Overview ======== NSC 3.0 is a major upgrade to the platform and packages that the Sangoma NSC, NSG and MSBG products are built upon. The changes address a number of security and functional issues, as well as providing a strong foundation for future product development. Limitations ----------- Validation of the system in High Availability deployments is still continuing. Until this is completed Release 3.0 is only recommended for Standalone systems. Upgrade Process --------------- The upgrade to Release 3.0 is a service affecting upgrade. This is a requirement as the filesystem upgrade mandates re-formatting the storage in the system. A backup must be taken of the system before the upgrade. This can then be restored onto the newly upgraded system and all configuration will be preserved. If you require any advice or assistance please contact support. ------------------------------------------------------------------------------------------------------------- 2021-03-01: NSC 3.0.7-21-GA ------------------------------------------------------------------------------------------------------------- == FEATURES & IMPROVEMENTS == Dnsmasq package upgraded to dnsmasq-2.76-16.el7_9.1 == BUG FIXES == Fixed NSC-1264 XSS issue on login page Fixed NSC-1253 Javascript not updated due to browser cache Fixed NSC-1197 Removed sensitive files from phpsysinfo reported by Infosec Fixed NSC-1286 Prevent admin url access Fixed NSC-1287 Validation for sng capture form data Fixed NSC-1262 Skipped CSRF cookie settings for excluded URLs with type GET Fixed NSC-1289 Sqlite database disk image malformed on factory reset Fixed NSC-1285 World writable file in nsg cardinfo db. ------------------------------------------------------------------------------------------------------------- 2021-02-04: NSC 3.0.6-19-GA ------------------------------------------------------------------------------------------------------------- == BUG FIXES == Fixed NSC-1255 CSRF Issue at TDM Capture. Fixed NSC-1252 Input field validation error message issue ------------------------------------------------------------------------------------------------------------- 2021-01-31: NSC 3.0.5-18-GA ------------------------------------------------------------------------------------------------------------- == FEATURES & IMPROVEMENTS == This is a maintenance patch release to address a number of security vulnerabilities. There are no functional changes. Upgraded CodeIgniter version 3.1.11 Fixed Authenticated local code execution Authenticated cross site scripting Unauthenticated cross site scripting Directory traversal attack CSRF protection Fixed NSC-1191 Clickjacking issue Fixed NSC-1193 Backup files are opensssl encrypted Fixed NSC-1196 Updated permission of executable scripts Fixed NSC-1197 sensitive files discovery issue Fixed NSC-1232 webconfig huge log file generating issue Fixed NSC-1199 Disable X11Forwarding ssh Fixed NSC-1194 Added option to disable SSHD password authentication ------------------------------------------------------------------------------------------------------------- 2020-11-20: NSC 3.0.4-14-GA ------------------------------------------------------------------------------------------------------------- == FEATURES & IMPROVEMENTS == Added TLS 1.2 support Updated jQuery-3.5 Update rpm packages with security fixes == BUG FIXES == Fixed NSC-1182 Handle contact with multiple invalid uris upreg while unregister Fixed NSC-1203 Backup Restore Issue. Fixed issues in TDM UI interface. ------------------------------------------------------------------------------------------------------------- 2020-10-30: NSC 3.0.3-13-GA ------------------------------------------------------------------------------------------------------------- == FEATURES & IMPROVEMENTS == Fixed NSC-1068 Provided configurable option to disable ptime warning Fixed NSC-1112 Updated mod_oreka module Fixed NSC-1022 Added option to upload WebSSL certificates Updated http ssl configuration to improve security Added option to get the octasic license file using sngtc_tool Fixed smartd config update == BUG FIXES == Fixed NSC-1063 Update correct capture id HEP3 Fixed NSC-1021 Handle odbc config issue on backup restore from 2.2 version Fixed NSC-1145 Added option to force SRTP on outbound leg Fixed NSC-1026 Allow stun address in external sip address field Fixed NSC-1177 Issues related to update package ------------------------------------------------------------------------------------------------------------- 2020-09-22: NSC 3.0.2-12-GA ------------------------------------------------------------------------------------------------------------- == FEATURES/BUG & IMPROVEMENTS == * Fixed network Interface renaming when new interface is added. * Updated TDM Gateway Patches * Included libusb packages for MSBG Release 3.0.1-9-GA ================== Release date: 2020-08-21 This is the initial release of NSC version 3.0. It contains a large number of changes to the platform but no functional changes over release 2.3.27. These changes will allow for future development and more rapid response to security vulnerabilities. Major changes ------------- * Base distribution is now based upon Centos 7 with kernel version 3.10.0-957.21.3 * The filesystem has been changed to XFS * openssl has been upgraded to 1.0.2k * openssh-server has been 7.4 * mysql has been upgraded to 5.5.62 * PHP has been upgraded to 7.3.17 * jquery has been upgraded to 3.0.0