diff options
Diffstat (limited to 'release-notes/OTP-23.2.6.README.txt')
-rw-r--r-- | release-notes/OTP-23.2.6.README.txt | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/release-notes/OTP-23.2.6.README.txt b/release-notes/OTP-23.2.6.README.txt new file mode 100644 index 0000000..ea9d2c2 --- /dev/null +++ b/release-notes/OTP-23.2.6.README.txt @@ -0,0 +1,66 @@ +Patch Package: OTP 23.2.6 +Git Tag: OTP-23.2.6 +Date: 2021-02-25 +Trouble Report Id: OTP-17173, OTP-17205, OTP-17220 +Seq num: ERIERL-581, ERIERL-608 +System: OTP +Release: 23 +Application: inets-7.3.2, ssh-4.10.8 +Predecessor: OTP 23.2.5 + + Check out the git tag OTP-23.2.6, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- inets-7.3.2 ----------------------------------------------------- + --------------------------------------------------------------------- + + The inets-7.3.2 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17205 Application(s): inets + Related Id(s): ERIERL-608 + + Solves CVE-2021-27563, that is make sure no form of + relative path can be used to go outside webservers + directory. + + + OTP-17220 Application(s): inets + + Make sure HEAD requests rejects directory links + + + Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0, + mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5 + + + --------------------------------------------------------------------- + --- ssh-4.10.8 ------------------------------------------------------ + --------------------------------------------------------------------- + + The ssh-4.10.8 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17173 Application(s): ssh + Related Id(s): ERIERL-581 + + Don't timeout slow connection setups and tear-downs. A + rare crash risk for the controller is also removed. + + + Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0, + kernel-5.3, public_key-1.6.1, stdlib-3.4.1 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + |