Between SVN revisions 3848 and 3939, VICIdial picked up ConfBridge support, a full PHP 8 compatibility overhaul, critical security patches, new API endpoints, ViciPhone v3.0, two-factor authentication, and a MariaDB TIMESTAMP fix touching 40 database tables.
If your system is below SVN 3848, stop reading and upgrade now. The security vulnerabilities patched in that revision allowed authenticated users to achieve full database enumeration, remote code execution, and admin takeover.
The Security Patches You Can't Skip
Two CVEs were patched (KL-001-2024-011, KL-001-2024-012) with input variable filtering added across admin and agent web interfaces. These landed in SVN 3848 in July 2024. Every revision below that is an active risk.
ConfBridge Replaces MeetMe
ConfBridge is now the production-ready conferencing engine. It eliminates the "bloop" sound customers hear when joining warm transfer conferences under MeetMe — a longstanding complaint. It supports dsp_drop_silence for lower CPU during quiet call segments, and doesn't require DAHDI hardware for basic operation.
The trade-offs: ConfBridge mixes audio in user space instead of kernel space, making it more sensitive to CPU contention on virtualized deployments. The mixing_interval setting (recommended 20ms) directly affects audio quality.
Critical: Timing configuration matters. Disable res_timing_timerfd.so, res_timing_kqueue.so, and res_timing_pthread.so in modules.conf to force DAHDI timing. Without this, AGI script execution — which VICIdial uses heavily — causes timing issues.
The vicidial_confbridges table entries (300 conferences per server, 9600000-9600299) aren't always created by the upgrade scripts. If they're missing, agents can't be placed into conferences and calls fail silently. Insert them manually for each dialer server IP.
ViciPhone v3.0: Actual WebRTC That Works
Complete rewrite on SIP.js v0.20.1. The newer library handles WebSocket reconnection better, improves SRTP key negotiation, and resolves edge cases around early media that caused one-way audio.
ViciPhone v3.0 requires PJSIP and the webphone template must include rtcp_mux=yes. This wasn't required in v2.x and is the most common upgrade issue. Auto-conference on registration eliminates the manual step that caused agents to appear logged in but unable to receive calls.
New browser audio controls: toggleable echo cancellation and AGC via Settings Containers. Echo cancellation can actually degrade quality with good headsets. AGC normalization amplifies background noise during agent silence in noisy environments. Being able to disable these per-deployment is a real improvement.
AMD Agent Route Options
This is the most operationally significant AMD change. Previously, NOTSURE and TOOLONG AMD results defaulted to routing to agents — wasting 10-15 seconds per ambiguous detection while agents figured out they were listening to a voicemail greeting. Multiply that across a 200-seat floor and the productivity loss adds up.
Now you define exactly which results route to agents via a Settings Container. Set it to HUMAN,HUMAN to send only confirmed human answers. Remove NOTSURE and TOOLONG from the routing list.
API Additions Worth Knowing
Seven new Non-Agent API functions. The notable ones:
hopper_bulk_insert lets external systems inject lead IDs directly into the hopper. Previously, prioritizing specific leads meant manipulating rank values. Now a real-time lead scoring system can push high-priority leads to the front of the dial queue via API.
lead_dearchive moves leads from the archive table back to active vicidial_list. Previously required direct database access.
send_notification pushes alerts to agents by User, User Group, or Campaign — with optional confetti animation. Beyond the gamification angle, this gives external QA and workforce management tools a clean way to communicate with agents.
MariaDB TIMESTAMP Fix
MariaDB deprecated implicit ON UPDATE CURRENT_TIMESTAMP behavior. VICIdial relied on it heavily across 40 tables. SVN 3898 adds explicit DEFAULT and ON UPDATE clauses.
If you're creating a new database on MariaDB 10.11+ (ViciBox 12), use the updated MySQL_AST_CREATE_tables.sql or add explicit_defaults_for_timestamp = Off to your MariaDB config. The server_updater table's db_time field is particularly sensitive — if it stops auto-updating, keepalive processes incorrectly mark servers as offline.
Known Issues After Upgrade
ConfBridge listen/barge broken out of box. The real-time report's monitoring references vicidial_conferences instead of vicidial_confbridges when the server uses ConfBridge. Apply the documented patch or manually update the table reference in non_agent_api.php.
FastAGI binding failure on fresh ViciBox 12. Force FastAGI to bind IPv4 only with -host 0.0.0.0.
PHP 8 breaking custom code. VICIdial's own codebase is updated, but your custom scripts may throw fatal errors. Common issues: utf8_encode()/utf8_decode() replaced with mb_convert_encoding(), implicit nullable parameters, changed string-to-number comparison behavior.
After your DB schema version shows 1729+ in System Settings, you're current. If you see "WARNING: Code expects different schema," re-run upgrade_2.14.sql with the -f flag to continue past already-applied statements.
For the full upgrade walkthrough and cluster-specific considerations, see the VICIdial setup guide on ViciStack.
Originally published at https://vicistack.com/blog/vicidial-34-new-features/
Top comments (0)