Hacker News new | ask | show | jobs
by pdimitar 38 days ago
Do you have a list?
1 comments
sph 37 days ago
Copied from the defectdojo report (generated on an Elixir 1.19 app on ubuntu noble base image from February 2026):

  Critical CVE-2025-32433 in erlang:27.3
  Critical CVE-2026-28808 in erlang:27.3   
  High CVE-2026-23941 in erlang:27.3 
  High CVE-2026-32144 in erlang:27.3   
  High CVE-2025-48041 in erlang:27.3   
  High CVE-2025-68973 in gpgv:2.4.4-2ubuntu17   
  High CVE-2025-30211 in erlang:27.3
  High CVE-2025-68973 GPGV 2.4.4-2ubuntu17
All these seem to be fixed by upgrading to latest ubuntu image + Erlang/OTP 28.5
link
pdimitar 37 days ago
Thank you. The problem with new OTP releases is that usually there's a X.0.1 release shortly after because something was broken. At least it was that way with 28. I'll wait a few weeks.
link