Release Notes 60.0
Important: Please read the notes on buttons and database index for this upgrade. If you are upgrading a Windows installation with large CDR tables please take note of the special upgrade procesure below.
Buttons
Need for change. The support for button configuration on VoIP phones has grown over the years into an unstructured and hard to maintain subsystem of the PBX. There were two modes that needed to be supported internally, the generic dialog state model that most VoIP phone support today and the snom-specific buttons protocol. The support for specific modes varied widely amongst phone models. It is only a question of time when snom will drop the support for the specific mode, which made it even mode important to rework the button subsystem.
Dialog-state. The new subsystem uses only dialog state for the busy lamp field (BLF) functionality. This reduces the list of possible states of a LED on a phone to on, off and blinking, but it significantly increases the interoperability with a large range of devices. There is some additional information passed along with the dialog state that may be displayed on devices that use a screen to show the BLF information.
Device support. The new model also explicitly lists the buttons for each supported device. The user does not have to guess what number was assigned to what button; instead the web frontend displays that list, so that the administrator or user only has to selected the desired functionality of the button. This also makes it possible that the front end only shows those modes that are specifically supported for this device; other modes are hidden.
Supported modes. The list of supported modes had also to be redone. The new list focus on account type, so that the user can select an account type and then select the matching account for that type. There are additional modes for speed dial, lines and unused buttons. Depending on the phone model, there might be additional modes like mute or DND. For the mainstream supported device models, there are device-specific modes, where the user can specify what the PBX should provision for that button. This makes it possible to provision every possible mode for a device without changing a template.
MAC address binding. The button profile is now attached to a MAC address. The MAC essentially represents a VoIP phone. This is also a significant change from the previous model. This makes is possible that users may have several devices assigned to their extension and configure each of the device buttons independently. The upgrade should keep the MAC address association with extension intact; however we recommend to pay attention to it because there were cases where the MAC address entries were corrupt in the database.
Peer-to-peer paging. Phones can now perform multicast paging without PBX involvement. Those phones that support this mode, can use a button to generate the multicast traffic, which is picked on by other phones. This works also across different phone vendors. Phones that don't support this mode can still call the PBX and send a unicast RTP stream, which is then distributed to the phones by the PBX on multicast. This mode reduces the system load for installations where a lot of LAN paging is taking place.
Group pickup. The mode for group pickup was revisited during the renovation. There are now settings available on domain level that define the park and pickup preference, which makes it easier to set up pickup group buttons for extensions. This eliminates the need to specify for each extension the pickup preference. For parking calls the default behavior is now to pick the next available orbit, even if there were no orbits specified for that extension.
Other account types. Other account types like auto attendants, hunt groups and conference rooms can also be monitored with buttons. The underlying mechanism is BLF. For auto attendants, ACD and hunt groups, calls can be picked up.
Template changes The change of the buttons required that the templates for the phone models needed to be changed as well. When upgrading, administrators need to make sure that those changes are not blocked by local changes made to the templates.
Supported models. We have added support for Yealink, Polycom, Cisco, snom, Alcatel, Htek, VTech, and Grandstream phone models. This includes new models like snom D785 and Yealink T58.
Database
Need to change. The database subsystem was practically the same since version 1.0. Because of significantly increased traffic especially with the number of CDR and call recordings it had become necessary to speed up the loading times when the PBX started up and reduce the amount of memory needed for keeping the records accessible in the system. That made it necessary to introduce explicit indexes in separate files. As a result, the new version should boot up magitures faster than the previous version.
Data migration. When upgrading from 59 or older, the PBX needs to convert the old database information into the new format. This is a one-time step needed for the upgrade. This step can take from a few minutes up to and hour, depending on how many CDR records were in the old database and how fast the CPU is. As a rule of thumb, converting 100 K CDR records can take around 30 minutes. Because if this, the upgrade should be done off hours. The PBX starts the migration automatically if there is no index folder inside the table. If you want to generate a new index, just remove the index folder of a table directory and restart the PBX.
