In 2025, we continued strengthening the M4 platform with a strong focus on carrier-grade reliability, SIP interoperability, and operational control. This update brings a wide range of improvements across call routing, signaling, billing, security, and system stability, along with multiple new features requested by operators running high-volume VoIP environments.
The changes in this release address real-world telecom scenarios such as NAT traversal, complex SIP topologies, large-scale DID management, DDoS protection, and multi-server deployments, while also improving day-to-day operations through enhanced reporting, automation, and API capabilities.
Below is a detailed overview of what’s new in M4 in 2025 — including newly added functionality, platform tuning, and a comprehensive set of fixes aimed at improving performance, predictability, and long-term stability in production networks.
New features
- Fix NAT’d SIP Contact rewriting (GUI + Core)
Adds proper handling and repair of NAT-altered Contact headers so registrations/calls keep working reliably behind NAT (including consistent behavior between GUI settings and core logic). - Configurable Kamailio “loose routing” behavior
Adds an option to adjust how Kamailio performs loose routing (useful in complex SIP topologies and interoperability scenarios). - New DID: “Create as Active” by default
Adds an option/workflow so newly created DIDs can be created in Active state immediately (reduces manual post-creation steps). - Hangup cause handling: HGC 369 for calls to non-registered OP
When a call is attempted to a not-registered Origination Point (OP), the system returns/assigns HGC 369 consistently to improve troubleshooting and reporting. - DID bulk operations (GUI + Core)
- Cancel DIDs from file: bulk-cancel DIDs using an uploaded list/file.
- Bulk change routing: apply routing changes to many DIDs at once.
- Option to disable duplicate Call-ID protection
Adds a switch to turn off the duplicated Call-ID protection logic when needed for specific carriers/equipment. - CLI groups for Rates (GUI + Core)
Adds “CLI group” support for rating/tariffs, including UI management and core enforcement. - CLI groups for Rates: automatic tariff import
Extends auto-import so tariffs can be imported and mapped correctly with CLI groups included. - Transport protocol controls (incl. M4 TCP support)
Adds/extends transport protocol support and configuration options (UDP/TCP/TLS as applicable), including explicit TCP support in M4. - Destination DDoS protection backed by Redis
Implements destination-based DDoS protection using Redis for faster counters/thresholding and better scalability. - User-specific DDoS protection settings
Allows per-user overrides/tuning for DDoS protection behavior. - Calls Per Hour report: OP/TP filters
Adds filtering by Origination Point / Termination Point inside the Calls Per Hour report. - Export CDRs for users assigned to a specific manager
Adds export tooling/reporting to pull all users’ CDRs where a given manager is assigned. - Add History-Info / Diversion headers (GUI + Core)
Adds configurable insertion/preservation of History-Info and/or Diversion headers for call forwarding / redirection visibility. - Flash Calls support (GUI + Core + API)
- Billing logic for “flash calls” (very short calls) in both core and GUI
- API support for flash call initiation
- CallerID from API (GUI + Script/Core integration)
Adds ability to source/set CallerID using an API-driven method, including UI integration plus the backend/script/core glue. - API: drop active calls
Adds an API endpoint to terminate active calls programmatically (operational control / automation / fraud response). - Always-transcode option (GUI + Core)
Adds a setting to force transcoding consistently for selected routes/accounts (interop + codec-policy enforcement). - GeoIP-based RTPengine selection
Enables choosing RTPengine based on GeoIP to reduce latency and improve media quality. - MOR API v2 authentication (token + refresh)
Introduces token-based auth with refresh tokens for MOR API v2, improving security and client ergonomics.
Improvements / tuning
- Per-user Stripe on/off toggle
Lets you enable/disable Stripe-related billing/checkout flows per user. - Preserve Session-Expires header
Stops stripping Session-Expires so SIP session timers work correctly with certain carriers/devices. - Multi-server core improvements (Core)
Hardening and/or enhancements for multi-server deployments. - Dynamic TP behavior tuning
Improves “dynamic Termination Point” behavior/selection (stability and correctness). - PCAP fix
Fixes issues related to PCAP generation/handling (capture reliability/usability). - Select RTPengine per specific Kamailio
Adds routing/control so particular Kamailio nodes can use specific RTPengine instances. - NAT contact fix for DID → OP call flow
Fixes NAT’d contact edge cases specifically when calls arrive via DID and are delivered to an OP. - Don’t attempt email sending when email is down
Prevents repeated/slow failures by avoiding email attempts when the mail subsystem is unavailable. - Hide users_get API (access control)
Restricts/excludes users_get from being visible/usable where it shouldn’t be. - Display currency in call logs
Improves call log readability by showing the currency context. - More accurate exception error reporting
Improves error messages/diagnostics for better troubleshooting. - Kamailio dynamic auth option
Adds an option to use dynamic authentication behavior in Kamailio. - Gemfile dependency version locking
Locks gem versions to reduce deployment drift and “works on one server only” issues. - Calls list SQL performance
Optimizes slow queries causing the Calls list to load slowly. - Subscription invoice by period (M4)
Adds subscription invoice generation/logic grouped by selected period. - Instant registration update to core (M4)
Moves/improves instant registration updates at core level for reliability. - CLI groups for Rates: CSV improvements
Improves CSV workflows around CLI groups for rating. - CDR dispute error fixes
Fixes issues/errors in CDR dispute workflows. - Number Pool access from OP/TP pages
Adds ability to access/use Number Pool features directly from OP/TP pages. - Header transformations: CIP variable support (M4)
Adds CIP as a usable variable in header transformation rules. - Remove/retire Do_not_delete_Archived_Calls_from_calls_table (M2/M4)
Cleans up legacy behavior/flag related to archived call deletion policy. - SDP update: enforce a=direction:both
Ensures correct SDP direction attribute behavior during SDP updates. - Email template variables: currency (M4)
Adds currency variables into M4 email templates. - Fix: CP not set as Origination Point
Fixes cases where CP wasn’t properly flagged/treated as an Origination Point. - Automatic tariff import: CLI prefix mapping
Improves automatic import so CLI names/prefixes map correctly during tariff imports. - Add “Prepaid” to Status
Adds a “Prepaid” status option/visibility where relevant. - API: add 2FA option to user_details_update
Extends API to support enabling/disabling/configuring 2FA via user_details_update. - Subscription list: filter by “charge plan”
Adds a Charge Plan filter to subscription listing for easier management. - Blacklist rejection: specific HGC
Assigns a distinct hangup cause for calls rejected by blacklist rules (better analytics and support). - Backup: delete old partitions from TGZ
Improves backup retention by removing old partitions from archived TGZ backups.
Engineering / operational tasks
- New DID workflow: refinements + testing + edit form improvements
QA and UX polish for the New DID flow, including edit form refinements. - Archive C script: exclude “Archived calls older than …” from the script + improve checks/last-call date
Refactors the archive C tooling to be safer/more accurate and improves tracking (checks and last call date). - Reset Active Calls: remove stale rows from Active Calls table
Ensures “reset active calls” also cleans up database state properly. - Delete “not archived + not answered” calls older than X (GUI + cron)
Implements cleanup both from UI and scheduled jobs for consistency. - nftables blocked countries warning
Adds/adjusts warning/visibility around blocked-countries behavior in nftables. - Verify MNP table indexing
Check and add missing indexes on the MNP table to improve performance. - Allow outgoing connections for Blocked Countries feature
Makes sure the server can still initiate required outbound traffic even when blocked-countries filtering is enabled. - Security audit: ensure Apache cannot SSH as root
Verifies and prevents dangerous privilege paths (web server user → SSH/root). - SDP stripping task (“Remove from SDP”)
Implements removal of specific SDP elements as required for interoperability (exact items controlled by the task’s scope). - Partition drop smoke test
Adds a minimal test to validate partition drop procedures safely. - Active Calls max calls tuning
Tune/improve max-call handling for stability and correctness. - Protect MySQL port 3306 in install/update/check scripts
Adds firewall hardening around 3306 during install/update/check routines. - General security issues cleanup
Track and close outstanding security items. - Environment-specific iptables issues (“ES iptables issues”)
Resolve iptables problems affecting that environment/deployment profile. - Whitelist improvements: support hostnames + fix spelling/handling
Improves whitelist logic to handle hostnames cleanly (not only raw IPs). - SSH whitelist for hosted servers
Standardize SSH access control for hosted environments. - Deutsche Telekom template
Adds a prebuilt Deutsche Telekom configuration/template for faster onboarding.
Bug fixes
Call processing, SIP signaling, media
- Fix “503 Max CPS rate exceeded” loop
Prevents repeated 503 retries/looping when CPS limits are hit. - Fix Progress Timeout not triggering
Ensures Progress Timeout fires correctly and call flow proceeds/fails as expected. - Fix PDD being reported incorrectly
Corrects Post Dial Delay calculation/reporting. - Fix OP ringing timeout behavior
Corrects Origination Point ringing timeout logic so it matches the configured value. - Fix “Call Leg/Transaction Does Not Exist” edge cases
Reduces false “missing leg/transaction” errors in call handling. - Fix PRACK: missing To-tag
Ensures To tag is present where required in PRACK to avoid interop issues. - Fix SIP UPDATE / re-INVITE handling issues
Improves robustness for UPDATE and re-INVITE flows (including proper processing and state transitions). - Fix media IP changing after re-INVITE
Prevents unexpected media IP replacement after re-INVITE, improving RTP stability. - Fix RTPengine / DTMF events issues (and upgrade compatibility)
Restores proper telephone-event handling and improves RTPengine compatibility after upgrades. - Fix SEMS signaling errors after UPDATE (ACK / 200 OK)
Resolves SEMS errors observed after UPDATE (ACK and 200 OK related). - Fix Header Transformations on re-INVITE
Ensures header transformation rules apply correctly during re-INVITE. - Fix failover routing group skip logic
Corrects cases where failover routing groups were incorrectly skipped. - Fix “OP uses TP settings when call goes via DID”
Ensures OP does not inherit TP settings incorrectly for DID-delivered calls. - Fix “Authorization issues with X-Lite”
Improves SIP authorization compatibility for X-Lite. - Fix Kamailio-related runtime errors
Reduces/cleans up Kamailio error conditions seen in production logs. - Fix M4 NAT-related issues
Addresses NAT edge cases affecting registrations/calls in M4. - Fix “Flat rate 1-second” rounding/billing issue
Corrects 1-second flat-rate edge case to prevent incorrect charging. - Fix M4 flat-rate charging issues (general)
Resolves additional flat-rate billing inconsistencies in M4.
