruption. Impact: The Azure-SWe SLB reboots as a result of memory corruption. Root Cause: A memory corruption issue produces a memcpy into a buffer that isn't large enough. This memcpy is in code related to the SLB function. Steps to Replicate: The steps cannot be reproduced. | The code is modified to verify the buffer size before the memcpy. Workaround: None. |
SBX-119900 | N/A | 2 | A potential SRTP encryption issue that may lead to one-way audio in media NAT scenarios Impact: While debugging SRTP call logs collected from a customer's network, a potential risk is noticed that random values read from RID's memory block can be used as new SRTP sequence number and roll-over counter (SSN/ROC) when RID is enabled. If it happens, customers may experience one-way audio due to remote peer's anti-replay protection discarding SRTP packets or the remote peer's inability to decrypt SRTP packets. Root Cause: The problem is triggered by NAPT timer expiry and the XRM notification to NRMA with previously learned remote IP address and port number. Steps to Replicate: There are no exact steps to test this.
| The code is modified to clear out previous saved remote IP address in XRES's SRTP/SRTCP encryption/decryption configuration to set correct SSN/ROC values in RID enable command. Workaround: None. |
SBX-117546 | N/A | 2 | The SBC is adding phone-context=private for a globalized number in the RURI and To Header. Impact: The SBC adds phone-context=private in the RURI for a globalized number when it is modified using a DM rule. Root Cause: Using a DM rule to add '+' in called number does not result in number being treated as globalized. Steps to Replicate: Configure the DM rule to add a '+' sign. Run SIP-SIP call. The SBC sends a INVITE with globalization in RURI and has phone-context=private. | Do not add phone-context=private in the RURI when the RURI is already in globalized format, including when the userpart of globalization number has a '+' sign. Workaround: Disable DM rule or use SMM to delete the phone-context parameter. |
SBX-117799 | N/A | 2 | The SBC fails to recognize the Prack in a multi-dialog (different TO tags) if an 18X and 200(Inv) are received simultaneously. Impact: For a dialog transparency and forked call, the SBC may reject the Prack request due to race condition of back to back 18x and 200 OK messages. Root Cause: After receiving a 200 OK message, the SBC finalizes the active remote tag and queues up the send packet to the ingress due to a pending Prack. When the Prack is received, the SBC rejects it because the compare for the Prack comes from a different remote tag than the one already stored in the 200 OK message. Steps to Replicate:
| The code is modified to validate the remote tag based on the forking list not the final one. Workaround: Disable the Prack. |
SBX-119107 | N/A | 2 | The SBC in a TLS Client role does not verify the peer's certificate if authClient is set to "false" Impact: The SBC in a TLS client role does not verify the peer's certificate if the authClient flag in the tisProfile is set to "false". Root Cause:The issue is caused by an invalid configuration. For an SBC in SIP Peering environment, the recommended value of the authClient flag is "true". For an SBC in SIP Access environment, the recommended value of the authClient is "false". In a SIP Peering case, the tlsProfile's authClient may be set to "false" inadvertently and the SBC in a TLS client role does not verify the peer's certificate. Steps to Replicate:
The TLS session is established without verifying peer's certificate chain. | The code is modified to verify the peer TLS server's certificate when the SBC acts as a SIP-TLS client, irrespective of the authClient setting. Workaround: Correct the configuration by setting authClient to "true" in SBC Peering case. |
SBX-117506 | N/A | 2 | The SCM Process was leaking a resource related to a NRMA sessPtr. Impact: The SCM process may leak memory in some early call failure scenarios. Root Cause: In early call failure scenarios, a different function is called to free the Call Block (and the memory linked off of it) than the function that frees the Call Block in successful call scenario. The function that is called in some early call failure scenario was not freeing all of the memory that had been allocated for the call. Steps to Replicate: The steps cannot be reproduced. | The code is modified so that all the memory that is allocated for a call is freed in all early call failure scenarios. Workaround: None. |
SBX-119965 | N/A | 2 | RtmSbyIcmHandle PRS cores, standby PRS cores when modifying IP Header Impact: Standby PRS process cores in 1 to 1 HA mode. Root Cause:The standby BRM mirrors modified IP hdr structure to standby. Steps to Replicate: There are no steps to recreate the PRS core. | The code is modified to check redundancy mode and set mirroring flag accordingly since XrmFlowChange() can be invoked from active and standby context. The BRM mirroring function was originally invoked from XrmFlowChange(). Workaround: None. |
SBX-111934 | N/A | 2 | A 300 response with embedded Identity header size of over 512 bytes in the contact is discarded with Force-Requery Redirection Impact: The SBC drops embedded Contact header in 3xx responds when larger than 2k bytes. Root Cause: Currently buffer support for embedded header is too small (max = 2k bytes). Steps to Replicate:
| The code is modified to increase buffer support up to 6,000 bytes. Workaround: None. |
SBX-119463 | N/A | 2 | The remote DTLS/SRTP Peer discards the SRTP packets due to an unexpected increase in ROC encryption. Impact:There is a one-way audio issue on the DTLS/SRTP call leg after an INVITE is sent with Replaces on the RTP call leg. Root Cause:When the SIP registrar switched over, it signaled a call hold combined with an INVITE with Replaces method to modify the media path. The call was put on hold and existing Ethernet Resource (XRESs) and Bus Resources (BRES) were deactivated. A new BRES with new RID was allocated and replaced the previous BRES. Before activating the new BRES, Ethernet Resource Manager (XRM) calculated the new SSN/ROC based on XRES's saved SSN/ROC. But in the calculation, the XRM incorrectly increased ROC value which caused one way audio after the call is re-activated. Steps to Replicate:The steps are not reproducible. | The code is modified to correct the resource allocation logic in XRM. Workaround: None. |
SBX-118145 | N/A | 3 | The "EMA - System Administration - File Upload" does not allow a .pfx certificate file to be uploaded. Impact: The EMA does not support the uploading of a certificate file with a .pfx extension through the "EMA - System Administration - File Upload" page. Root Cause: There is no requirement to allow a file to be uploaded with a .pfx extension, hence the support for the same is not available. Steps to Replicate:
The upload of the file will be successful. | The code is modified to allow a file with a .pfx extension to be uploaded. Workaround: The file has to be manually copied to the SBC through the SSH. |
SBX-118180 | N/A | 3 | A duplicate MIME-Version header is added on a SIP over Core call. Impact: A duplicate MIME-version header is added by the SBC when an incoming INVITE already has the MIIME-version header. Root Cause: When the SBC encounters MIME content it adds the MIME-version by default. When an unknown header transparency is enabled at the egress IPSP and the incoming message has a MIME version header, it is transparently passed to the egress. This results in A duplicate MIME-version header at the egress side. Steps to Replicate:
| The code is modified to check for the MIME content and the MIME-version header. If there is an unknown header transparency then it is not added it to message. Only the MIME-version will be added by the SBC. Workaround: None |
SBX-118353 | N/A | 3 | An incorrect DSP insertion/rejection reason can be seen recorded in the ACT record in the case of an incomplete offer/answer. Impact: An incorrect DSP insertion/rejection reason is the result of an incomplete offer/answer. Root Cause: Example:
In the problem scenario where the T.38 is enabled as transcodable codec during an initial offer/answer, the SBC is not able to find the heaviest transcodable codec. The setting for the dspRejectionReason is "Rejected codec unlicensed". Steps to Replicate:
| The code is modified to update the dspRejectionReason to "Rejected codec unlicensed" for only the cases where the license is unavailable . Workaround: None |
SBX-117901 | N/A | 3 | Log is incorrect when using regex to filter value to be stored. Impact: After adding an SMM rule for a value to a variable, there is a logging problem only - the wrong value is being written in the DBG log. Root Cause: Logging the wrong data. Steps to Replicate: Configure the SMM rule to store a value to a variable and look for the debug log message: "SipsMmUtilStoreValue ..." | The code is modified so the data log is stored to a variable correctly. Workaround: Ignore the logging message. |
SBX-119032 | N/A | 2 | Parsing the ttc-charging-params in the P-Charging-Vector only succeeds if the parameters have a certain order. Impact: Parsing of ttc-charging-params in P-Charging-Vector succeeds only if the parameters have a certain order. Root Cause: The issue is with the contractor parameter that is also picking up all subsequent parameters. Steps to Replicate:
All the subsequent parameters are ignored. | The code is modified to correct the Contractor parameter to be telephone number only. Workaround: Use the SMM to reorder the parameters. |
SBX-119709 | N/A | 2 | ASAN : ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004. Impact: While generating early attempt CDR records, the code was trying to read ingress remote gateway information that was not available and this resulted in trying to deter a NULL pointer. Root Cause: The code did not account for an edge case scenario where ingress remote gateway information was not available and tried to access a NULL pointer, which can result in a coredump. Steps to Replicate: Run some call scenarios where the incoming call is queued and then processed later. | The code is modified to check if the pointer is valid before trying to read from it. Workaround: Disable early attempt CDRs to avoid this issue. |
SBX-116820 | N/A | 2 | The LDG goes down and triggers ARS - IP ACL. Impact: The XRM debug command failed to dump static discard ACL stats. Root Cause: The existing logic only dumps maximum 100 entries of each allocated ACL list. If a user has more than 100 allocated ACL list in admit TCAM ACL list, then the entry 101 to 200 is dumped for next category of ACL list, and so on. Steps to Replicate:
| The code is modified to:
The change applies to both ACL config and stats. Workaround: Configure less than 10 signaling ports. |
SBX-118393 | N/A | 2 | The SBC is not sending message over IP Sec tunnel to UE when UE idles around one hour. Impact: In IMS AKA connections, the SBC was sending a response to UE in clear when UE switched communication from UDP to TCP Root Cause: The SBC was not opening IMS AKA ports for TCP communication when initial registration happened over UDP Steps to Replicate: Run initial registration over UDP. Send INVITE/PRACK over TCP and UDP. Repeat the test with initial registration over TCP. | The code is modified to allow communication on both UDP and TCP irrespective of whether initial registration was on UDP or TCP. Workaround: None. |
SBX-116163 | N/A | 3 | G722 is in 183/200 SDP to ingress peer but 711U audio packets sent Impact: When the SBC is playing tone and in subsequent response the Codec is changed, the SBC is not sending updated codec toward Ingress. Root Cause: When the codec is changed in 183 after 180 w/o SDP, the SBC sends old codec in 183 and tries to send the updated codec in the Update. However, since offer answer is not completed the SBC queues the update. After 200 OK the SBC should release the queued SDP. However, in the earlier release the queued SDP was not released Steps to Replicate:
The SBC should trigger re-INVITE toward ingress with updated codec (g722). | The code is modified to release the queued SDP when 200 OK is received Workaround: None. |
SBX-117639 | N/A | 3 | Uploading a .p12 file through the Configuration --> Security Configuration --> Commands --> Upload Certificate logs the user out. Impact:Uploading a .p12 certificate through the "EMA - Configuration - Security Configuration - Commands - Upload Certificate" results into logging out the user and failing to upload the certificate. Root Cause: The CSRF token was not passed in the certificate upload request. Due to this, the upload request was rejected and the user is logged out. Steps to Replicate:
| The code is modified to pass the csrf token in the certificate upload request. Workaround:Upload the file through the Administration --> System Administration --> File Upload --> Add Files to Queue --> Upload All Files. |
SBX-120114 | N/A | 2 | LeakSanitizer error found in sanitizer.CE_2N_Comp_ScmProcess_0,1,2,3 Impact: The SBC leaks a small amount of memory while loading the ISUP signaling profile from CDB. Root Cause: The functions which read the ISUP signaling profile from CDB were allocating memory to store the information before storing internally and did not free up the memory at the end of processing. Steps to Replicate: This issue was only observed while testing with an ASAN enabled build as the amount of memory leaked is so small. | The code is modified to make sure that memory is correctly freed at the end of reading the ISUP signaling profile information from CDB. Workaround: None. |
SBX-119603 | N/A | 2 | LeakSanitizer: detected memory leaks. Impact: The SBC was leaking memory while processing MTRM configuration data. Root Cause: While processing the MTRM configuration, the SBC was reading data to internal memory for validation and not freeing up the memory at the end of the validation process. Steps to Replicate: Run various MTRM configuration changes and check there are no memory leaks. | The code is modified to make sure the configuration validation memory is correctly freed up at the end of processing. Workaround: None. |
SBX-119964 | N/A | 2 | The SCM Process cored during call execution of re-INVITE/UPDATE call scenarios. Impact: The SCM process was coring during re-INVITE/UPDATE call scenarios. Root Cause: The code was trying to update packet ccb information, resulting in the dereferencing of a NULL pointer and a coredump. Steps to Replicate: Re-run a selection of re-INVITE/UPDATE test cases to confirm no coredump occurred. | The code is modified to ensure that the pointer is not NULL before dereferencing the pointer to avoid a coredump. Workaround: None. |
SBX-118928 | SBX-118373 (9.2.3) | 3 | There was an Active SBC 7000 DNS Process core. Impact: The DNS Process on the active CE on a system switchover may coredump. Root Cause: A NULL DNS TCB (transaction control block) was encountered while the Active CE was shutting down (during restart). Steps to Replicate: The steps cannot be reproduced. | The code is modified to guard against using a NULL DNS TCB. Workaround: None. |
SBX-116904 | SBX-110756 (10.1.1) | 3 | Wrong behavior with sipAdaptiveTransparencyProfile enabled. Impact: When the SipAdaptiveTransparencyProfile was enabled and the SBC received 200 OK with SDP, it was sending ACK without SDP in late media scenario cases. Root Cause: The SDP was not being added in ACK in late media cases. Steps to Replicate: The following are the test cases used in the call flow:
| The code is modified to add SDP in ACK for late media cases. Workaround: None. |
SBX-117758 | SBX-117280 (10.1.2) | 2 | Apache Axis security issues Impact: The following vulnerabilities related to Apache 1.2 were identified with in the Ribbon SBC application: Issue 1: The LI uses unsupported Apache Axis 1.2 (2005) on JBoss 5.1 (2009). Issue 2: The LI exposes the Apache Axis AdminServlet without authentication (default for Axis 1.2). Issue 3: The LI runs as the sonusadmin user, a privileged account. Root Cause: The LI uses unsupported Apache Axis 1.2 (2005), exposes the Apache Axis AdminServlet without authentication and runs as the sonusadmin user, a privileged account. Steps to Replicate:
| The Apache Axis cannot be upgraded to version 1.4 for issue 1 due to the following: The Axis 1.2 has 3 vulnerabilities CVE-2018-8032, CVE-2014-3596 and CVE-2012-5784 and the SBC application is not impacted by any of these. Axis 1.4 has four vulnerabilities (3 from version 1.2 plus 1 new) out of which CVE-2019-0227 (this is the new one in version 1.4) could impact the SBC application. As a result, for issue 1 no fix is required. For issue 2 and 3, the code is modified to remove the AdminService. Workaround: None. |
SBX-118034 | SBX-117293 (11.0.0) | 3 | Unable to import a large SSL certificate to the standby node Impact: Unable to import a large SSL certificate to the standby node. Root Cause: Certificate was not getting restored on standby as its content was getting corrupted due to bufferoverflow. Steps to Replicate:
| The code is modified to add validation to prevent bufferoverflow. Increased size of subjectAlternativeDnsName entries to 4096 chars. Workaround: None. |
SBX-117525 | SBX-112042 (10.1.2) | 3 | The SAM hangs and crashes during a correct switchover attempt. Impact: After a switchover, the SAM process was not being terminated correctly. Root Cause: SIPCM Terminate was taking longer time than AMF specified time value of two minutes and as a result, the AMF was forcefully aborting the SAM process. Steps to Replicate:
| Incremented the AMF terminate timer from 2 min to 4 min for SAM process. Workaround: Run the below cmd to increase the AMF timer value without any code changes. |
SBX-118238 | SBX-111141 (11.1.0) | 3 | The SBC 7000 softwareUpgradeStatus shows invalid characters for upgradeCompleteTime Impact: After performing an upgrade, the upgradeCompleteTime field was not getting populated with the correct value. 'upgradeCompleteTime' showed invalid characters. Root Cause: A variable ‘tmp’ defined within SonusSmSoftwareUpgradeCsv::populateTime has a pointer reference to SonusSmSoftwareUpgradeCsv::setSoftwareUpgradeCompleteTime function. Since ‘tmp’ variable’s scope was limited to SonusSmSoftwareUpgradeCsv::populateTime we were getting corrupted value when we access that in SonusSmSoftwareUpgradeCsv::setSoftwareUpgradeCompleteTime. Steps to Replicate: Perform an upgrade and check upgradeCompleteTime through the CLI command: | The code is modified by making the ‘tmp’ variable a static variable, so that gets allocated for the lifetime of program. Workaround: None. |
SBX-117343 | SBX-116240 (11.1.0) | 3 | EMA TLS profile certificates handling is not working properly. Impact: The EMA TLS profile certificates handling is not working properly. Root Cause: The EMA TLS profile certificates were not getting restored if incorrectly configured. Steps to Replicate: Try configuring EmaTlsProfile clientCaCert and serverCert incorrectly:
| The code is modified to perform validation to ensure user doesn't configure emaTlsProfile. Workaround: Reconfigure EmaTlsProfile with correct certificate types for clientCaCert (remote) and serverCert (local/local-internal). |
SBX-119293 | SBX-119224 (9.2.4) | 2 | Microsoft Azure reserves port 65330. Impact: Some DNS queries fail to get a response in an Azure deployment. Root Cause: Microsoft does not allow VMs to use port 65330. The DNS queries are sent using this local port and are dropped. Steps to Replicate: Run DNS queries for a long period of time and check that port 65330 is not used. | The code is modified to mark port 65330 as reserved. Workaround: The Linux configuration can be manually updated to reserve the port.
|
SBX-117923 | SBX-117921 (11.1.0) | 2 | A de-reference a NULL return value. Impact: The SCM process allocates a null pointer resulting in a crash. Root Cause: While trying to remove the EVS codecs from a call with a leg associated to the MRF/MRFP, the associated call leg is removed due to a race condition and the code dereferences a NULL pointer. Steps to Replicate: The steps cannot be reproduced. | The code is modified to defend against the race condition and validates that the associated call leg pointer is not NULL before dereferencing it to avoid a coredump. Workaround: None. |
SBX-119295 | SBX-119262 (9.2.1) | 2 | ednsPayloadSize value is not applicable after S-SBC switchover Impact: The ednsPayloadSize value is not taking effort following a switchover. Root Cause: The SBC was missing code to restore the ednsPayloadSize value in an N:1 configuration. Steps to Replicate: Assign a value to the ednsPayloadSize of the DNS configuration check that it is taking effect and then perform multiple switchovers and check that the configuration is still taking effect: | The code is modified to correctly restore this configuration value. Workaround: Following a switchover, the operator needs to remove and reapply the edns configuration value. |
SBX-118139 | SBX-118109 (11.0.0) | 2 | EMA: Terminate call is not working from EMA Impact: Terminate call command is failing from EMA Root Cause: When terminate call operation is performed, the terminate call xpath is encoded by the UI and sent to the backend. The backend, however was not decoding the xpath due to which the operation was failing. Steps to Replicate:
The call should get terminated | The code is modified to decode the xpath in the backend. Workaround: No workaround. |
SBX-117384 | SBX-113593 (9.2.1) | 2 | Observed that callResources are not properly clearing after the call is complete. Impact: In a DSBC setup with multiple nodes in the T-SBC cluster, for the initial INVITE processing, resources (DSP, public xres and private xres) were allocated from TSBC1 (for codecs G729 on offer leg, G711 on answer leg). After receiving an answer with 729, the resources from TSBC1 were cleared up properly and the new resources allocated on a TSBC2 for G729 on leg0 and G729 on leg1, with priv xres(s) cleared up since it is a single DSP call. The call turns to be G729-G729 transcode. Upon receiving a re-INVITE with G711, resources (dsp+priv xres+public xres) were allocated from TSBC1, and upon receiving answer (200 OK) from UAS, new resources were allocated from another TSBC (TSBC2). Before activating these new resources from TSBC2, the TSBC1 resources on the call leg have to be deallocated. However, this was not being done correctly. Root Cause: While freeing up resources for initial offer-answer on TSBC1, an incorrect resource mask (only dsp, and not the public/private xres) was being set in the deallocation command by S-SBC to TSBC1. This resulted in the call structure on TSBC1 being held despite the call being terminated and resources being freed. Steps to Replicate: Set up: Run D-SBC with multiple nodes in TSBC cluster. Scenario:
| The code is modified to reduce the number of DSP re-allocations between TSBCs by not allocating fresh DSPs for every new offer, unless absolutely required. This is achieved by performing the following tasks:
Also, while deallocating resources on the T-SBC from the earlier offer-answer, Workaround: None. |
SBX-119167 | SBX-117948 (11.0.0) | 2 | Deletion of a SMM Profile with 768 rules is failing. Impact: Deletion of a SMM Profile with 768 rules is failing Root Cause: There was a restriction of 1000 transactions per commit to avoid health check issues leading to failure while deleting SMM profile with large number of rules. Steps to Replicate: Validate that deletion of SMM profile with 768 rule succeeds. | The code is modified as the operation was already being performed by disabling the healthcheck timeout for the duration of operation. Workaround: No workaround. |
SBX-116737 | SBX-116605 (8.2.2) | 2 | The SBC does not log SIP messages to the TRC file when routing calls using the DNS Lookup. Impact: The SBC does not log SIP messages to the TRC file when routing calls using the DNS Lookup. Root Cause: During a DNS lookup, the LogInfoSpec is not set with the proper logging details in the SIPCall data structure. Steps to Replicate: Make a call from the Ingress side with the DNSLookup enabled. Post the call as successful and check the TRC file. | The code is modified to address the issue. Workaround: None. |
SBX-119146 | SBX-118922 (10.1.2) | 3 | There was a problem on the EMS SBC Manager's SIP Active Register Name Status List. Impact: There was a problem on the EMS SBC Manager's SIP Active Register Name Status List. Root Cause: The SBC browser reloads the screen when clicking the search button. On a reload functionality check for previous search text, if any available it will trigger search button. As a result, this loops continuously. Steps to Replicate:
The page returns an entry according to the search text. The page does not refresh (loop). | The code is modified to stop the default browser behavior by clicking the Search button. Workaround: No workaround. |
SBX-117572 | SBX-116335 (11.1.0) | 2 | The SBC EMA presents only the SSL server certificate, instead of the full certificate chain. Impact: The SBC EMA/PM web server isn't sending the full certificate chain while negotiating the TLS with clients. Root Cause: The SSLCACertificateFile option is commented in SBC which makes the EMA/PM server send only its serverCertificate to the clients. Steps to Replicate:
| The code is modified to add the SSLCACertificateFile option. Now the EMA/PM web servers will send the CA certificate along with the server certificate during TLS negotiations. Workaround: None. |
SBX-116411 | SBX-114056 (8.2.6) | 2 | An RTCP goodbye message is sent after a 183 RESPONSE. Impact: When monitoring a profile is enabled with an early media configuration, the early media from the endpoint is triggered. The Root Cause: The indication to stop monitoring is passed as soon as the early media is received. The deactivation and reactivation of resources cause it to send the RTCP bye packet with the SSRC. The SSRC is received from the endpoint. Steps to Replicate:
| The RTCP bye packet is suppressed for early media when the endpoint is playing the media. Workaround: Disable the monitoring profile. |
SBX-120032 | SBX-118050 (9.2.4) | 2 | The TERM IOI value has not returned in 18x/200 OK to the caller as expected in the IPX PCV header management. Impact: Part of a feature introduced in the SBC Core 9.2.3 release contained these requirements: Customer network
Partner network
Ingress TG: Both SIPCORE TGs. Egress TG: A Call Flow Partner Peer PARTNER TG on the SBC TG on the SBC peer Root Cause: The following configuration must be enabled: Ingress TG: Both SIPCORE TGs. Egress TG: The issue is noticed for the following call flow: Call Flow Partner Peer PARTNER TG on the SBC TG on the SBC peer Steps to Replicate: The issue can be replicated by configuring the following: Ingress TG: Both SIPCORE TGs. Egress TG: The issue is noticed for the following call flow: A Call Flow Partner Peer PARTNER TG on the SBC TG on the SBC peer | The code is modified so when the generateOrReplacePCV functionality is enabled, carry forward the data like the original ioi, icid, etc. in the call block. This is used while processing 18x/200 OK and appropriately adds Term-IOI if configured and when sendPCVHeader is enabled. Workaround: Enable sendPCVHeader on both trunk groups. |
SBX-117955 | SBX-117119 (11.0.0) | 2 | The removeSavedConfig does not delete a saved config file unless 'show table system savedConfigList' is called beforehand. Impact: The removeSavedConfig does not delete a saved config file unless 'show table system savedConfigList' is called beforehand. Root Cause: When savedConfig and removeSavedConfig called one after the other, the internal list did not have the path to delete the file. Steps to Replicate:
| The code is modified to update the internal list with path and file name. Workaround: Before calling the removeSavedConfig, call the "show table system savedConfigList" |
SBX-117894 | SBX-115853 (11.1.0) | 2 | The SBC sent an UPDATE with payload (128 101) that caused calling party to fail the call. Impact: This is a SIP-GW1-GW2-SIP call. The issue is GW1 sends an UPDATE to client for codec G.729 but Payload Type as 128. Root Cause: UPDATE is sent by GW1 to ingress because at ingress, there was Tone and Announcement profile configured and playing the Tone triggered by an UPDATE. An UPDATE was sent to client with G729 as G729 was the first codec offered by Server in it's UPDATE message, as the Honor Remote Precedence flag was enabled in Ingress GW's PSP. The G729 PT is updated with wrong value of 128 instead of 18 in the NRMA code. The selected codec's rx PT was assigned with tx PT that contained invalid PT. Steps to Replicate:
| The code is modified with a valid PT value. Workaround: Set the Honor Remote Precedence flag disabled. |
SBX-113551 | SBX-101758 (8.2.6) | 2 | There was an issue regarding field Ingress Codec inside the CDR for some calls with CLEARMODE. Impact: The SIPI INVITE call fails when CLEARMODE as CODEC feature is enabled. Root Cause: The call failed as CLEARMODE in the PSP was becoming NULL. Steps to Replicate: Run the CLEARMODE as CODEC enabled and PSP has CLEARMODE as entry. Test steps:
Tests can be done to verify different call flows:
| The code is modified so that when the CLEARMODE as CODEC is enabled and the SIPI with CLEARMODE is received, the call is processed and the CDR gets updated with CLEARMODE (p:71:0). Workaround: Not available. |
SBX-117392 | SBX-114396 (9.2.1) | 2 | An UPDATE to modify AMR-NB to the AMR-WB failed in cases where a multi active TSBC was involved. Impact: In a multiple T-SBC cluster setup, when receiving a modify offer (ex: with Update/reinvite) to change from a lower codec (AMR-NB) to a heavier codec (AMR-WB), the SBC was reallocating a new DSP to support the heavier codec. This DSP could be from the same T-SBC as the initial offer-answer DSPs (TSBC1), or a different T-SBC (TSBC2). In this case, the new DSP on offer leg was from TSBC2. While processing an answer leg, the SBC incorrectly chose to reuse the existing DSP though it is from the first TSBC1 instead of TSBC2, the node from which the new DSP for the offer leg is allocated. Root Cause: While processing the answer leg, when the SBC chooses to either reuse the previously-active DSP on the call leg, or reallocate a new DSP, the SBC did not check the node IP address of the T-SBC (where the DSP on the offer leg was allocated) against the previously-active DSP on the current answer leg. Steps to Replicate: Set up:
Call flow:
The DSP on offer leg is from TSBC2. | The code is modified so the SBC compares the node IP address of the T-SBC for a newly-allocated DSP on the offer leg with that of the previously-active DSP on the current answer leg. The SBC reuses the latter only if both of the IPs match; otherwise, a new DSP is allocated, and the previous DSP frees up later on. Workaround: Run a single T-SBC in a cluster. |
SBX-118218 | SBX-117279 (11.0.0) | 2 | The SBC init.d script checkForUpgradeRevert() file parsing is forgiving and can facilitate arbitrary command execution. Impact: One of the scripts on the SBC has a security issue that in a particular scenario can cause potential privilege escalation from sonusadmin to root. Root Cause: Script was running a marker content without input validation and location of marker was not secure. Steps to Replicate: This code block gets executed only when an upgrade from version which has single debian root partition to three partition model. It is not applicable for any 6.0 or later installations. | The code modified to move the marker to a secure location owned by root and input validation is added in script as a added measure. Workaround: No workaround. |
SBX-118144 | SBX-114194 (9.2.1) | 2 | Observing memory leak in ScmProcess of active S-SBC during precondition update call flow Impact: On the D-SBC, there was a memory leak in the cluster transcoding capability during Update with preconditions call flow. Root Cause: On the D-SBC, the reference to cluster transcoding capability held in the current working PSP context was being lost, hence leading to memory leak. Steps to Replicate: Run an Update with preconditions call flow on a D-SBC setup and monitor the memory on the active S-SBC node. Without the fix, there would be an increase in the memory usage of SCM Process indicating a memory leak. | The code is modified to avoid losing a reference to the current working PSP context cluster transcoding capability memory, by saving it to the pending Ack PSP context and ensuring to free this memory during the offer answer processing. Workaround: None. |
SBX-119166 | SBX-118108 (11.0.0) | 2 | The SBC is not sending SDP offer in outgoing INVITE with all the codecs that are configured in PSP. Impact: The SBC is not sending out INVITE with all configured codecs (passthru + transcodable) when Audio + Text is received. Root Cause: The issue only occurs when the D-SBC ( S/M/T ) set up receives an INVITE from Ingress peer with Audio and T.140 stream. During offer processing, the SBC was checking the transcode capabilities for both Audio and text stream, causing this issue. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
SBX-119161 | SBX-114693 (11.0.0) | 2 | Need to Update all the Application code to set the V6 loopback address. Impact: The SBC fails to identify an address as loopback address for an IPV6 call Root Cause: New feature that was added in the 10.1 release exposes this issue. Steps to Replicate: Run a NATed call from IPV6 end point. The call must be established successfully and media should flow from EP1 to EP2 through the SBC. | The code is modified so that the SBC identifies the loopback address for an IPV6 call correctly. Workaround: None. |
SBX-119173 | SBX-117842 (11.0.0) | 2 | Number Translation criteria was not appearing after importing the file that contains number translation criteria. Impact: Number Translation criteria was not appearing after importing the file that contains number translation criteria. Root Cause: This issue is caused by a feature code check-in, in the SBC release 9.2.3. Steps to Replicate:
Expected Results: The number translation criteria should appear after the import. Observed Issue: The number translation criteria is not appearing after the import. | The code is removed from all occurrences policy/SBXPIPE/SbxNumberTranslationCriteriaEntity.cpp Workaround: No workaround. |
SBX-119159 | SBX-115421 (11.0.0) | 2 | Serf Logs and Upgrade marker files are missing from sysDump. Impact: Serf logs and upgrade marker files were missing from sysDump. Root Cause: Capturing only specific log files without * regex. Steps to Replicate: Run sysDump.pl script. | The code is modified to capture all the files including rolled over files. Workaround: No workaround. |
SBX-119164 | SBX-117972 (11.0.0) | 2 | While expecting BYE, the SBC is sending an INVITE to egress side. Impact: The SBC sending a re-INVITE with text stream disabled when the egress EP sends 200 OK with Audio stream alone. Root Cause: Since, the egress EP sent 200 OK with only audio stream, SBC internally disables the text stream on both call legs that is resulting in triggering of a Re-INV with text stream disabled towards UAS side. Steps to Replicate:
| The code is modified so that if the peer already disables any media stream and if the SBC tries to trigger a re-INVITE towards the peer for disabling the same media stream, then suppress the triggering of the re-INVITE. Workaround: None. |
SBX-117072 | SBX-116190 (11.0.0) | 2 | Egress congestion handling should only be enabled for the 503 with a retry. Impact: The SBC was treating 503 with or without Retry-After header as a peer overload scenario. But the SBC should only treat 503 responses with retry-after because those are unambiguously overload related. Root Cause: The SBC was not verifying for the presence of Retry-After header to consider it as a peer overload scenario. Steps to Replicate: Send a 503 with Retry-After header for a SIP INVITE. | The code is modified to address the issue. Workaround: None. |
SBX-119171 | SBX-117985 (11.0.0) | 2 | DSP Reload: Active SBC went down when dsp coredump was issued Impact: Manual DSP coredump initiated via CLI fails to collect core-dump and initiates switchover in case of the SBC 5400. Root Cause: While initiating manual DSP coredump, the DSP should be notified to copy the concerned memories to core-dump section for core-dump collection to happen successfully. Steps to Replicate: * SBC 5400 with at least one DSP card.
| The code is modified to add support for SBC 5400 to notify DSP in case of manual DSP core-dump initiated through the CLI. Workaround: None. |
SBX-119255 | SBX-90704 (10.1.2) | 2 | Ingress octets sent/egress octet rcvd for T.38 calls Impact: When stopping CDRs for T.38 calls, the Ingress octets sent and received values are not correct. Root Cause: For T38 packets, NP calculates incorrect packets when there is no RTP header for the T38 and as a result, some packets may be less than 12 bytes. Steps to Replicate: Stop CDRs for T.38 calls. | The code is modified to address the issue. Workaround: None. |
SBX-119717 | SBX-118302 (11.1.0) | 2 | MS TEAMS to PSTN call failed when SILK codec is enabled. Impact: An MS TEAMS to PSTN call failed when SILK codec is configured and the lockdown preferred codec IPSP flag is enabled. Root Cause: When the lock down preferred codec IPSP flag is enabled, one of the codec attributes related to the payload type is not copied properly during an auto answer on the egress call leg. As a result, the call is terminated. Steps to Replicate:
| The code is modified to copy the codec payload type value during an auto answer. Workaround: If "Lock Down Preferred Codec" IPSP flag is disabled then the call scenario works fine. |
SBX-119162 | SBX-116256 (11.0.0) | 2 | Observed a heap-buffer-overflow on address 0x6260000bf802 at pc 0x56063d63cca4 bp 0x7fe633ce2b00 sp 0x7fe633ce2af8. Impact: A heap-buffer-overflow is observed when Option header with too many spaces or tab is received. Root Cause: When too many space are inserted after Option header. Pdullen is calculated wrongly and include all the spaces also so while doing pre parsing pdulen reaches beyond PDU and leads to coredump. Steps to Replicate: Send option Message with large no spaces or tab such as: | The code is modified to change the startIndex so that it points to Offset Length that is equivalent to the Header length. Now while calculating the PDU length, it is taken from Offset. With these changes, all spaces are taken into consideration and the length is correct. Workaround: None. |
SBX-117481 | SBX-116942 (11.1.0) | 2 | D-SBC (M-SBC) - The XRM/NP CPUs are also being used by a system task causing slowness in media tasks. Impact: In the SWe, a few sbxPerf processes (example: top2) run on the media cgroup causing congestion issues. Root Cause: Segregation of media and non-media processes at initialization time may fail, leading to non-media processes landing on a VCPUS that is meant for media processing. Steps to Replicate: Install a fix build in the SWe and check whether the sbxPerf process (example: top2, atop) runs on the core0. | The code is modified to move the sbxPerf processes to the system cgroup. The segregation of processes is fixed as part of a separate issue. Workaround: Reboot the SBC. |
SBX-115053 | SBX-112980 (10.1.0) | 2 | The SBC interworks the extra precondition UPDATE towards the Egress. Impact: The downstream forking and preconditions interwork using an UPDATE method are enabled. When multiple 18x with a precondition are received by the SBC, the SBC sends an UPDATE request to complete the preconditions. The SBC sends an additional precondition UPDATE towards the egress, even though the preconditions are already completed. Root Cause: There was an issue in the code when an UPDATE request is triggered a second time without checking whether preconditions are met already. Steps to Replicate: Run the call flow per the customer's setup. | The code is modified to suppress the additional precondition UPDATE request, if preconditions are already met. Workaround: None. |
SBX-118808 | SBX-117803 (11.1.0) | 2 | MOH call failure for non core stream Impact: Media On Hold (MOH) Call is failing for non core stream when NAT is enabled. Root Cause: Call is failing because of frequent deactivation and reactivation of resources for a non core stream at the time of NAT relearning causing resources to go into asynchronous error Steps to Replicate:
| The code is modified for non core stream in a NAT call so that deactivation and reactivation of resources does not take place. Workaround:
|
SBX-118237 | SBX-114293 (9.2.1) | 2 | The S-SBC is unable to clear a call when there are multiple codec changes with RE-INVITES in call. Impact: On the D-SBC, a two DSP transcode call involving multiple re-INVITEs has a hung private respone and a call termination takes more time than expected. For example: a call hold/off-hold with a codec change from narrowband to wideband and vice versa. Root Cause: On the T-SBC, for every DSP, two XRESs are allocated during a re-Invite: a public and a private XRES. Steps to Replicate:
| The code is modified to address a two DSP transcode call. The private XRES(s) is freed appropriately and the call is terminated smoothly when a BYE message is received from the endpoint. Workaround: None. |
SBX-119248 | SBX-118283 (11.1.0) | 2 | Azure : Observed Availability set gets created when parameter "create_availability_set_for_sbcs" =false Impact: Availability Set being created when associated flags are set to "false". Root Cause: Incomplete Azure terraform scripts allowing Availability Sets to be created. Steps to Replicate: Re-run terraform in the SBC HFE 2.2 setup to ensure Availability Set being created or not created as per the setting of the appropriate flags. | The code is modified to add new Availability Set modules in terraform to support creating or not creating them correctly based on the Availability Set flags. Workaround: None. |
SBX-118565 | SBX-117097 (9.2.4) | 2 | A DTLS SRTP call fails after the remote peer modifies the session - the SBC fails to process the incoming DTLS Client Hello. Impact: The DTLS SRTP call fails after remote peer modified session. Root Cause: The DTLS SRTP task maintains two contexts, one for client and one for server. They are being passed in when the SBC initiates/re-initiates the session. In this case, the SBC was initiating server session. But in DTLS SRTP session reinitiate function, we passed in client context instead that caused call failure. Also when reinitiating the session, the remote RTP address was not saved in CCB. Steps to Replicate: The steps cannot be reproduced. | The code is modified to:
Workaround: None. |
SBX-119163 | SBX-117911 (11.0.0) | 2 | A call between Cisco EP and PSTN failed as the SBC is sending incorrect attribute value for Video port 0. Impact: The SBC sends a=sendrecv instead of a=inactive when video stream is received with port 0. Root Cause: When changes were made to support additional video parameters in 9.2.x release, the datapath mode WSA set to default(a=sendrecv) when video stream was marked as absent. This was causing the SBC to send a=sendrecv. Steps to Replicate:
| The code is modified to inactive when video stream is marked as absent when port 0 is received. Workaround: None. |
SBX-119256 | SBX-118662 (10.1.2) | 2 | The LSWU failed due to Action Command Timeout Impact: The LSWU failed from V10.01.01R3 to V10.01.02A3 This command will start a live software upgrade. Do you want to proceed [no,yes] yes Root Cause: The issue is with media codec related packet size validations in appPreChecks during the LSWU was taking longer time. Steps to Replicate: Run the following command: % request system serverAdmin GARNET startSoftwareUpgrade package <sbc package name> | The code is modified to address the issue. Workaround: None. |
SBX-119165 | SBX-117235 (11.0.0) | 2 | An additional UPDATE is being triggered by the SBC when the server side sends 18x with Valid Video Port. Impact: In a delayed tone play scenario, the SBC is sending an additional UPDATE when egress EP sends 18x with valid audio and video ports Root Cause: The SBC completed an initial offer-answer in INV and 18x with valid Audio and Video ports. Later, due to delayed tone play logic, the SBC started playing the tone. As part of this tone play activation, the SBC is trying to switch OFF the video stream by triggering an UPDATE with video port as zero. The 200 OK (for UPDATE) is causing the SBC to abort the tone which is not supposed to happen. Steps to Replicate:
| The code is modified so that the SBC does not stop the tone play upon receiving a 200 OK (for UPDATE) response from the ingress EP. Workaround: None. |
SBX-118100 | SBX-116974 (9.2.4) | 2 | S-SBC is unable to send the 200 OK for 2nd re-INVITE during the 4:1 redundancy with 2 RGs Impact:S-SBC is not sending 200 O.K for RE-INVITE in 4:1 redundancy setup leading to call time-out from remote peer and subsequent call failure. Root Cause:S-SBC is not able to locate the remoteGCID for the call in the DFE module. Steps to Replicate:
| The code is modified so that the DFE module of the S-SBC retains the RemoteGCID unless the call is not unstable. Prior to the fix, the Remote GCID was internally deleted by DFE in the DFE Sync message Workaround: None. |
SBX-118260 | SBX-118155 (11.0.0) | 2 | The S-SBC is unable to send the UPDATE towards the UAS endpoint for 183 dialog-3 during EGRESS precondition interworking scenario. Impact: The S-SBC is unable to send the UPDATE towards the UAS endpoint for 183 dialog-3. Root Cause: When ingress was not supporting UPDATE, the SBC was trying to send out and stuck in this state. Steps to Replicate:
| The code is modified to locally answer the UPDATE when ingress peer does not allow UPDATE Workaround: None |
SBX-117835 | SBX-113553 (10.1.3) | 2 | Interworking between a 100 REL compliant UAS and a non 100 REL UAC. Impact: Interworking between a 100 REL compliant UAS and a non 100 REL UAC Root Cause: The UAC is not 100 REL compliant and the SBC cannot forward the UPDATE to the UAC. It fakes a local answer 200 OK for this UPDATE with all the supported codecs of the UAC. This makes the SBC pick a pass through codec which is different from the codec already communicated to the UAC. An audio issue results until the call gets connected. Steps to Replicate:
| The code is modified so that the SBC fakes the local answer 200 OK (for UPDATE here) with the last negotiated codec which is already communicated to the peer. The codec selection remains the same even after the offer-answer completion during an UPDATE-200 OK handshake and there will not be any audio mismatch. Workaround: None. |
SBX-119513 | SBX-116062 (10.1.3) | 2 | SIPREC - Recorded streams cannot be decrypted successfully after call hold/unhold when the SIPREC server prefers a different SRTP crypto suite than the SBC Impact: With SRTP is enabled for SIPREC: in the scenario mentioned below, SRTP Keys towards SIPREC Servers is corrupted and SIPREC server fails to decrypt the recorded audio stream.
Root Cause: When the SBC receives the answer from SIPREC server with the crypto suite other than the first preference from the offer, the SBC Recorder control block would be updated with the key as received in the answer. However, the crypto suite continued to reflect the offer's top most crypto, thus resulting in corrupted key in further offers towards SRS. Steps to Replicate:
| The code is modified so that when the SBC receives an answer with crypto suite other than 1st preference form the offer, it updates the negotiated crypto in the control block. Workaround: None. |
SBX-119174 | SBX-118329 (11.0.0) | 2 | A call between CUCM EP and PSTN failed as the SBC is adding additional codecs that are not configured during 18x LRBT play. Impact: The SBC sending all codecs received in the initial INVITE, in the 18x LRBT play. Root Cause: The root cause for this issue is, when TFT and Audio Transparency is enabled, the SBC uses the codec in NSD, during tone play rather from PSP. As part of multi-audio and other bug fixes, the NSD generation for tone Play changed, which is causing this issue. Steps to Replicate:
| The code is modified so when the TFT and Audio Transparency is enabled, the SBC uses the older way to generate the codecs. Workaround: None. |
SBX-119176 | SBX-116123 (11.0.0) | 2 | The value set against GPU flag in /opt/sonus/conf/swe/capacityEstimates/.activeCallMixInput.json file is not an integer value" error message in DBG Impact: On Managed N:1 MRFP node, when a custom CPU profile is applied, from OAM, by specifying the value against the useGPUForTranscoding field to false, following critical level message is logged in the .DBG file: Root Cause: On N:1 Managed MRFP node, the CDB gives the value against the filed useGPUForTranscoding as False(string), rather than 0(integer). Steps to Replicate: For reproducing the issue on Managed N:1 MRFP, activate a traffic profile with useGPUForTranscoding value set to false, from the OAM, as shown below: | The code is modified to address the issue. Workaround: None. Note: The log does not indicate an error in the functionality of profile activation. |
SBX-117509 | SBX-116698 (10.1.2) | 2 | The SBC is sending out an Error-Info header in a 400 Bad Request even when the suppressErrorInfoHdr flag is enabled. Impact: The SBC is sending out an Error-Info header in a 400 Bad Request even when the suppressErrorInfoHdr flag is enabled. Root Cause: After the SBC restarts, the suppressErrorInfoHdr flag value is not updated correctly. Steps to Replicate:
| The suppressErrorInfoHdr Flag value is updated properly after a restart. Workaround: None. |
SBX-120390 | SBX-119428 (11.0.0) | 2 | Frame Lost indication not set for AMRNB. Impact:The frame lost flag is not being set based on talkState for AMRNB decoder. Root Cause: When there is no frame to be fed to the AMRNB decoder, an indication of either 'frame loss' or 'no data' should be provided to the decoder. This indication should be determined based on the decoder's talk state. Currently, the 'no data' indication is set even if there is a frame loss, which is incorrect. Steps to Replicate:
| The code is modified to allow the frame loss flag to be set based on the decoder's talk state. Workaround: None. |
SBX-120667 | SBX-120625 (9.2.4) | 2 | SRTP one-way audio - SBC not resetting SRTP encryption ROC to zero when ssrcRandomizeForSrtp is enabled Impact: One-way audio on SRTP calls; the far end is unable to decrypt SRTP packets due to ROC mismatch. Root Cause: Once the SBC received re-INVITE on the egress call leg, BRM issued RID modify command to NP on ingress call leg to update SSRC in RID. In the RID modify command, the clear last SSRC flag was not initialized properly which caused NP NOT to clear the ROC. Steps to Replicate: ssrcRandomizeForSRTP Enabled/ passthru:
ssrcRandomizeForSRTP Enabled/ transcode:
ssrcRandomizeForSRTP disabled/ passthru:
ssrcRandomizeForSRTP disabled/ transcode:
| The code is modified so that the NP RID enable and modify interface functions ignore the clear last SSRC flag - keeping ROC reset in sync with clear last SSRC. Workaround: Disable ssrcRandomizeForSRTP. |
SBX-120591 | SBX-119426 (11.0.0) | 2 | Frame Lost indicator not set for AMRWB & V 1.4 Library Upgrade Impact:
Root Cause:
Steps to Replicate:
| The code is modified so that the frame loss flag is set based on the decoder's talk state. As well, the divide by zero issue is addressed in the AMRWB library upgrade. Workaround: None. |
The following issue is resolved in this release:
Div | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Severity 1 Resolved Issues
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Severity 2-4 Resolved Issues
The following Severity 2-4 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Pagebreak
The following severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The following severity 2-3 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The following Severity 1 issues are resolved in this release:
Severity 1 Resolved Issues
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-118118 | N/A | 1 | Both of the SBC units went down after an unregister from the EMS. Impact: Both of the SBC units went down after an unregister from the EMS Root Cause: The code in the ENM process notifies the deletion of the SnmpAgent snmpTargetMib snmpTargetAddrTable snmpTargetAddrEntry. The ENM process code spawns a thread to delete the corresponding trap from the oam snmp trapTarget table that shares a CDB socket with the SonusSnmpTrapTarget::ProcSubDelete. Steps to Replicate:
| The SonusSnmpTrapTarget::DeleteTrapTargetThread routine is modified to use its own CDB socket to prevent contention from two threads for the same socket. Workaround: None |
SBX-115937 | SBX-115937 (9.2.5) | 1 | The SBC switches over due to a deadlock issue. Impact: The CPX process deadlocks when the customer is making several calls to get the authPassword, while calling the CpxTrunkGroupMediaIpSecondaryInterfaceGroupNameValidate to validate the SecondaryInterfaceGroupName. For example: Root Cause:
Steps to Replicate:
| The code is modified to perform a Workaround: Do not call for the authPassword while setting the mediaIpSecondaryInterfaceGroupName. |
SBX-118049 | SBX-118049 (10.1.2) | 1 | The SRTP decryption and encryption fail after an upgrade to 9.2.4R0/10.1.0R2. Impact: The SBC fails to decrypt the incoming SRTP packets, causing a static noise instead of audio on the SRTP calls. Root Cause: Since 9.2.0x, one flag is used in the XRM. XRM_SRTP_SESS_UNENCRYPTED is used for both the unencrypted SRTP and unencrypted SRTCP. When this flag is set, the XRM sends cipherType = NP_CIPHER_TYPE_sRTP_NULL to the NP. The SBC does not to decrypt the incoming SRTP packets. Steps to Replicate:
| A new flag is added, for unencrypted SRTCP: XRM_SRTCP_SESS_UNENCRYPTED The modified NRMA and XRM adopt the new flag for SRTCP. Workaround: Disable the UNENCRYPTED_SRTCP in the cryptoSuiteProfile |
SBX-118074 | SBX-115213 (9.2.5) | 1 | Node B unexpectedly restarts when Node A is in SyncInProgress for a long time. Impact: The Call/Registration Data on the SBC shows syncInProgress for an extended period of time. Root Cause: A redundancy message buffer is not large enough to hold the data and causes the sync to be incomplete. This results in the Call/Registration Data to remain in a syncInProgress state. Steps to Replicate: Run multiple Registration/Calls on the SBC. | The code is modified to address the issue. Workaround: None |
SBX-118089 | SBX-117435 (9.2.5) | 1 | Running a sysdump on the SBC 5400 triggers a packet port down/up condition. Impact: A port link failure occurs while running a sysdump on the SBC 5400. This may cause an SBC switchover. Root Cause:
Steps to Replicate: When the mgt/pkt interfaces are in a link up state in the SBC, run an np_mem_dump.pl. Sample command line to run 100x:
Note: This command creates npMem0_d[1..100].log files and will fill up the disk. | The code is modified to access the Octeon register through the driver instead of directly accessing the register. This avoids a concurrent access of the register. Workaround: Do not run a sysdump or /opt/sonus/bin/np/np_mem_dump.pl while the SBC is running. You can obtain an updated /opt/sonus/bin/np/oct-remote-memory and /opt/sonus/bin/np/oct-remote-csr binary to avoid the link bounce while running a sysdump. |
SBX-117578 | SBX-113233 (9.2.1) | 1 | Getting bulk alarms of "sonusSbxNodeResourcesNoPacketsReceivedNotification" Impact: The patch includes additional stats from SWe_NP which can help in triaging false reporting of RTP inactivity issues better. In addition to this, the patch also includes fixes to prevent false reporting of RTP inactivity when policer mode is set to “Bypass” (SBX-110362), and preventing false RTP inactivity reporting in “call hold and unhold scenario” (SBX-112867). Root Cause: Not yet RCAed. Steps to Replicate: Issue was not locally reproducible. | The code is modified to add additional NP stats to help in triaging false reporting of RTP inactivity, and also backported some known false detection fixes (SBX-110362, SBX-112867). Workaround: None. |
SBX-119250 | SBX-118331 (9.2.1) | 1 | EMS re-Synchronization feature not working fine with SBC7K Impact: EMS trap resync logic does not work for standard SNMP traps e.g linkUp, linkDown. Root Cause:The EMA was not aware of the mapping from the standard OID traps to trap name and as a result it was unable to resync trap information to EMS. Steps to Replicate:
| The code is modified so that the EMA now understands the OID values for the standard SNMP traps and can resync the info to the EMS. Workaround: None. |
SBX-119172 | SBX-114533 (11.0.0) | 1 | CPX not handling the notification correctly from SDR Impact: SNMP traps destinations set by FQDN are not resolved correctly to IP. Root Cause: ConfD CDB API return inconsistent data when reading from CDB_RUNNING. Steps to Replicate:
| The code is modified to ensure that the Management Agent API (MAAPI) is now being used to read the SNMP trap target information instead of the CDB API. Workaround: Restart the SBC. |
SBX-118614 | SBX-116895 (10.1.1) | 1 | SBCSWE switchover occurred because of EnmP core Impact: The EnmProcess crashed when an accounting file rolled over. Root Cause: If the fileCount for the accounting files is reduced substantially ( ex. 2048 to 1024), and a rollover occurs, then a shell script is run for each file that needs to be deleted to reduce the file count to the new configured file count. This shell script deletes any hash files in the eventLogValidation directory associated with the deleted accounting file. Steps to Replicate:
| The code is modified to ensure that instead of calling a shell script to delete the hash files, the EvmFileDeleteLogfiles routine gets a list of all the hash files of accounting files in the eventLogValidation, and deletes the associated hash file when an accounting file is deleted. This reduces the time to delete ~2000 files to less than a second. Workaround: Do not reduce that fileCount for the accounting log files more than 300 files at a time. Rollover the accounting file each time the count is reduced. |
The following Severity 2-4 issues are resolved in this release:
Severity 2-4 Resolved Issues
Issue ID | Original Issue | Sev | Problem Description | Resolution |
---|---|---|---|---|
SBX-118336 | SBX-118119 (11.0.0) | 3 | Do not send CPC_OP_TYPE_NRMA_SESSION_DESCRIPTION to old GSX/SBC. Impact: A large parameter called CPC_OP_TYPE_NRMA_SESSION_DESCRIPTION is not used on the GSX and not used in any SBC prior to 9.1 and could potentially cause a PDU to be sent over a GW link to be too large. Root Cause: In GW Connection Manager (GWCM), information is obtained for the farend if the oldGsxSupport control flag is enabled and if the CPC_OP_TYPE_BUFFER_SIZE parameter from the peer is present. Steps to Replicate: Send calls over GW-GW link with lots of optional parameters to induce call drops due to buffer overrun. | The code is modified to check if the oldGsxSupport flag is enabled and the ulPeerBuflen is still set to the smaller GSX size, so the CPC_OP_TYPE_NRMA_SESSION_DESCRIPTION parameter is marked as to notsend when desired. Workaround: None. |
SBX-118077 | SBX-116820 (9.2.5) | 2 | The LDG goes down and triggers ARS - IP ACL. Impact: The XRM debug command failed to dump static discard ACL stats. Root Cause: The existing logic only dumps maximum 100 entries of each allocated ACL list. If a user has more than 100 allocated ACL list in admit TCAM ACL list, then the entry 101 to 200 is dumped for next category of ACL list, and so on. Steps to Replicate:
| The code is modified to:
The change applies to both ACL config and stats. Workaround: configure less than 10 signaling ports. |
SBX-118131 | SBX-117302 (11.1.0) | 2 | The PRS Process and the SM Process is crashing. Impact: The PRS process was crashing while processing an MRSP message due to the first header line not being present. "MSRP 0100543f85f SEND\r\n" "Caller sent this message.\r\n" Root Cause: The code is always assuming that the header line will be present and is missing some defensive checks, which resulted in the code reading from a null pointer. Steps to Replicate: Send in an MSRP message with the header line missing. | The code is modified to defend against this unexpected scenario and not to coredump. Workaround: None. |
SBX-117900 | N/A | 2 | The Azure-SWe SLB Reboot due to SAM process coredump, possibly memory corruption. Impact: This is a SamProcess core caused by memory corruption. Root Cause: This is a memory corruption issue caused by using memcpy to copy data into a buffer that was not large enough. ThE memcpy is in code related to the SIP Load Balancer (SLB) function. Steps to Replicate: The steps cannot be reproduced. | The code is modified to verify the buffer size before doing the memcpy. Workaround: None. |
SBX-118101 | SBX-117736 (11.0.0) | 2 | A GW message parameter is having sending issues. Impact: Calls that arrive at the SBC with m=text SDP content and are routed to a GSX through a GW-GW can be released with a disconnection reason CPC_DISC_GW_GW_MSG_PDU_TOO_LONG_FOR_PEER(0xD6) due to the GW-GW message being too large for the GSX to handle. Root Cause: The SBC was sending parameters to the GSX that the GSX could not use and this was making the GW-GW PDU message larger than the GSX could process. Steps to Replicate: Make a call with m=audio and m=text in the SDP of the INVITE and try to route over GW-GW to a GSX. Check that the call is successful. The following control should be enabled: | The code is modified to delete certain parameters that are not required on the GSX to reduce the GW-GW PDU size and avoid calls being released when the PDU is too big. Workaround: Use SMM to delete m=text SDP content coming into the SBC that is potentially routed over GW-GW to a GSX. |
SBX-118104 | SBX-115994 (11.1.0) | 2 | Configuring the last trunk as incoming/outgoing direction wise is causing the SBC to remove DTG info on receipt of 3xx Impact: Configuring last trunk as incoming/outgoing direction wise is causing the SBC to remove DTG info on receipt of 3xx Root Cause: During a TRM lookup for DTG information in TrmProcessIpLookupCmd() in case TRM_IP_LOOKUP_EGRESS_TYPE_DTGNAME_ONLY, the SBC iterates through all the Contact headers and saves DTG information (such as TG name, blocking status and Trunk Type ) in CPC_OP_TRM_IP_TRUNKGROUP_LOOKUP_DATA_STR *entry. The same CPC structure is used in SipSgFillDestTgrpToCpcMsgInfo() to copy DTG information of all TGs in CPC_MSG. This DTG information is then used to route the call where TRM lookup is done through DTG name. But in the TrmProcessIpLookupCmd(), TG blocking status "status" and TRM_IPTG_CB_STR *ipTgCbPtr of last Contact header is used to send TRM reply. Since, the DTG of Last Contact is blocked, the TRM reply fails and causes the DTG to lose information. Steps to Replicate:
| Two new local variables TRM_IPTG_CB_STR *ipTgCbPtrTemp and UCHAR statusTemp are created in caseTRM_IP_LOOKUP_EGRESS_TYPE_DTGNAME_ONLY. After each iteration, when the status is != FOUND_BLOCKING, these new local variables are populated and then used in TrmIpSendLookupRpyNfy() for TRM reply. Then while the loop has to iterate for each contact header, the user must populate CPC_OP_TRM_IP_TRUNKGROUP_LOOKUP_DATA_STR. Because we are passing good values of status and ipTgCbPtr in TrmIpSendLookupRpyNfy(), the TRM reply does not fail. Workaround: None. |
SBX-118075 | SBX-114818 (9.2.5) | 2 | A 18x/200 Contact header sent by the SBC contains port number different than 5061. Impact: The SBC includes an incorrect port number in the Contact header of the outgoing SIP messages towards registered endpoints when the endpoints use TLS as a transport protocol and a Call Data Channel (CDC; a lawful intercept component) is enabled on the SBC. This behavior results in call failures since the endpoints send SIP requests to unused TCP port numbers. As an example, the SBC includes port numbers 5062, 5063 and other while the configured port number is 5061 (and the SBC listens on that port number). Root Cause: The Lawful Intercept related piece of SW changes the port numbers in the SIG port table that should be configured to the SIG port. Steps to Replicate: To reproduce the problem, create a basic SIP access scenario where an endpoint registers over TLS (REGISTER – 401 – REGISTER – 200). Then, as calea user, provision the following (the assumption is that you already created an IP interface group named LIG with at least 1 IP interface in it): set addressContext default intercept nodeNumber 10001 Once the CDC is configured, register the endpoint. The symptoms of the issue is that SBC includes an incorrect port number (5062, 5063 and similar) in the Contact header of all messages sent to the endpoint. The user does not need to make calls though; the presence of port number 5061 in the event, which is printed after the SBC received the REGISTER with an Auth header is a sufficient proof that the issue is present: 195 03022022 092259.154049:1.01.07.12989.Info .SIPSG: sipsgCallProcCommonUtils.c (-6170) 3777. SipSgSelectTransportAndSigPort: Selected address 10.xxx.yy.zz:5060 for Sig port:1107 AddrType 1 | The code is modified so that the configured SIG port table is not changed. Workaround: This problem happens only when the CDC is configured and a SIP endpoint uses TLS as a transport protocol. If one of the conditions is not met, the problem will not happen. |
SBX-118050 | N/A | 2 | The TERM IOI value has not returned in 18x/200 OK to the caller as expected in the IPX PCV header management. Impact: Part of a feature introduced in the SBC Core 9.2.3 release contained these requirements: Customer network
Partner network
Ingress TG: Both SIPCORE TGs. Egress TG: A Call Flow Partner Peer PARTNER TG on the SBC TG on the SBC peer Root Cause: The following configuration must be enabled: Ingress TG: Both SIPCORE TGs. Egress TG: The issue is noticed for the following call flow: Call Flow Partner Peer PARTNER TG on the SBC TG on the SBC peer Steps to Replicate: The issue can be replicated by configuring the following: Ingress TG: Both SIPCORE TGs. Egress TG: The issue is noticed for the following call flow: A Call Flow Partner Peer PARTNER TG on the SBC TG on the SBC peer | The code is modified so when the generateOrReplacePCV functionality is enabled, carry forward the data like the original ioi, icid, etc. in the call block. This is used while processing 18x/200 OK and appropriately adds Term-IOI if configured and when sendPCVHeader is enabled. Workaround: Enable sendPCVHeader on both trunk groups. |