Windows upgrade. For Windows there might be an additional step necessary. This is because the Windows Service Control Manager (SCM, see e.g. https://msdn.microsoft.com) will attempt to restart the PBX service if the boot up takes longer than 5 minutes. For small installations this will not be the case; however for large installations with a large number of CDR (typically more than 10,000 records) the startup will likely exceed that duration. In this case, the PBX needs to be started manually so that the database upgrade procedure can complete without the SCM restarting the PBX. In order to do this, perform the following steps in Windows:
- Upgrade the PBX through the web interface.
- Open the SCM.
- Stop the PBX service.
- Open a
cmdWindow and change to the working directory of the PBX. - Run the PBX with the command
.\pbxctrl.exe --dir . --no-daemon. The command will not terminate until your stop it withCtrl-C. - Wait until the web interface of the PBX is available.
- Then stop the PBX from the command line with
Ctrl-Cand start the service from the SCM. - Verify that the PBX is running. This still might take a few minutes, but should not take more than 5 minutes now.
New features
LAN provisioning. Provisioning phones in the LAN has seen some major improvements. The PBX can now detect phones as they boot up in the network. Instead of provisioning the phones when they subscribe for provisioning information, the PBX now uses the phone web server to set the relevant information up. This has the advantage the the administrator can see in the web interface what phones are available and then assign them to extensions in the next step. This is also available after creating extension. In single tenant mode, when adding MAC addresses to an extension, the PBX lists available devices to that the administrator can just pick the available device. The PBX automatically detects what vendor and model the device is, and picks the matching button profile for the device.
Scheduled pages. Service flags can now be used to schedule pages. When the state of the service flag changes, it can now trigger a scheduled page. The audio files for that can be uploaded on system or domain level. Depending on the transition from on to off or the other way around, different files can be played back (or none). If there is already a playback going on on the selected paging account, the announcement will be scheduled to be played when the announcement is over. This feature is useful to announce beginning and end of lessons (schools) or breaks in factories. It can also be used for reading out good night stories for example in hospitals or periodic reminders for example at airports.
HubSpot support. The PBX can now generate call log entries for HubSpot CRM. The administrator has control over which agents are getting reported.
Freshbooks V2 API support. The PBX can now generate Freshbooks API V2 invoices. This is important because all new Freshbook accounts use this API.
Mailbox emails. The mailbox messages can now also include the number that was called. This is useful for users that are watching more than one mailbox or have more than one DID.
Performance and stability improvements
Socket resources. There were several versions that had problems with too many open UDP sockets. This hard to find-problem was caused by messages coming in after the call object was already closed. The PBX would in that case detect that the call has no RTP ports assigned and open them again without closing them later.
System call limitation. This problem could cause to break the limit of 1024 open file descriptors for the Linux select call. Because of this, the PBX now uses the mode flexible poll call which does not have this limitation. This change made it necessary to have a more efficient structure locating file descriptors, which resulted in significant performance improvements under heavy load situations.
CPU metering The algorithm to estimate the media thread usage could in the older versions result to very early readouts, where only very few samples were available and the precision was not good enough. This could cause call being rejected more or less on a random basis, though with a very low probability. The new version better filters those readouts, so that the probability of such rejections is now reasonably low.
Security improvements
Handshake violation. Scanners were complaining that the PBX had a vulnerability for an early handshake finishing (CVE-2014-0224). Although the PBX does not use OpenSSL, it now sends a TLS alert if the change cipher request is sent when the master secret is not ready yet. It is not completely clear if the PBX was affected by the CVE, but it makes sense to shut the connection down in the case of a protocol violation.
LDAP. (1) LDAP StartTLS was supported for a few years now. It now also works with Polycom phones. (2) In the old version the PBX was provisioning the web password to the phones, so that they could access LDAP. This was causing major problems with the security because many devices still don't support LDAP over TLS or StartTLS, and the password has to be transmitted in clear text (no Digest authentication). Because of this, the PBX now generates a special password for LDAP, which limits the exposure of that password to address book lookups. Other permissions like making phone calls or changing passwords are not exposed this way. (3) There was a bug when the client requested 0 records, the PBX would actually return 0 records. However the semantics was that it is up to the server to determine how many records should be returned, which is now the case.
Address whitelisting. The IP addresses from which system administrators can now in can now be specified, including subnet masks. This dramatically reduces the risk that someone with administrative permissions can log in from the public Internet.
License server address. The address for the license server was changed to https://license.vodia.com. This change was necessary to make it possible to separate the license server completely from the Vodia web server. It also serves its own certificate, signed by Vodia and not by a public Root authority which makes sense for a license server. The old license server address will be working for some time, still.
Secure Provisioning. Polycom phones can now be provisioned in a more secure way. Instead of using HTTP, they can now use HTTPS. Because typically a PBX does not use a public Root CA signed certificate, the PBX now provisions the used Root CA into the phones so that they can trust the PBX. This was also done for the new snom firmware that behaves similar.
Outbound proxy provisioning. The provisioning for the outbound proxy transport layer and the right SIP port could be inconsistent. Now it uses the same underlying logic.
HTek RPS. Htek has added a publicly verifiable certificate for their RPS service. The PBX is using this now.
Master secret logging. The TLS master secret can now also be sent over the network to a remote recorder. This makes it possible to monitor calls even if the signaling is encrypted. VoipMonitor has added this feature as well, so that service providers can roll out secure SIP calls with quality monitoring.
WebRTC links. Links for WebRTC click to call now have a timestamp included, so that they are valid only for a certain time. This reduces the risk that they can be misused, e.g. when sent in an email.
Cookies. Cookies were not deleted when logging out.
Other enhancements
Page visibility. When editing a page on domain level, the default template was taken from the system dictionary. Changes made on system level were not visible. This was causing problems for pages that were pre-modified for example for branding reasons. The new version now shows the system-level files, not the dictionary.
SMS availability. Sending out text messages (SMS) can now be enabled or disabled on domain level. This makes it possible to offer this service as an add-on for certain tenants of the PBX. This includes the possibility to set the originating phone number on per domain basis, so that each tenant can have their own number for example their own company phone number.
Outbound calling. When using the ACD in outbound calling mode, the name of the called party can now also be included in the requests. This is important for a better tracking of who has been called and for the agents when greeting the called party.
Australian time zones. The time zones for Australia were incorrect for snom phones. The new snom software uses different names which are provisioned correctly now.
FAX. There were problems with FAX messages that were addressed in this version.
Audio subsystem. There were cases when the audio subsystem cache was mixing up WAV files. This could lead to effects that callers hear announcements instead of ringback. Because of this, the audio subsystem was redesigned for maximum stability in all supported operating systems.
Trunk refresh. When a DID in a domain changes, this was an event that needed to trigger a refresh of the trunks in the domain. However it did not need a re-registration. Especially when there were a lot of DID in the domain, such re-registration could cause a storm of re-registration requests that could trigger a shutdown of the trunk on certain SIP trunk providers.
Trunk headers. Setting up the trunk headers was a difficult task, considering the practical absence of a common standard amongst service providers. We have added more logging that shows what variables are available for an actual call. This makes it easier to select the right header variables for a new trunk type. For passing caller-ID through from an inbound call leg, the {from} variable has been redesigned, o that it should now show the original caller ID except for emergency and DISA calls.
MongoDB records. The records written to MongoDB now contain the IP address of the PBX. This makes it easier to identify where the records are coming from, e.g. in the case of a failover.
MongoDB failover. When the MongoDB database was restarted or otherwise temporarily unavailable, records could get lost. The PBX now waits for the insert receipt before deleting pending transactions. This will make sure that no CDR records get lost because of this.
Recording records. The recording records now contain the ID that is needed for pulling the WAV from the PBX web server.
Picture caller-ID. The picture caller-ID was put back into the INVITE request. It seems that only snom phones support this feature at this point, though.
