Erlang/OTP 23.1 is a the first maintenance patch release for OTP 23, with mostly bug fixes as well as a few improvements.
A vulnerability in the httpd module (inets application) regarding directory traversal that was introduced in OTP 22.3.1 and corrected in OTP 188.8.131.52. It was also introduced in OTP 23.0 and corrected in OTP 23.1 The vulnerability is registered as CVE-2020-25623.
The vulnerability is only exposed if the http server (httpd) in the inets application is used. The vulnerability makes it possible to read arbitrary files which the Erlang system has read access to with for example a specially prepared http request.
Adjust /bin/sh to /system/bin/sh in scripts when installing on Android.
Changes in build system to make it build for macOS 11.0 with Apple Silicon. Also corrected execution of match specs to work on Apple Silicon.
Online documentation can be browsed here:
The Erlang/OTP source can also be found at GitHub on the official Erlang repository,