Erlang/OTP 23.2.6

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl or asdf).

docker run -it erlang:23.2.6
Patch Package OTP 23.2.6
Git Tag OTP-23.2.6
Date 2021-02-25
Issue Id
ERIERL-581
ERIERL-608
System OTP
Release 23
Application

inets-7.3.2 #

The inets-7.3.2 application can be applied independently of other applications on a full OTP 23 installation.

OTP-17205
Application(s):
inets
Related Id(s):
ERIERL-608

Solves CVE-2021-27563, that is make sure no form of relative path can be used to go outside webservers directory.

OTP-17220
Application(s):
inets

Make sure HEAD requests rejects directory links

Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5

ssh-4.10.8 #

The ssh-4.10.8 application can be applied independently of other applications on a full OTP 23 installation.

OTP-17173
Application(s):
ssh
Related Id(s):
ERIERL-581

Don't timeout slow connection setups and tear-downs. A rare crash risk for the controller is also removed.

Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0, kernel-5.3, public_key-1.6.1, stdlib-3.4.1