By mistake my answer was only sent to Peter Tirell, should have been sent
to the list.
Here it is
The pre built Windows installers on erlang.org are only provided for the
planned releases and patch packages, they are not provided for "emergency"
between or after the planned releases. 18.3 is the latest pre built
Windows installer for the OTP 18 release track.
In order to apply 220.127.116.11 you have to build from source.
Another possibility if it is tricky to build on Windows, is that you build
from source on Linux and then copy the only application changed by the
patch to your Windows system under ERl_ROOT/lib or somewhere else if you
point it out with erl -pa <Path>
Since OTP 20.2 is just a patch it only lists in its README what has been
fixed since the last patch , which was 20.1.7 containing a fix for
OTP-14748. You can look i the release notes for the ssl application in OTP
20.2 and find that OTP-14748 is mentioned there.
So there is a Windows build, namely 20.2 which includes the patch you are
/Regards Kenneth, Erlang/OTP Ericsson
On Wed, Dec 20, 2017 at 3:55 PM, Peter Tirrell <[hidden email]> wrote:
> Hello all,
> I saw an existing recent thread about general patch packages but didn't
> necessarily want to hijack that thread. I currently am using OTP 18.2.1 on
> Windows but became aware of security advisory CVE-2017-1000385 (
> It looks like I can get OTP 18.104.22.168+ and have the advisory addressed, but
> I'm unclear on how to do so. The downloads page simply lists an 18.3
> download and doesn't list the fixed OTP bug number in the readme. The
> earlier thread I saw seemed to imply that Windows builds on the downloads
> page aren't updated.
> So my question is - how do I apply the latest Windows patched builds? Are
> there patched Windows release builds available somewhere? If I download a
> version from the downloads page, will that be the latest available major
> point version, including any patches for that point version?
> Or if there's a patch package put out, do I need to either compile that
> version from source, or wait until there is another major point version
> released that comes *after* that patch package was created? For example,
> I'm looking for a fix for bug "OTP-14748". The only Windows build that
> appears to be dated since that was fixed is 20.2, yet the readme for that
> does not include a reference to 14748 either.
> Thanks for any info!
> erlang-questions mailing list
> [hidden email]
-------------- next part --------------
An HTML attachment was scrubbed...