Erlang - OTP-25.1

Security

OTP 25.1

Erlang/OTP 25.1 is the first maintenance patch package for OTP 25, with mostly bug fixes as well as quite many small improvements.

Below are some highlights of the release:

crypto:

  • Crypto is now considered to be usable with the OpenSSL
    3.0 cryptolib for production code.
    ENGINE and FIPS are not yet fully functional.

  • Changed the behaviour of the engine load/unload
    functions

ssl:

  • A vulnerability has been discovered and corrected. It
    is registered as CVE-2022-37026 "Client Authentication
    Bypass". Corrections have been released on the
    supported tracks with patches 23.3.4.15, 24.3.4.2, and
    25.0.2. The vulnerability might also exist in older OTP
    versions. We recommend that impacted users upgrade to
    one of these versions or later on the respective
    tracks. OTP 25.1 would be an even better choice.
    Impacted are those who are running an ssl/tls/dtls
    server using the ssl application either directly or
    indirectly via other applications. For example via
    inets (httpd), cowboy, etc. Note that the vulnerability
    only affects servers that request client certification,
    that is sets the option {verify, verify_peer}.

For more details and downloads follow this link

The Erlang/OTP source can also be found at GitHub on the official Erlang repository,
https://github.com/erlang/otp

Details

date
Sept. 21, 2022, 10:33 a.m.
name
OTP 25.1
type
Minor
official page
https://github.com/erlang/otp/releases/tag/OTP-25.1
👇
Register or login to:
  • 🔍View and search all Erlang releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or