Releases: erlang/otp
OTP 27.2.3
Patch Package: OTP 27.2.3
Git Tag: OTP-27.2.3
Date: 2025-02-17
Trouble Report Id: OTP-19457, OTP-19467, OTP-19486
Seq num: ERIERL-1189, ERIERL-1190, PR-9387, PR-9408,
PR-9418
System: OTP
Release: 27
Application: inets-9.3.2, ssl-11.2.8
Predecessor: OTP 27.2.2
Check out the git tag OTP-27.2.3, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.
inets-9.3.2
The inets-9.3.2 application can be applied independently of other applications
on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Improved robustness of httpd startup procedure.
Own Id: OTP-19486
Related Id(s): ERIERL-1190, PR-9408
Full runtime dependencies of inets-9.3.2
erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14,
ssl-9.0, stdlib-5.0, stdlib-6.0
ssl-11.2.8
Note! The ssl-11.2.8 application cannot be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.16.4 (first satisfied in OTP 27.1.3)
Fixed Bugs and Malfunctions
-
Setting protocol version to a lower value then supported by default in server
API function called after ssl:listen/2 could result in wrong default values
being used and connections failing with insufficient security.Own Id: OTP-19457
Related Id(s): PR-9418 -
Improve error handling of server name indication fun. This implies that if the
sni_funreturnsundefinedwe will attempt connection with original option
values, if it returnsunrecognizedwe end the connection with
UNRECOGNIZED_NAME alert and if provided options fail option verification we
will end the connection with a HANDSHAKE_FAILURE and an error log.Own Id: OTP-19467
Related Id(s): ERIERL-1189, PR-9387
Full runtime dependencies of ssl-11.2.8
crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4,
runtime_tools-1.15.1, stdlib-6.0
OTP 28.0-rc1
OTP 28.0-rc1
Erlang/OTP 28.0-rc1 is the first release candidate of three before the OTP 28.0 release.
The intention with this release is to get feedback from our users. All feedback is welcome, even if it is only to say that it works for you. We encourage users to try it out and give us feedback either by creating an issue at https://github.com/erlang/otp/issues or by posting to Erlang Forums.
All artifacts for the release can be downloaded from the Erlang/OTP Github release and you can view the new documentation at https://erlang.org/documentation/doc-16.0-rc1/doc.
You can also install the latest release using kerl like this:
kerl build 28.0-rc1 28.0-rc1.
Starting with this release, a source Software Bill of Materials (SBOM) will describe the release on the Github Releases page. We welcome feedback on the SBOM.
Erlang/OTP 28 is a new major release with new features, improvements as well as a few incompatibilities. Some of the new features are
highlighted below.
Many thanks to all contributors!
HIGHLIGHTS
New language features
-
Comprehensions have been extended with "zip generators" allowing multiple generators to be run in parallel. For example,
[A+B || A <- [1,2,3] && B <- [4,5,6]]will produce[5,7,9]. -
Generators in comprehensions can now be strict, meaning that if the generator pattern does not match, an exception will be raised instead of silently ignore the value that didn't match.
-
It is now possible to use any base for floating point numbers as per EEP 75: Based Floating Point Literals.
Compiler and JIT improvements
-
For certain types of errors, the compiler can now suggest corrections. For example, when attempting to use variable
Athat is not defined butA0is, the compiler could emit the following message:variable 'A' is unbound, did you mean 'A0'? -
The size of an atom in the Erlang source code was limited to 255 bytes in previous releases, meaning that an atom containing only emojis could contain only 63 emojis. While atoms are still only allowed to contain 255 characters, the number of bytes is no longer limited.
-
The
warn_deprecated_catchoption enables warnings for use of old-style catch expressions on the formcatch Exprinstead of the moderntry...catch...end. -
Provided that the map argument for a
maps:put/3call is known to the compiler to be a map, the compiler will replace such calls with the corresponding update using the map syntax. -
Some BIFs with side-effects (such as
binary_to_atom/1) are optimized intry...catchin the same way as guard BIFs in order to gain performance. -
The compiler’s alias analysis pass is now both faster and less conservative, allowing optimizations of records and binary construction to be applied in more cases.
ERTS
-
The
trace:system/3function has been added. It has a similar interface aserlang:system_monitor/2but it also supports trace sessions. -
os:set_signal/2now supports setting handlers for theSIGWINCH,SIGCONT, andSIGINFOsignals. -
The two new BIFs
erlang:processes_iterator/0anderlang:process_next/1make it possible to iterate over the process table in a way that scales better thanerlang:processes/0.
Shell and terminal
-
The erl -noshell mode has been updated to have two sub modes called
rawandcooked, wherecookedis the old default behaviour andrawcan be used to bypass the line-editing support of the native terminal. Usingrawmode it is possible to read keystrokes as they occur without the user having to press Enter. Also, therawmode does not echo the typed characters to stdout. -
The shell now prints a help message explaining how to interrupt a running command when stuck executing a command for longer than 5 seconds.
STDLIB
-
The
join(Binaries, Separator)function that joins a list of binaries has been added to thebinarymodule. -
By default, sets created by module
setswill now be represented as maps. -
Module
rehas been updated to use the newer PCRE2 library instead of the PCRE library. -
There is a new
zstdmodule that does Zstandard compression.
Dialyzer
- EEP 69: Nominal Types has been implemented.
SSL
- The data handling for tls-v1.3 has been optimized.
Emacs mode (in the Tools application)
- The
indent-regionin Emacs command will now handle multiline strings better.
For more details about new features and potential incompatibilities see the README.
OTP 27.2.2
Patch Package: OTP 27.2.2
Git Tag: OTP-27.2.2
Date: 2025-02-06
Trouble Report Id: OTP-19240, OTP-19381, OTP-19411, OTP-19445,
OTP-19455, OTP-19462
Seq num: ERIERL-1174, ERIERL-1177, GH-9112, GH-9117,
GH-9177, GH-9208, PR-9273, PR-9286, PR-9322,
PR-9356, PR-9372, PR-9377
System: OTP
Release: 27
Application: compiler-8.5.5, erts-15.2.2, kernel-10.2.2,
public_key-1.17.1, ssl-11.2.7
Predecessor: OTP 27.2.1
Check out the git tag OTP-27.2.2, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.
compiler-8.5.5
The compiler-8.5.5 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Eliminated a bug in the alias analysis pass that could potentially cause
unsafe optimizations of binary construction or record updates.Own Id: OTP-19455
Related Id(s): PR-9356
Full runtime dependencies of compiler-8.5.5
crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0
erts-15.2.2
The erts-15.2.2 application can be applied independently of other applications
on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Disabled an unsafe runtime optimization in binary construction that caused
silent memory corruption.Own Id: OTP-19462
Related Id(s): ERIERL-1177, PR-9372
Full runtime dependencies of erts-15.2.2
kernel-9.0, sasl-3.3, stdlib-4.1
kernel-10.2.2
Note! The kernel-10.2.2 application cannot be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- erts-15.1 (first satisfied in OTP 27.1)
Fixed Bugs and Malfunctions
-
Fixed a couple of bugs that could make
global's internal state inconsistent
when a connection was reconnected.
Full runtime dependencies of kernel-10.2.2
crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0
public_key-1.17.1
The public_key-1.17.1 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Consider keyCertSign to compatible with extended key usage for TLS
client/server auth in CAs, adhere to wide spread implementations
Full runtime dependencies of public_key-1.17.1
asn1-5.0, crypto-5.0, erts-13.0, kernel-8.0, stdlib-4.0
ssl-11.2.7
Note! The ssl-11.2.7 application cannot be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.16.4 (first satisfied in OTP 27.1.3)
Fixed Bugs and Malfunctions
-
An initiated handshake should always be closed with an alert, some corner
cases have been fixed so that this should always be the case.Own Id: OTP-19411
Related Id(s): ERIERL-1174, PR-9273 -
Correct option handling to work properly for paused handshaking. Could result
in unwanted alerts or or error messages.
Full runtime dependencies of ssl-11.2.7
crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4,
runtime_tools-1.15.1, stdlib-6.0
Thanks to
Frej Drejhammar
OTP 26.2.5.8
Patch Package: OTP 26.2.5.8
Git Tag: OTP-26.2.5.8
Date: 2025-02-12
Trouble Report Id: OTP-19240, OTP-19381, OTP-19462
Seq num: ERIERL-1177, GH-9112, GH-9117, GH-9208,
PR-9286, PR-9372, PR-9377
System: OTP
Release: 26
Application: erts-14.2.5.7, kernel-9.2.4.6,
public_key-1.15.1.5
Predecessor: OTP 26.2.5.7
Check out the git tag OTP-26.2.5.8, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- erts-14.2.5.7 ---------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.5.7 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19462 Application(s): erts
Related Id(s): ERIERL-1177, PR-9372
Disabled an unsafe runtime optimization in binary
construction that caused silent memory corruption.
Full runtime dependencies of erts-14.2.5.7: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-9.2.4.6 --------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.4.6 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19381 Application(s): kernel
Related Id(s): GH-9112, GH-9117, PR-9377
Fixed a couple of bugs that could make global's
internal state inconsistent when a connection was
reconnected.
Full runtime dependencies of kernel-9.2.4.6: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- public_key-1.15.1.5 ---------------------------------------------
---------------------------------------------------------------------
The public_key-1.15.1.5 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19240 Application(s): public_key
Related Id(s): GH-9208, PR-9286
Consider keyCertSign to compatible with extended key
usage for TLS client/server auth in CAs, adhere to wide
spread implementations
Full runtime dependencies of public_key-1.15.1.5: asn1-3.0,
crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 25.3.2.17
Patch Package: OTP 25.3.2.17
Git Tag: OTP-25.3.2.17
Date: 2025-02-12
Trouble Report Id: OTP-19381, OTP-19385, OTP-19388, OTP-19392,
OTP-19435, OTP-19462
Seq num: ERIERL-1165, ERIERL-1166, ERIERL-1177,
GH-9065, GH-9112, GH-9117, PR-9139, PR-9155,
PR-9156, PR-9161, PR-9309, PR-9372, PR-9377
System: OTP
Release: 25
Application: common_test-1.24.0.6, erts-13.2.2.13,
kernel-8.5.4.4, ssh-4.15.3.9
Predecessor: OTP 25.3.2.16
Check out the git tag OTP-25.3.2.17, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.24.0.6 --------------------------------------------
---------------------------------------------------------------------
The common_test-1.24.0.6 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19385 Application(s): common_test
Related Id(s): ERIERL-1166, PR-9155, PR-9156
Common test will now not crash when running tests with
OTP-26 and earlier, while having previous test results
from OTP-27.
Full runtime dependencies of common_test-1.24.0.6: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- erts-13.2.2.13 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.13 application *cannot* be applied
independently of other applications on an arbitrary OTP 25
installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-19462 Application(s): erts
Related Id(s): ERIERL-1177, PR-9372
Disabled an unsafe runtime optimization in binary
construction that caused silent memory corruption.
Full runtime dependencies of erts-13.2.2.13: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-8.5.4.4 --------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-8.5.4.4 application *cannot* be applied
independently of other applications on an arbitrary OTP 25
installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- erts-13.1.3 (first satisfied in OTP 25.2)
-- stdlib-4.1.1 (first satisfied in OTP 25.1.1)
--- Fixed Bugs and Malfunctions ---
OTP-19381 Application(s): kernel
Related Id(s): GH-9112, GH-9117, PR-9377
Fixed a couple of bugs that could make global's
internal state inconsistent when a connection was
reconnected.
Full runtime dependencies of kernel-8.5.4.4: crypto-5.0, erts-13.1.3,
sasl-3.0, stdlib-4.1.1
---------------------------------------------------------------------
--- ssh-4.15.3.9 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.15.3.9 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19388 Application(s): ssh
Related Id(s): ERIERL-1165, PR-9161
With this change, type specs for
ssh:connection_info/1,2 functions are fixed so they
include {error, term()} return value.
OTP-19392 Application(s): ssh
Related Id(s): GH-9065, PR-9139
With this change, ssh client accepts a banner sent
during processing keyboard interactive user
authentication.
OTP-19435 Application(s): ssh
Related Id(s): PR-9309
With this change, large sftp transfers does not hang.
Redundant window adjustment are not requested.
