Patch Package OTP 23.2.6 Released
Erlang/OTP
otp@REDACTED
Thu Feb 25 10:21:04 CET 2021
Patch Package: OTP 23.2.6
Git Tag: OTP-23.2.6
Date: 2021-02-25
Trouble Report Id: OTP-17173, OTP-17205, OTP-17220
Seq num: ERIERL-581, ERIERL-608
System: OTP
Release: 23
Application: inets-7.3.2, ssh-4.10.8
Predecessor: OTP 23.2.5
Check out the git tag OTP-23.2.6, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- inets-7.3.2 -----------------------------------------------------
---------------------------------------------------------------------
The inets-7.3.2 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17205 Application(s): inets
Related Id(s): ERIERL-608
Solves CVE-2021-27563, that is make sure no form of
relative path can be used to go outside webservers
directory.
OTP-17220 Application(s): inets
Make sure HEAD requests rejects directory links
Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- ssh-4.10.8 ------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.10.8 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17173 Application(s): ssh
Related Id(s): ERIERL-581
Don't timeout slow connection setups and tear-downs. A
rare crash risk for the controller is also removed.
Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
More information about the erlang-announce
mailing list