Release Notes - FreeSWITCH - Version 1.11.1

Enhancements

• [GHA] Update FFmpeg and libpq in macos.yml.
• [mod_commands, mod_verto] Add new reloadcert API and allow mod_verto to reload TLS certificates on the fly without disconnecting active sessions.
• [mod_sofia] Add SIP 603+ detection and passthrough control.
• [mod_sofia] Capture SIP Reason header on INVITE failure.
• [mod_sofia] Reload TLS certificates on the fly without disconnects using the reloadcert API.

Bug Fixes

• [Build-System] Update libks requirements to v2.0.11.
• [Build] Cap cJSON parser nesting depth to prevent stack overflow.
• [Core, Modules] Fix various dead assignments.
• [Core] Fix segment count validation in clean_uri() and add unit tests.
• [Core] Fix use-after-free in session thread pool worker.
• [Core] Use switch_stun_ipv6_t for STUN IPv6 write paths.
• [libesl] Fix build of tests.
• [libesl] Validate Content-Length in esl_recv_event.
• [mod_commands] Fix reloadacl description.
• [mod_erlang_event] Fix correctness, OTP compatibility, and memory issues.
• [mod_sofia] Fix handling of sip-options-respond-503-on-busy profile parameter.
• [mod_sofia] Fix use-after-free in dispatch event thread.
• [mod_verto] Defer userauth state writes until after password validation.
• [mod_verto] Fix heap overflow in HTTP POST body read.
• [mod_verto] Gate session ID binding on authentication and block cross-identity eviction.

Key Highlights

• Hot TLS Certificate Reloading: Certificates can now be reloaded without disconnecting active SIP or Verto sessions.
• SIP Failure Visibility: Improved handling and reporting of SIP 603+ responses, including Reason header capture.
• Security Improvements: Fixes for use-after-free vulnerabilities, heap overflow conditions, parser stack exhaustion, and authentication hardening.
• Operational Stability: Multiple fixes across core, ESL, Sofia, Erlang, and Verto subsystems.

Installation Guides

• FreeSWITCH Release Notes
• FreeSWITCH 1.11.x Release Notes