OTP 23.1 has been released

OTP 23.1 Readme File

OTP 23.1 Source File (93017456)

OTP 23.1 Windows 32-bit Binary File (93017456)

OTP 23.1 Windows 64-bit Binary File (94643248)

OTP 23.1 HTML Documentation File (36285075)

OTP 23.1 Man Pages File (1384042)

OTP 23.1

Erlang/OTP 23.1 is a the first maintenance patch release for OTP 23, with mostly bug fixes as well as a few improvements.

Vulnerability fix

A vulnerability in the httpd module (inets application) regarding directory traversal that was introduced in OTP 22.3.1 and corrected in OTP 22.3.4.6. It was also introduced in OTP 23.0 and corrected in OTP 23.1 The vulnerability is registered as CVE-2020-25623.

The vulnerability is only exposed if the http server (httpd) in the inets application is used. The vulnerability makes it possible to read arbitrary files which the Erlang system has read access to with for example a specially prepared http request.

General build issues

Adjust /bin/sh to /system/bin/sh in scripts when installing on Android.

Changes in build system to make it build for macOS 11.0 with Apple Silicon. Also corrected execution of match specs to work on Apple Silicon.

Full list of bug fixes and improvements in the readme.

http://erlang.org/download/OTP-23.1.README

Online documentation can be browsed here:

http://erlang.org/documentation/doc-11.1/doc

The Erlang/OTP source can also be found at GitHub on the official Erlang repository,

https://github.com/erlang/otp