OpenSIPS server leaks version and this information may help to conduct an
attack. I propose to add a parameter in the configuration to control which
information is displayed. For example, Apache has settings to manage this.
- ServerToken which can be set to Prod mod
- ServerSignature can be set
UPDATE (this will be funny, fixed in OpenSIPS 2.1): Make sure "loadmodule
db_http.so" and its modparams are placed before "loadmodule avpops.so". This
should at least provide a crash-free environment!
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/iss
The bug is apparently obvious, and a fix is on its way. Before applying the fix
however, could you please re-test this:
"modparam("db_http", "cap_raw_query", 1)"
It really should solve the problem. Although it's masking the real issue
underneath, it should at least prevent the crash from hap
Hi @hydrosine - any feedback ?
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/387#issuecomment-75519516___
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo
