voltone
Important security fix in Erlang/OTP 23.2.2
Erlang/OTP 23.2.2 is out, fixing a critical TLS certificate verification issue in 23.2 an 23.2.1 allowing MitM attacks and forged client certificates. I wrote a post to help you understand if your application or dev environment is at risk.
Most Liked
dimitarvp
Thanks a lot for the heads up! I usually immediately upgrade Erlang the minute I see that asdf shows the new version as installable – for exactly these reasons.
voltone
Well, there is a flip-side to an aggressive upgrade strategy: along with all the latest fixes you also get all the latest new bugs. In this case, anyone still on 23.0 or 23.1 would not have been affected in the first place…
I would use kerl/asdf or binaries built by Bob the Builder (by the Hex team; Erlang binaries conveniently listed here) on CI/CD servers, and then ship a release with bundled ERTS to production.
dimitarvp
Well I’d view it as a waste since I only need only one version on prod.
Plus shell shims take some CPU time which, while insignificant during development (or in general), would compound hugely on a production system running for months.
Popular in Erlang News
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