POST API. For web requests that expect the 100 continue header the PBX now generates that header. This speeds up the uploading of data because clients don't have to wait for a timeout.
SPAM provider. Another provider for SPAM scoring (Tellows) was added to the system. This provider serves mostly European countries. Test accounts are available without charges.
UDP error logs. There were confusing critical error logs when a UDP packet error was received, which was actually not critical.
Conference limit. The limit for conference participants for ad-hoc conferences was ignored. The new version makes sure that this limit is kept.
Windows recordings path. The path for Windows recordings contained forward slashes, which caused major problems with Windows automatic call recording.
Corrupted passwords. When encrypted password entries got out of sync with the master key, they would generate passwords that cannot be provisioned to most IP phones. Moreover, it could cause major havoc in the database, as all passwords and other information stored in encrypted form becomes unusable. The new version performs a check during the startup and refuses to start up if that condition was detected. Using the command-line argument --ignore-corrupt will turn this behavior off if needed.
Mailbox callbacks. If for whatever reason the timeout for calling the user upon new mailbox arrival was set to zero, the PBX would end up in a semi-endless loop calling the contact up. The new version restricts the minimum time in which a retry delivery attempts is made.
CSTA call connect. Connecting a call from CSTA via the "talk" event was broken was was fixed.
ENUM support. The support for ENUM was revisited to make sure that this feature still works. There were some changes in the way the PBX was processing NAPTR records necessary for compliance with Deutsche Telekom trunks.
Web frontend
Form validation. Where ever possible form validation has been added to avoid time-consuming searching when wrong parameters are entered.
Domain logo. To address the need from tenants for corporate identity styling, the PBX now offers a simple way to drop a SVG logo into a domain. This image will be used to generate images that are used in some VoIP phones with color displays. The SVG image is used in the domain and in the user mode web interface.
ActionURL. More ActionURL were added to the domain mode. They were also made available on extension level, so that they may be fired only when certain extensions are involved.
Adding extensions. The dialog for adding extensions has been slightly redesigned so that the relevant information can be collected in one step. If there is no license available either for the system or the domain the dialog is disabled.
Adding MAC. When adding a MAC address, the administrator can now explicitly select what vendor and model the device is going to be. Devices in the LAN are now available from a list, so that no MAC address, vendor or model has to be entered in that case.
MAC page. In the domain there is a new page which shows the MAC address that are used in the domain. The list contains vendor, model and software version where available. On this page, the administrator can also delete MAC addresses, reset MAC passwords and add new MAC addresses.
Service flag time. The current time for the service flag is now shown on the service flag page. This avoids misunderstandings about what time zone is in use for that service flag.
Provisioning timeouts. For pairing phones with the PBX there are now three timeouts. The first timeout determines for how long the PBX will wait for the initial pairing request from the phone. The second timeout now determines for how long the PBX will be service passwords after the initial request was made. The third timeout will now determine for how long the PBX will provision passwords after the first password was sent to the device. These three timeouts should make it possible to cover all cases for a secure password provisioning.
Maximum calls. The maximum call variable was capped with the value coming from the license. This was a problem if there was no license or the license was upgraded, where the setting would not be automatically be updated. This could lead to a frustrating search why the new system would not accept any calls. Now the settings stores whatever the user has entered. The capping happens at a later stage.
CORS compliance. The necessary headers for cross-origin requests handling were added. This makes it possible to perform 3rd party login and pull statistics from the PBX server and display it e.g. on a wallboard.
Domain deletion. When deleting the last domain, the PBX was automatically creating a new default domain. This was a problem for single tenant license as it made it impossible to import a new domain.
Uploading u-law files. Ulaw files can now also be uploaded into the PBX. Those files are 64 kbit/s 8 bype per sample mono WAV files.
Permission checks. Permission checks were missing when handling DID and other domain administrator permissions.
Service flag loading. In some areas the loading of the service flags or the time when a cell phone should be available was not working.
Page size. The web frontend remembers the users choice for the page size in the session.