voltone

voltone

Important security fix in Erlang/OTP 23.2.2

Erlang/OTP 23.2.2 is out, fixing a critical TLS certificate verification issue in 23.2 an 23.2.1 allowing MitM attacks and forged client certificates. I wrote a post to help you understand if your application or dev environment is at risk.

Most Liked

dimitarvp

dimitarvp

Thanks a lot for the heads up! I usually immediately upgrade Erlang the minute I see that asdf shows the new version as installable – for exactly these reasons.

voltone

voltone

Well, there is a flip-side to an aggressive upgrade strategy: along with all the latest fixes you also get all the latest new bugs. In this case, anyone still on 23.0 or 23.1 would not have been affected in the first place…

I would use kerl/asdf or binaries built by Bob the Builder (by the Hex team; Erlang binaries conveniently listed here) on CI/CD servers, and then ship a release with bundled ERTS to production.

dimitarvp

dimitarvp

Well I’d view it as a waste since I only need only one version on prod.

Plus shell shims take some CPU time which, while insignificant during development (or in general), would compound hugely on a production system running for months.

Where Next?

Popular in Erlang News Top

bjorng
The first release candiate of Erlang/OTP 22.0 has been released.
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 22.3.4.22 · erlang/otp · GitHub
New
Devtalk
A new Erlang news item has been posted! Get the full details here: A few notes on message passing - Erlang/OTP Posted via Devtalk.
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 23.3.4.4 · erlang/otp · GitHub Posted via Devtalk.
New
erlangforums
A new Erlang announcement has been posted: Original announcement:
New
kennethL
HiPE is the runtime and compiler support for native code generation of Erlang modules that some of you might have tried, it is part of th...
New
erlangforums
Erlang/OTP 27 Released All artifacts for the release can be downloaded from the Erlang/OTP Github release and you can view the new docume...
New
OvermindDL1
A few good fixes and enhancements, SSL added more methods and is faster, socket polling is faster, however 2 big things that I like! Ne...
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP · erlang/otp · GitHub Posted via Devtalk.
New
kennethL
Read the new Blog post by John Högberg at the OTP team. It is a brief primer on BEAM, the virtual machine that executes user code in th...
New

Other popular topics Top

malloryerik
Hi, this is for people who, like me, have had some friction using .html.heex templates in VSCode. The solution seems to be, in a hyphena...
New
lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41989 114
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
electic
Hi, I am new to Elixir. I am trying to use the DateTime component to insert a date into MySQL however the there seems to be no way to fo...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement