Written by Henrik, 16 Dec 2020
Erlang/OTP 23.2 is the second maintenance patch release for OTP 23, with mostly bug fixes as well as a few improvements.
A few of the changes and highlights are:
Handle extraneous certs in certificate chains as well as chains that are incomplete but can be reconstructed or unordered chains. The cert and certfile options will now accept a list of certificates so that the user may specify the chain explicitly.
Improved the API and documentation of the uri_string module. Added a new chapter to the Users Guide about Uniform Resource Identifiers and their handling with the new API. Added two new API functions: uri_string:allowed_characters/0 and uri_string:percent_decode/1.
This change has been marked as potentially incompatible as uri_string:normalize/2 used to decode percent-encoded character triplets that corresponded to characters not in the reserved set. After this change, uri_string:normalize/2 will only decode those percent-encoded triplets that correspond to characters in the unreserved set (ALPHA / DIGIT / "-" / "." / "_" / "~").
A full list of bug fixes and improvements in the readme.
Online documentation can be browsed here:
https://erlang.org/documentation/doc-11.1.4/doc
Pre-built versions for Windows can be fetched here:
https://erlang.org/download/otp_win32_23.2.exe
https://erlang.org/download/otp_win64_23.2.exe
The Erlang/OTP source can also be found at GitHub on the official Erlang repository:
https://github.com/erlang/otp
Written by Henrik, 23 Sep 2020
Erlang/OTP 23.1 is a the first maintenance patch release for OTP 23, with mostly bug fixes as well as a few improvements.
A vulnerability in the httpd module (inets application) regarding directory traversal that was introduced in OTP 22.3.1 and corrected in OTP 22.3.4.6. It was also introduced in OTP 23.0 and corrected in OTP 23.1 The vulnerability is registered as CVE-2020-25623.
The vulnerability is only exposed if the http server (httpd) in the inets application is used. The vulnerability makes it possible to read arbitrary files which the Erlang system has read access to with for example a specially prepared http request.
Adjust /bin/sh to /system/bin/sh in scripts when installing on Android.
Changes in build system to make it build for macOS 11.0 with Apple Silicon. Also corrected execution of match specs to work on Apple Silicon.
http://erlang.org/download/OTP-23.1.README
Pre built versions for Windows can be fetched here:
http://erlang.org/download/otp_win32_23.1.exe
http://erlang.org/download/otp_win64_23.1.exe
Online documentation can be browsed here:
http://erlang.org/documentation/doc-11.1/doc
The Erlang/OTP source can also be found at GitHub on the official Erlang repository,
https://github.com/erlang/otp
