Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


titleThe Issue Tracker is Public!

The Asterisk Issue Tracker is a public site, and all bug reports against Asterisk can be viewed openly by the public. While this results in a transparent, open process - which is good - reporting a security vulnerability on the issue tracker without properly selecting "Report a vulnerability" on the New Issue page makes the entire Asterisk user community vulnerable.

Reporting a vulnerability will automatically restrict who can view the information. If you have any difficulties with that we'll help; please follow the instructions here and e-mail the team at [email protected]


  1. Send an e-mail to the Asterisk Development Team by e-mailing [email protected] Include the following:
    1. A summary of the suspected vulnerability, e.g., 'Remotely exploitable buffer overflow in the FOO channel driver'
    2. A detailed explanation of how the vulnerability can be exploited and/or reproduced. Test drivers/cases that can be used to demonstrate the vulnerability are highly appreciated.
  2. A developer will respond to your inquiry. If you'd like, e-mails can be signed and/or encrypted.
  3. Once the developer confirms the security vulnerability is discussed and confirmed you will be asked to report a vulnerability on the Asterisk issue tracker. You must use the "Report a vulnerability" option on the New Issue page or the information will be publicly disclosed.