<div dir="ltr"><div>By mistake my answer was only sent to Peter Tirell, should have been sent to the list.<br><br></div>Here it is<br><br><div><div><div><div><div><div><div><br></div>The pre built Windows installers on <a href="http://erlang.org" target="_blank">erlang.org</a> are only provided for the planned releases and patch packages, they are not provided for "emergency" patches<br></div> between or after the planned releases. 18.3 is the latest pre built Windows installer for the OTP 18 release track.<br><br></div>In order to apply 18.3.4.7 you have to build from source.<br><br></div>Another
possibility if it is tricky to build on Windows, is that you build from
source on Linux and then copy the only application changed by the patch
to your Windows system under ERl_ROOT/lib or somewhere else if you
point it out with erl -pa <Path><br><br></div>Since OTP 20.2 is
just a patch it only lists in its README what has been fixed since the
last patch , which was 20.1.7 containing a fix for OTP-14748. You can
look i the release notes for the ssl application in OTP 20.2 and find
that OTP-14748 is mentioned there.<br><br></div>So there is a Windows build, namely 20.2 which includes the patch you are looking for.<br><br></div>/Regards Kenneth, Erlang/OTP Ericsson</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 20, 2017 at 3:55 PM, Peter Tirrell <span dir="ltr"><<a href="mailto:ptirrell@gmail.com" target="_blank">ptirrell@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hello all,<br><br>I saw an existing recent thread about general patch packages but didn't necessarily want to hijack that thread. I currently am using OTP 18.2.1 on Windows but became aware of security advisory CVE-2017-1000385 (<a href="https://nvd.nist.gov/vuln/detail/CVE-2017-1000385#VulnChangeHistoryDiv" target="_blank">https://nvd.nist.gov/vuln/<wbr>detail/CVE-2017-1000385#<wbr>VulnChangeHistoryDiv</a>) <br><br></div>It looks like I can get OTP 18.3.4.7+ and have the advisory addressed, but I'm unclear on how to do so. The downloads page simply lists an 18.3 download and doesn't list the fixed OTP bug number in the readme. The earlier thread I saw seemed to imply that Windows builds on the downloads page aren't updated. <br><br></div>So my question is - how do I apply the latest Windows patched builds? Are there patched Windows release builds available somewhere? If I download a version from the downloads page, will that be the latest available major point version, including any patches for that point version? <br><br>Or if there's a patch package put out, do I need to either compile that version from source, or wait until there is another major point version released that comes *after* that patch package was created? For example, I'm looking for a fix for bug "OTP-14748". The only Windows build that appears to be dated since that was fixed is 20.2, yet the readme for that does not include a reference to 14748 either. <br><br></div>Thanks for any info!<br></div>
<br>______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div>