Hi,
We are On premise users, and recently got an update from Outsystems that we need to update Erlang to version 26.2.5.11 or later.
Before proceeding, I’d like to gather feedback from anyone who has already performed this upgrade, or has insight into the potential impact on our current deployment. Specifically:
Has anyone already upgraded Erlang to 26.2.5.11 or beyond?
Were there any issues or considerations we should be aware of (e.g., impact on OutSystems services, dependencies, any errors, a rollback plan)?
Are there any recommended steps or best practices for performing this upgrade in a safe and tested manner?
Thanks and Regards,
Ramya
Hi Ramya,
Did you update the Erlang to 26.2.5.11 or late?
Now its seems to be mandatory because a vulnerability has been found some versions of Erlang/OTP.
Treat:
A serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. Affected Versions: Versions prior to OTP-27.3.3 Versions prior to OTP-26.2.5.11 Versions prior to OTP-25.3.2.20 QID Detection Logic (Authenticated) Unix: This QID checks if the target has vulnerable version of Erlang/OTP by reading the OTP_VERSION file. QID Detection Logic (Authenticated) Windows: QID checks for the Vulnerable version of Erlang using registry keys.
Did you successfully update to version 26.2.5.11? Were there any findings that we should be aware of?
Thank you,
Jorge
To make sure anyone reading this thread has full context, please see https://security.outsystems.com/?tcuUid=d215a265-c310-4d60-823f-4b5e68898e7e
Are there any specific procedures that must be followed to perform the update? For example, is it necessary to use Configuration Tools, or can I simply update to version OTP-26.2.5.11 directly?