aboutsummaryrefslogblamecommitdiffstats
path: root/release-notes/OTP-23.2.6.README.txt
blob: ea9d2c2347761ecb693d30d70d0eb3bc3cf94bce (plain) (tree) 
534c203


































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66


































































                                                                      
Patch Package:           OTP 23.2.6
Git Tag:                 OTP-23.2.6
Date:                    2021-02-25
Trouble Report Id:       OTP-17173, OTP-17205, OTP-17220
Seq num:                 ERIERL-581, ERIERL-608
System:                  OTP
Release:                 23
Application:             inets-7.3.2, ssh-4.10.8
Predecessor:             OTP 23.2.5

 Check out the git tag OTP-23.2.6, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- inets-7.3.2 -----------------------------------------------------
 ---------------------------------------------------------------------

 The inets-7.3.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17205    Application(s): inets
               Related Id(s): ERIERL-608

               Solves CVE-2021-27563, that is make sure no form of
               relative path can be used to go outside webservers
               directory.


  OTP-17220    Application(s): inets

               Make sure HEAD requests rejects directory links


 Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0,
 mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5


 ---------------------------------------------------------------------
 --- ssh-4.10.8 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-4.10.8 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17173    Application(s): ssh
               Related Id(s): ERIERL-581

               Don't timeout slow connection setups and tear-downs. A
               rare crash risk for the controller is also removed.


 Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0,
 kernel-5.3, public_key-1.6.1, stdlib-3.4.1


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 01:33:52 +0000