Rating, tariffs, rerating
- Fix CSV import errors (rating/tariff imports)
Improves validation and parsing to avoid failed imports. - Fix Automatic Tariff Import bugs
Stabilizes auto-import flow and prevents incorrect/missing data mapping. - Fix Rate Notification script SQL error
Corrects the SQL logic so notifications run reliably. - Fix CDR re-rating ignoring “tariff by CLI”
Ensures rerating correctly applies CLI-based tariff selection. - Fix tariff generation error
Prevents failures during tariff generation and improves error handling. - Fix M4 rerate with custom/conditional tariff
Corrects rerating for conditional/custom tariff scenarios. - Fix Calls list search by TP
Ensures searching/filtering calls by Termination Point works reliably and doesn’t break the list. - Fix ES vs MySQL call-count comparison logic
Corrects incorrect comparisons between Elasticsearch and MySQL call counts.
Subscriptions, invoices, payments
- Fix Internal Error in Subscriptions
Prevents subscription pages/actions from failing with generic internal errors. - Fix Subscription search error
Restores subscription search/filter functionality. - Fix “mark invoice as paid” internal error
Resolves errors when marking invoices as paid. - Fix JSON::ParserError internal error (ID: 20250114181752)
Prevents the specific JSON parsing failure from breaking requests. - Fix “invoice marked as paid” internal error (duplicate path)
Ensures paid-status workflow is consistent and does not throw internal errors. - Fix subscriptions not charged for previous period
Ensures missed historical period charges are applied correctly. - Fix customer invoices internal error
Resolves failures in customer invoice generation/viewing. - Fix M4 subscription charging issues (general)
Addresses inconsistent subscription charge behavior in M4. - Fix M4 invoices daylight-saving handling
Corrects invoice period/time calculations around DST changes.
DIDs, inventory, number pools
- Fix DID status not switching to “Free”
Ensures DID release updates status correctly. - Fix DID import issues
Improves DID import validation and prevents partial/incorrect imports. - Fix DID inventory errors
Corrects inventory consistency/lookup problems. - Fix M4 Blocked DID behavior
Fixes cases where blocked DID rules were applied incorrectly or inconsistently. - Fix New DID creation using Charge Plan prices incorrectly
Prevents new DID creation from pulling unintended charge plan pricing. - Fix “empty page when viewing bad number” during Number Pool upload
Shows proper error/details instead of a blank page when a bad number is detected.
PCAP, tracing, logs, UI feedback
- Fix M4 retrieving PCAP from the wrong server
Ensures PCAP is fetched from the correct node in multi-server setups. - Fix Call tracing from Call Info
Restores/reliabilizes call tracing initiation and retrieval from the Call Info page. - Fix wrong log message
Corrects misleading logging so troubleshooting is accurate.
Stability and crashes
- Fix core crash in m2_dids.c:950
Prevents crash in the DID-related core module. - Fix M4 core crash (general)
Resolves a core crash scenario affecting M4. - Fix M4 core crash caused by static cache size
Prevents crash related to static cache sizing/limits. - Fix m2_commands duplicate process issue
Prevents duplicate worker/process spawning and the side effects it causes. - Fix Kamailio / core runtime error conditions
Additional hardening to avoid runtime faults triggered by misroutes/edge SIP cases.
System / maintenance
- Fix archiving-related issues (including archived_calls bug)
Corrects archiving workflow problems and archived_calls-related errors. - Fix system.conf partitions: missing newline edge case
Prevents config parsing issues caused by missing trailing newline. - Fix M4 TP registration after update
Ensures TP registrations recover correctly after updates/reloads. - Fix backup failures
Restores backup jobs reliability and prevents silent failures. - Fix check.sh false “Go module outdated” reporting
Corrects the version/outdated detection logic so it reports accurately.
Want to see M4 in action? Explore the M4 Online Demo to get a hands-on look at the platform’s interface and core capabilities.
If you’d like to discuss your use case or need more details, contact us.