[Spce-user] New sip:provider CE mr5.2.1 is available now

Alex Lutay alutay at sipwise.com
Tue Apr 11 11:09:15 EDT 2017

Dear community!

This is to inform about availability of the new SPCE mr5.2.1 !


The InstallCD media, Vagrant box, Virtualbox, VMware and AMI images as
well as Docker hub container have been uploaded. As usual, please check
the handbook at https://www.sipwise.org/doc/mr5.2.1/spce/ for details.

The most important changes for mr5.2.1 compared to mr5.1 are:

> * A preconfigured firewall subsystem was added to secure the NGCP.
> The firewall whitelists all services vital to NGCP’s operations while
> blocking all other traffic. After upgrade, the firewall subsystem
> will be disabled by default to avoid inadvertent self-lockout of the
> operator during upgrade. The firewall has to be enabled manually
> after successful upgrade in /etc/ngcp-config/config.yml setting
> security.firewall.enable: ‘yes’. During upgrade the NGCP
> configuration framework will prepare a standard rule set ready to be
> used after successful upgrade. If iptables rules already exist on the
> system, those will be save to a customtt.tt2 and will persist until
> custom.tt2 and tt2 are merged. If a third-party firewall system is
> detected, the upgrade procedure will stop. To resume the upgrade, the
> situation needs to be consolidated (e.g. by removing the unsupported
> firewall subsystem and merging existing rules into the NGCP firewall
> subsystem). Notice: Make sure SSH access is correctly configured in
> /etc/ngcp-config/config.yml to allow SSH access after activating the
> firewall. Please read the handbook carefully for further instructions
> before activating the firewall subsystem. [TT#9717]

> * [PRO/Carrier] The default rotate_days configuration for
> backuptools was decreased from 7 to 3 days to avoid disk space issues
> (if the configuration is already less than 7 days it will stay unmodified
> during upgrades) [TT#9816]

> * sshd: in preparation for the upcoming Debian Stretch release
> upgrade of the underlying operating system, the protocol version 1
> specific settings KeyRegenerationInterval, RSAAuthentication,
> RhostsRSAAuthentication + ServerKeyBits have been removed from the
> sshd_config (using their defaults now)

> * Improved NGCP documentation style

> * [CPBX] Implement Yealink CP860 and Grandstream GXW-4008 auto provisioning

> * Migrate NGCP admin’s passwords to bcrypt and drop admin’s ssl
> client cert from DB, providing an API function to fetch PEM and P12
> certificates. IMPORTANT: Due to migrating to bcypt hashing of admin
> and reseller passwords both on the admin panel and the API, password
> authentication via the API will take ~500ms for each request. It is
> highly advised to use ssl client certificate based authentication
> instead of passwords on the API for performance reasons!

The full changelog is available for downloading here:
> https://www.sipwise.org/wp-content/uploads/2017/04/Changelog_mr5.2.1-2017-04-11T06_27_57.pdf

Please report issues if any on the mailing list and thank you for
being a part of the community!

Alex Lutay
Head of Quality Assurance
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)13012036
Email: alutay at sipwise.com
Website: https://www.sipwise.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20170411/2dd4ae03/attachment.asc>

More information about the Spce-user mailing list