Some people bawk at the mere discussion of the need to patch, especially those systems that run mission-critical applications. The Asterisk community recently released versions 1.2.27, 1.4.18.1, 1.4.19-rc3, and 1.6.0-beta6. This, in response to the newly discovered security vulnerabilities found, is what I would consider a 'timely' and important release.

I've heard rumblings and "beneath the breath" comments about the latest discovery of security vulnerabilities in the Asterisk platform, but for me, it literally shows that the entire community that supports and develops Asterisk is wide-awake and ready to respond immediately to any security-related problems. Now, if we could get the more mainstream vendors to be as quick to respond, then we'd have something.

As a proud member of the open-source community, we need to applaud the developers and researchers for providing more-than-ample notifications and solutions to the latest threats against their software.

FYI: I just installed the latest release (1.4.18.1 to be exact) on all of my production Asterisk servers, and it was smooth as silk. Now if only my Windows Updates would take less than five minutes and only require restarting one service...