Binary Networks – Release Notes (v60)

(Applied to PBX1.MEL) only.

 

Release Notes 60.0

 

Buttons

Need for change. The support for button configuration on VoIP phones has grown over the years into an unstructured and hard to maintain subsystem of the PBX. There were two modes that needed to be supported internally, the generic dialog state model that most VoIP phone support today and the snom-specific buttons protocol. The support for specific modes varied widely amongst phone models. It is only a question of time when snom will drop the support for the specific mode, which made it even mode important to rework the button subsystem.

Dialog-state. The new subsystem uses only dialog state for the busy lamp field (BLF) functionality. This reduces the list of possible states of a LED on a phone to on, off and blinking, but it significantly increases the interoperability with a large range of devices. There is some additional information passed along with the dialog state that may be displayed on devices that use a screen to show the BLF information.

Device support. The new model also explicitly lists the buttons for each supported device. The user does not have to guess what number was assigned to what button; instead the web frontend displays that list, so that the administrator or user only has to selected the desired functionality of the button. This also makes it possible that the front end only shows those modes that are specifically supported for this device; other modes are hidden.

Supported modes. The list of supported modes had also to be redone. The new list focus on account type, so that the user can select an account type and then select the matching account for that type. There are additional modes for speed dial, lines and unused buttons. Depending on the phone model, there might be additional modes like mute or DND. For the mainstream supported device models, there are device-specific modes, where the user can specify what the PBX should provision for that button. This makes it possible to provision every possible mode for a device without changing a template.

MAC address binding. The button profile is now attached to a MAC address. The MAC essentially represents a VoIP phone. This is also a significant change from the previous model. This makes is possible that users may have several devices assigned to their extension and configure each of the device buttons independently. The upgrade should keep the MAC address association with extension intact; however we recommend to pay attention to it because there were cases where the MAC address entries were corrupt in the database.

Peer-to-peer paging. Phones can now perform multicast paging without PBX involvement. Those phones that support this mode, can use a button to generate the multicast traffic, which is picked on by other phones. This works also across different phone vendors. Phones that don’t support this mode can still call the PBX and send a unicast RTP stream, which is then distributed to the phones by the PBX on multicast. This mode reduces the system load for installations where a lot of LAN paging is taking place.

Group pickup. The mode for group pickup was revisited during the renovation. There are now settings available on domain level that define the park and pickup preference, which makes it easier to set up pickup group buttons for extensions. This eliminates the need to specify for each extension the pickup preference. For parking calls the default behavior is now to pick the next available orbit, even if there were no orbits specified for that extension.

Other account types. Other account types like auto attendants, hunt groups and conference rooms can also be monitored with buttons. The underlying mechanism is BLF. For auto attendants, ACD and hunt groups, calls can be picked up.

Template changes The change of the buttons required that the templates for the phone models needed to be changed as well. When upgrading, administrators need to make sure that those changes are not blocked by local changes made to the templates.

Supported models. We have added support for Yealink, Polycom, Cisco, snom, Alcatel, Htek, VTech, and Grandstream phone models. This includes new models like snom D785 and Yealink T58.

New features

 

Scheduled pages. Service flags can now be used to schedule pages. When the state of the service flag changes, it can now trigger a scheduled page. The audio files for that can be uploaded on system or domain level. Depending on the transition from on to off or the other way around, different files can be played back (or none). If there is already a playback going on on the selected paging account, the announcement will be scheduled to be played when the announcement is over. This feature is useful to announce beginning and end of lessons (schools) or breaks in factories. It can also be used for reading out good night stories for example in hospitals or periodic reminders for example at airports.

HubSpot support. The PBX can now generate call log entries for HubSpot CRM. The administrator has control over which agents are getting reported.

Freshbooks V2 API support. The PBX can now generate Freshbooks API V2 invoices. This is important because all new Freshbook accounts use this API.

Mailbox emails. The mailbox messages can now also include the number that was called. This is useful for users that are watching more than one mailbox or have more than one DID.

 

Performance and stability improvements

Socket resources. There were several versions that had problems with too many open UDP sockets. This hard to find-problem was caused by messages coming in after the call object was already closed. The PBX would in that case detect that the call has no RTP ports assigned and open them again without closing them later.

System call limitation. This problem could cause to break the limit of 1024 open file descriptors for the Linux select call. Because of this, the PBX now uses the mode flexible poll call which does not have this limitation. This change made it necessary to have a more efficient structure locating file descriptors, which resulted in significant performance improvements under heavy load situations.

CPU meteringThe algorithm to estimate the media thread usage could in the older versions result to very early readouts, where only very few samples were available and the precision was not good enough. This could cause call being rejected more or less on a random basis, though with a very low probability. The new version better filters those readouts, so that the probability of such rejections is now reasonably low.

Security improvements

Handshake violation. Scanners were complaining that the PBX had a vulnerability for an early handshake finishing (CVE-2014-0224). Although the PBX does not use OpenSSL, it now sends a TLS alert if the change cipher request is sent when the master secret is not ready yet. It is not completely clear if the PBX was affected by the CVE, but it makes sense to shut the connection down in the case of a protocol violation.

