PBX and file sharing solution

scottalanmiller

@ambarishrh said:

@scottalanmiller Could you please let me know about the hosted PBX option is detail? Lets see if we could propose that, but wanted to make sure if it meets all their requirements and we have strict ISP regulations here, so need to make sure if hosted PBX is a possible option

I just sent you a chat.

Ambarishrh

@scottalanmiller I am still waiting for the guys to meet and discuss about the hosted PBX option. Meanwhile, got some info from the vendor, that their current stable elastix version used is 2.4 and said 2.5 version has some bugs which leads to call drops! Told him to send me the list of bugs, so I could verify if thats really the case or just avoiding the upgrade!

scottalanmiller

2.4 isn't patched for security, though. That's the big issue there.

Ambarishrh

The changelog for 2.4 says:

• Changes in Elastix Security:
  • The instalation of this module now its much cleaner.
  • Change of files owners for more security int he path web path.
  • Some bug fixes for Elastix-Security.

scottalanmiller

@ambarishrh said:

The changelog for 2.4 says:

• Changes in Elastix Security:
  • The instalation of this module now its much cleaner.
  • Change of files owners for more security int he path web path.
  • Some bug fixes for Elastix-Security.

That's from years ago. It is not patched for Shellshock or the SSL issues that recently were such a big deal.

Ambarishrh

Oh yes! Good point. Will check with the vendor about this as well

scottalanmiller

If they have that patched, it means that they are doing their own alterations to Elastix 2.4 and you've potentially lost the benefits of Elastix' stability because they are altering the platform.

Really, at this point, I would only want Elastix 3.0 being rolled out. The 2.x line is a dead end and stuck on CentOS 5 now that 7 has been out for a while. It's an ancient platform.

Ambarishrh

Thanks @scottalanmiller this would give me enough points to make sure either we get them with 3 or not to go with this vendor and stress more on the hosted pbx platform, and I might come back to you!

scottalanmiller

Good luck!

Ambarishrh

Got some details from the vendor. I asked them about the vulnerability on the 2.4 and their reply below:

Elastix 2.4 is not affected with the Shellshock vulnerability. Please find below the link for your reference.

http://forum.elastix.org/viewtopic.php?f=116&t=128542&p=132730&sid=6d0696d93b9f80a7d9ca3d9ca5d6ee09

We will not recommend 2.5 for analog lines as it has got call disconnection issue. Means if you are calling out/receive a inbound call the PBX will not disconnect the call even if the caller disconnect the call from the other end. Is that true?

We will do a bash upgrade to eliminate any issue of Shellshock.

scottalanmiller

Well in a hosted system you don't have analogue lines so that isn't a factor for us.