Is there a page or document that lists what specific version of erlang-otp is used in each release of ConfD?
I checked the release notes for ConfD 7.8.3 and found only the following:
erlang-api: The old Erlang crypto API was deprecated in OTP 23.x in
favor of the new crypto API. Furthermore, the old Erlang crypto API is
removed in OTP 24.x.
ConfD migrates to the new crypto API and also replaces erlang:phash/2
(deprecated) with erlang:phash2/2 for the econfd MAAPI cursor id.
(ENG-28212, RT:48547, PS-43659, CSCwa82880)
I ask because of this CVE: NVD - CVE-2022-37026
The CVE states:
“In Erlang/OTP before 18.104.22.168, 24.x before 22.214.171.124, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.”
It would be useful to know which versions of ConfD are not vulnerable to this. Thank you!