Patch Package OTP 23.2.6 Released

3 views
Skip to first unread message

Erlang/OTP

unread,
Feb 25, 2021, 4:21:15 AM2/25/21
to erlang-q...@erlang.org
Patch Package: OTP 23.2.6
Git Tag: OTP-23.2.6
Date: 2021-02-25
Trouble Report Id: OTP-17173, OTP-17205, OTP-17220
Seq num: ERIERL-581, ERIERL-608
System: OTP
Release: 23
Application: inets-7.3.2, ssh-4.10.8
Predecessor: OTP 23.2.5

Check out the git tag OTP-23.2.6, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.

---------------------------------------------------------------------
--- inets-7.3.2 -----------------------------------------------------
---------------------------------------------------------------------

The inets-7.3.2 application can be applied independently of other
applications on a full OTP 23 installation.

--- Fixed Bugs and Malfunctions ---

OTP-17205 Application(s): inets
Related Id(s): ERIERL-608

Solves CVE-2021-27563, that is make sure no form of
relative path can be used to go outside webservers
directory.


OTP-17220 Application(s): inets

Make sure HEAD requests rejects directory links


Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5


---------------------------------------------------------------------
--- ssh-4.10.8 ------------------------------------------------------
---------------------------------------------------------------------

The ssh-4.10.8 application can be applied independently of other
applications on a full OTP 23 installation.

--- Fixed Bugs and Malfunctions ---

OTP-17173 Application(s): ssh
Related Id(s): ERIERL-581

Don't timeout slow connection setups and tear-downs. A
rare crash risk for the controller is also removed.


Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1


---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------

Reply all
Reply to author
Forward
0 new messages