voltone

voltone

Important security fix in Erlang/OTP 23.2.2

Erlang/OTP 23.2.2 is out, fixing a critical TLS certificate verification issue in 23.2 an 23.2.1 allowing MitM attacks and forged client certificates. I wrote a post to help you understand if your application or dev environment is at risk.

Most Liked

dimitarvp

dimitarvp

Thanks a lot for the heads up! I usually immediately upgrade Erlang the minute I see that asdf shows the new version as installable – for exactly these reasons.

voltone

voltone

Well, there is a flip-side to an aggressive upgrade strategy: along with all the latest fixes you also get all the latest new bugs. In this case, anyone still on 23.0 or 23.1 would not have been affected in the first place…

I would use kerl/asdf or binaries built by Bob the Builder (by the Hex team; Erlang binaries conveniently listed here) on CI/CD servers, and then ship a release with bundled ERTS to production.

dimitarvp

dimitarvp

Well I’d view it as a waste since I only need only one version on prod.

Plus shell shims take some CPU time which, while insignificant during development (or in general), would compound hugely on a production system running for months.

Where Next?

Popular in Erlang News Top

erlangforums
A new Erlang announcement has been posted: Original announcement:
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 23.3.4.2 · erlang/otp · GitHub Posted via Devtalk.
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 21.3.8.21 · erlang/otp · GitHub Link: Release OTP 22.3.4.16 · erlang/otp · ...
New
hauleth
http://erlang.org/download/OTP-22.0.README
New
erlangforums
A new Erlang announcement has been posted: Original announcement:
New
New
lpil
Hello everyone! The latest version of Gleam is out, v0.13. I’ve written a blog post detailing what’s new in this release here: I hope ...
New
kennethL
I am happy to present “Further adventures in the JIT”. This post continues our adventures in the JIT, digging a bit deeper into the imple...
New
garazdawi
Until the 10th of May the Erlang/OTP 24.3.4.17 patch had an incorrect prebuilt archive on github (the otp_src_24.3.4.17.tar.gz artifact),...
New
bjorng
We want to introduce a new native datatype to Erlang: native records. Although replacing all tuple records with native records is not our...
New

Other popular topics Top

chrismccord
As promised, the first release candidate of Phoenix 1.3.0 is out! This release focuses on code generators with improved project structure...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
josevalim
Hi everyone, One of the features added to Elixir early on to help integration with Erlang code was the idea of overridable function defi...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement