This maintenance has been completed without incident and everything is functioning normally.
We are aware that many of you use Kamailio, and urge you to upgrade to the latest supported versions as soon as possible to ensure that you are protected from this vulnerability.
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Aug 01, 2018 - 11:15 UTC
Scheduled
Kamailio today released a security announcement CVE-2018-14767 (more information below) which affects some versions of Kamailio that we run.
Kamailio is a well-established open source SIP proxy that we use on our network edge to filter and load-balance traffic as well as handle some unusual compatibility edge cases.
The nature of the vulnerability enables a Denial of Service (DoS) attack and, therefore, we've taken the unusual decision to deploy upgraded edge proxies as emergency maintenance during the day. This will result in a brief (under 30s) interruption and has already been tested in our lab, additionally, our international sites have already been upgraded.
We regularly maintain and update our platform, and this update has been tested internally and was scheduled to happen in the coming weeks anyway, however, the release of this vulnerability together with exploit code necessitates it being brought forward.
Customers configured in accordance with our interop information, using DNS and SRV where possible, should not see any interruption. Those monitoring our IP addresses directly will see a brief period where a site may not respond to OPTIONS requests.
We are also aware that many of our customers use Kamailio and, if you have not already done so, urge you to update to the latest supported versions. This vulnerability affects all versions prior to 5.0.7 and 5.1.4 and possibly OpenSER.