SIPCAPTURE Homer

v11.0.229 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 7d Forensics & Incident Response

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

analytics callflow capture-agent cdr correlation encapsulation

+14 more

flow hep kamailio monitoring opensips packet-capture packet-sniffer pcap rtc sip statistics troubleshooting voip webrtc

Affected surfaces

auth rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 7d

ReleasePort Layer 1 version 11.0.229 resolves critical CodeQL Go security alerts (severity 90).

Why it matters: The release patches high‑severity Go security issues, addressing all open CodeQL alerts; operators with Go components should upgrade immediately.

Summary

AI summary

Updates auth, chore, and ducklake across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Resolve open CodeQL Go security alerts (#9–#20). Resolve open CodeQL Go security alerts (#9–#20). Source: llm_adapter@2026-05-27 Confidence: high	—
Dependency	Low	Bump VERSION_APPLICATION to 11.0.229. Bump VERSION_APPLICATION to 11.0.229. Source: llm_adapter@2026-05-27 Confidence: high	—
Bugfix
Bugfix	Medium	Validate TableKey and where before dynamic SQL in ducklake. Validate TableKey and where before dynamic SQL in ducklake. Source: llm_adapter@2026-05-27 Confidence: high	—
Bugfix	Medium	Safe uint32 parse in Lua SetHEPField to prevent errors. Safe uint32 parse in Lua SetHEPField to prevent errors. Source: llm_adapter@2026-05-27 Confidence: high	—
Bugfix	Medium	Read auth-token user_group key with correct underscore. Read auth-token user_group key with correct underscore. Source: llm_adapter@2026-05-27 Confidence: low	—

Full changelog

What's Changed

fix(auth): read auth-token user_group key with correct underscore by @fredrik-dahlgren in https://github.com/sipcapture/homer/pull/751
chore: bump VERSION_APPLICATION to 11.0.229 by @adubovikov in https://github.com/sipcapture/homer/pull/752
fix(ducklake): validate TableKey and where before dynamic SQL by @adubovikov in https://github.com/sipcapture/homer/pull/754
fix(scripting): safe uint32 parse in Lua SetHEPField (CodeQL #20) by @adubovikov in https://github.com/sipcapture/homer/pull/755
fix(security): resolve open CodeQL Go alerts (#9–#20) by @adubovikov in https://github.com/sipcapture/homer/pull/756

New Contributors

@fredrik-dahlgren made their first contribution in https://github.com/sipcapture/homer/pull/751

Full Changelog: https://github.com/sipcapture/homer/compare/11.0.228...11.0.229

Security Fixes

Resolved open CodeQL Go alerts (#9–#20)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track SIPCAPTURE Homer

Get notified when new releases ship.

About SIPCAPTURE Homer

Troubleshooting and monitoring VoIP calls.

All releases →

Related context

Related tools

Earlier breaking changes

v11.0.222 The API endpoint /api/v1/config has been removed.