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-4 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 2-4 Resolved Issues
|
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-4 issues are resolved in this release:
Div | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Severity 2-4 Resolved Issues
|
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2 - 4 issues are resolved in this release:
Div | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Severity 2-4 Resolved Issues
|
Pagebreak
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2 issue is resolved in this release:
Div | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Severity 2 Resolved Issue
|
Pagebreak |
---|
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-4 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 2-4 Resolved Issues
|
Pagebreak
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-4 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
Severity 2-4 Resolved Issues
|
Pagebreak
The following issue is resolved in this release:
Div | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Resolved Issues
|
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-3 issues are resolved in this release:
Div | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
Severity 2-3 Issues
|
Pagebreak
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-3 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 2-3 Resolved Issues
|
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-3 issues are resolved in this release:
Div | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Severity 2-3 Resolved Issues
|
Pagebreak
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-3 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||
Severity 2-3 Resolved Issues
|
Pagebreak
The following Severity 1 issues are resolved in this release:
Div | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||
Severity 1 Resolved Issues
|
Pagebreak
The following Severity 1 issue is resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2-3 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 2-3 Resolved Issues
|
Pagebreak
The following Severity 1 issue is resolved in this release:
Div | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 1 issue is resolved in this release:
Div | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Severity 1 Resolved Issues
|
Pagebreak |
---|
The following Severity 1 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 1 Resolved Issues
|
The following Severity 2 and 3 issues are resolved in this release:
Div | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Severity 2-3 Resolved Issues
|
Pagebreak |
---|
The following known issues exist in this release.
Issue ID | Sev | Problem Description | Impact/Workaround |
---|---|---|---|
SBX-122664 | 2 | SRTP attributes are overlapping on RTP leg when a refresh invite comes after switchover in a HA pair | Impact Statement: When there is no security PSP attached to the RTP leg while processing, the SRTP leg is modified first. The SBC ends up retaining the SRTP attributes for the RTP leg when the standby box becomes active and no security PSP is attached to the RTP leg. Workaround: You can remove the core from the SBC core directory. No other action is required since these types of cores do not cause the SBC's services to go down. |
SBX-111973 | 2 | On a LRBT with lateCrankback, the call is torn down upon Hold. | Impact Statement: If a call route advances after lateCrankback and LRBT is enabled, the call is torn down upon egress connect (200 OK) after hold/resume request. Workaround: None. |
SBX-111351 | 2 | The CHM process is coring after recovering from a splitbrain. | Impact Statement: While successfully recovering from a split-brain in a specific scenario, it is sometimes noticed that a CHM coredump is created. Workaround: None. The system does recover correctly without any manual intervention. |
SBX-110134 | 3 | For a T140 call - one-way audio observed if NAPT enabled on egress. | Impact Statement: If NAPT for media is enabled, the dest media port (NAPT media) stays set to 0. Workaround: None. |
SBX-103724 | 2 | The RECORDING CDR does not have Media data and stats field in a REFER scenario case. | Impact Statement: The Media Stats are not present in the Recording CDR when we record the C Leg. Workaround: None. |
SBX-101226 | 2 | The OAM should not configure the same IP and port for two different VMGs. | Impact Statement: The mis-configuration that was using the same IpVar for two different VMGs does not throw an error in the OAM CLI. Workaround: None. The mis-configuration recovery requires a reboot. |
SBX-105824 | 2 | The glusterfs had a core dump on the Active OAM for the T-SBC post upgrade. | Impact Statement: The OAM node is using the third party package glusterfs and we are using version 3.8.8-1. During a scenario where both OAM nodes are starting up, we may encounter an intermittent core from the glusterfs process. The OAM functionality is not impacted by this core and it does not impact the shared directory that is mounted by the gluster process. The call processing nodes that are managed by the OAM are not impacted and their configurations are unaffected. Workaround: No workaround. The core maybe be produced during simultaneous reboot of OAM nodes but the functionality of the OAM nodes is not impacted. |
SBX-105921 | 3 | Reduced the configuration limits that need to be used for certain fields. | Impact Statement: The CDB schema supports larger strings than the SBC application code can currently support for the following configuration objects. This issue is due to the SBC application code not allowing for one additional character to include the string null terminator if the configuration in CDB actually contains the maximum number of characters. The application supports the following maximum configuration limits even though the CDB schema allows an additional character.
In a future release, the application code will either be extended to allow for one more character or validated to put in place to restrict the character size to one less. Workaround: Use the reduced size for the fields as mentioned in the Impact Statement. |
SBX-99023 | 2 | The CE_2N_Comp_Sm Process is dumping core. | Impact Statement: The SBC coredump directory shows a SM Process coredump, but services are not affected and they keep running. Workaround: You can remove the coredump from the SBC coredump directory. No other action is required since these types of cores do not cause the SBC services to go down. |
Pagebreak |
---|
The following limitations exist in this release:
Warning |
---|
The VLAN tagged SRIOV packet interfaces are unable to ping endpoint Gateway IPs in the VMware platform because of an issue with VMware. |
Description | |
---|---|
1 | The Access Control List (ACL) is not installed to configure SNMP traps for accepting traffic. A dynamic ACL is added to configure SNMP traps. An ACL must be installed for SNMP traps for accepting traffic. |
2 | The physical NIC connectivity must be in active state at the hypervisor level before starting the SWe instance on the SBC SWe platforms. In case of SWe instance with SR-IOV interfaces, manual restart of the SWe instance is required if physical NIC connectivity goes down while the instance is in progress. |
3 | The Antitrombone feature is not supported on the D-SBC. |
4 | The EMS identifies the nodes based on the VNFC-ID. While instantiating SBC/PSX cloud nodes, ensure that you use a unique VNFC-ID only. If you reuse an existing VNFC-ID, EMS treats this as a re-registration request and overwrites the existing data on the cloud node. |
5 | While configuring the SBC SWe Cloud instances, the CLIs commits successfully even if any metaVariable provided is incorrect. The SBC SWe Cloud instance cannot validate the CLIs, as the CDB configuration file is stored in the OAM Node and is shared among all the other SBC SWe Cloud instances in the cluster. |
6 | Editing the IP Interface is not reflected in the if configuration (ifConfig). This behavior is observed only on the S-SBC when action is set to "dryup" mode on the IP Interface. The IP address changes are not updated in the kernel and will not be displayed when ifconfig linux command is executed. In case of S-SBC, if the ipInterface configuration needs to be modified and if the action is set to "dryup" in ipInterface configuration, it must be set to "force" before disabling the ipInterface and making any changes. |
7 | A LSWU on an SBC 7000 should only be performed when the total number of active calls on the system is below 18,000. If the criteria is not met, a double failure during the upgrade may occur thereby losing all active calls. If such a failure occurs, both active and standby SBC services will go down. Contact Ribbon Support immediately. |
8 | When upgrading SBC SWe cloud instances to release 9.2.x, you must update your Heat template userdata section to include mandatory SSH key information. An issue in OpenStack requires that you use the stack-update process rather than re-launch after updating the template, which leads to a new UUID for the instance. As a result, you must regenerate and apply new license bundles to the upgraded instances during the upgrade. Refer to Upgrading SBC SWe N:1 HA Nodes on OpenStack using Heat Templates for the relevant procedure. |