LDAP. (1) LDAP StartTLS was supported for a few years now. It now also works with Polycom phones. (2) In the old version the PBX was provisioning the web password to the phones, so that they could access LDAP. This was causing major problems with the security because many devices still don’t support LDAP over TLS or StartTLS, and the password has to be transmitted in clear text (no Digest authentication). Because of this, the PBX now generates a special password for LDAP, which limits the exposure of that password to address book lookups. Other permissions like making phone calls or changing passwords are not exposed this way. (3) There was a bug when the client requested 0 records, the PBX would actually return 0 records. However the semantics was that it is up to the server to determine how many records should be returned, which is now the case.

Address whitelisting. The IP addresses from which system administrators can now in can now be specified, including subnet masks. This dramatically reduces the risk that someone with administrative permissions can log in from the public Internet.

Secure Provisioning. Polycom phones can now be provisioned in a more secure way. Instead of using HTTP, they can now use HTTPS. Because typically a PBX does not use a public Root CA signed certificate, the PBX now provisions the used Root CA into the phones so that they can trust the PBX. This was also done for the new snom firmware that behaves similar.

Outbound proxy provisioning. The provisioning for the outbound proxy transport layer and the right SIP port could be inconsistent. Now it uses the same underlying logic.

HTek RPS. Htek has added a publicly verifiable certificate for their RPS service. The PBX is using this now.

WebRTC links. Links for WebRTC click to call now have a timestamp included, so that they are valid only for a certain time. This reduces the risk that they can be misused, e.g. when sent in an email.

Cookies. Cookies were not deleted when logging out.

Other enhancements

Page visibility. When editing a page on domain level, the default template was taken from the system dictionary. Changes made on system level were not visible. This was causing problems for pages that were pre-modified for example for branding reasons. The new version now shows the system-level files, not the dictionary.

Outbound calling. When using the ACD in outbound calling mode, the name of the called party can now also be included in the requests. This is important for a better tracking of who has been called and for the agents when greeting the called party.

Australian time zones. The time zones for Australia were incorrect for snom phones. The new snom software uses different names which are provisioned correctly now.

FAX. There were problems with FAX messages that were addressed in this version.

Audio subsystem. There were cases when the audio subsystem cache was mixing up WAV files. This could lead to effects that callers hear announcements instead of ringback. Because of this, the audio subsystem was redesigned for maximum stability in all supported operating systems.

 

 

Recording records. The recording records now contain the ID that is needed for pulling the WAV from the PBX web server.

Picture caller-ID. The picture caller-ID was put back into the INVITE request. It seems that only snom phones support this feature at this point, though.

POST API. For web requests that expect the 100 continue header the PBX now generates that header. This speeds up the uploading of data because clients don’t have to wait for a timeout.

Conference limit. The limit for conference participants for ad-hoc conferences was ignored. The new version makes sure that this limit is kept.

Mailbox callbacks. If for whatever reason the timeout for calling the user upon new mailbox arrival was set to zero, the PBX would end up in a semi-endless loop calling the contact up. The new version restricts the minimum time in which a retry delivery attempts is made.

CSTA call connect. Connecting a call from CSTA via the “talk” event was broken was was fixed.

ENUM support. The support for ENUM was revisited to make sure that this feature still works. There were some changes in the way the PBX was processing NAPTR records necessary for compliance with Deutsche Telekom trunks.

Web frontend

Form validation. Where ever possible form validation has been added to avoid time-consuming searching when wrong parameters are entered.

ActionURL. More ActionURL were added to the domain mode. They were also made available on extension level, so that they may be fired only when certain extensions are involved.

Adding MAC. When adding a MAC address, the administrator can now explicitly select what vendor and model the device is going to be. Devices in the LAN are now available from a list, so that no MAC address, vendor or model has to be entered in that case.

MAC page. In the domain there is a new page which shows the MAC address that are used in the domain. The list contains vendor, model and software version where available. On this page, the administrator can also delete MAC addresses, reset MAC passwords and add new MAC addresses.

Service flag time. The current time for the service flag is now shown on the service flag page. This avoids misunderstandings about what time zone is in use for that service flag.

Provisioning timeouts. For pairing phones with the PBX there are now three timeouts. The first timeout determines for how long the PBX will wait for the initial pairing request from the phone. The second timeout now determines for how long the PBX will be service passwords after the initial request was made. The third timeout will now determine for how long the PBX will provision passwords after the first password was sent to the device. These three timeouts should make it possible to cover all cases for a secure password provisioning.

CORS compliance. The necessary headers for cross-origin requests handling were added. This makes it possible to perform 3rd party login and pull statistics from the PBX server and display it e.g. on a wallboard.

Uploading u-law files. Ulaw files can now also be uploaded into the PBX. Those files are 64 kbit/s 8 bype per sample mono WAV files.

Permission checks. Permission checks were missing when handling DID and other domain administrator permissions.

Service flag loading. In some areas the loading of the service flags or the time when a cell phone should be available was not working.

Page size. The web frontend remembers the users choice for the page size in the session.