Full runtime dependencies of ssh-4.15.3.9: crypto-5.0, erts-11.0,
kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
Alexandre Rodrigues
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.2.5.7
Patch Package: OTP 26.2.5.7
Git Tag: OTP-26.2.5.7
Date: 2025-01-27
Trouble Report Id: OTP-19385, OTP-19388, OTP-19392, OTP-19407,
OTP-19411, OTP-19418, OTP-19435, OTP-19439,
OTP-19445
Seq num: ERIERL-1165, ERIERL-1166, ERIERL-1174,
ERIERL-1183, GH-9065, GH-9163, GH-9177,
GH-9211, PR-9139, PR-9155, PR-9156, PR-9161,
PR-9234, PR-9273, PR-9274, PR-9309, PR-9314,
PR-9322
System: OTP
Release: 26
Application: common_test-1.26.2.4, dialyzer-5.1.3.1,
erts-14.2.5.6, kernel-9.2.4.5, ssh-5.1.4.5,
ssl-11.1.4.7
Predecessor: OTP 26.2.5.6
Check out the git tag OTP-26.2.5.7, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.26.2.4 --------------------------------------------
---------------------------------------------------------------------
The common_test-1.26.2.4 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19385 Application(s): common_test
Related Id(s): ERIERL-1166, PR-9155, PR-9156
Common test will now not crash when running tests with
OTP-26 and earlier, while having previous test results
from OTP-27.
Full runtime dependencies of common_test-1.26.2.4: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- dialyzer-5.1.3.1 ------------------------------------------------
---------------------------------------------------------------------
The dialyzer-5.1.3.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19439 Application(s): dialyzer
Related Id(s): ERIERL-1183, PR-9314
Fixed a crash caused by the use of opaque types.
Full runtime dependencies of dialyzer-5.1.3.1: compiler-8.0,
erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0, wx-2.0
---------------------------------------------------------------------
--- erts-14.2.5.6 ---------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.5.6 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19407 Application(s): erts
Related Id(s): GH-9211, PR-9234
Fixed configure tests for GCC 14
Full runtime dependencies of erts-14.2.5.6: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-9.2.4.5 --------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.4.5 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19418 Application(s): kernel
Related Id(s): GH-9163, PR-9274
Fix bug where log printouts would go missing when
application_controller is stopping while log messages
are being sent.
This bug was introduced by OTP-19078 in Erlang/OTP
26.2.5.
Full runtime dependencies of kernel-9.2.4.5: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- ssh-5.1.4.5 -----------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.4.5 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19388 Application(s): ssh
Related Id(s): ERIERL-1165, PR-9161
With this change, type specs for
ssh:connection_info/1,2 functions are fixed so they
include {error, term()} return value.
OTP-19392 Application(s): ssh
Related Id(s): GH-9065, PR-9139
With this change, ssh client accepts a banner sent
during processing keyboard interactive user
authentication.
OTP-19435 Application(s): ssh
Related Id(s): PR-9309
With this change, large sftp transfers does not hang.
Redundant window adjustment are not requested.
Full runtime dependencies of ssh-5.1.4.5: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
--- ssl-11.1.4.7 ----------------------------------------------------
---------------------------------------------------------------------
The ssl-11.1.4.7 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19411 Application(s): ssl
Related Id(s): ERIERL-1174, PR-9273
An initiated handshake should always be closed with an
alert, some corner cases have been fixed so that this
should always be the case.
OTP-19445 Application(s): ssl
Related Id(s): GH-9177, PR-9322
Correct option handling to work properly for paused
handshaking. Could result in unwanted alerts or or
error messages.
Full runtime dependencies of ssl-11.1.4.7: crypto-5.0, erts-14.0,
inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-4.1
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
Alexandre Rodrigues, Luke Bakken
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 27.2.1
Patch Package: OTP 27.2.1
Git Tag: OTP-27.2.1
Date: 2025-01-23
Trouble Report Id: OTP-19385, OTP-19388, OTP-19392, OTP-19407,
OTP-19418, OTP-19435, OTP-19439, OTP-19444,
OTP-19446
Seq num: ERIERL-1165, ERIERL-1166, ERIERL-1179,
ERIERL-1183, GH-9065, GH-9163, GH-9211,
GH-9237, PR-9139, PR-9155, PR-9156, PR-9161,
PR-9234, PR-9274, PR-9309, PR-9314, PR-9318,
PR-9327
System: OTP
Release: 27
Application: common_test-1.27.6, dialyzer-5.3.1,
erts-15.2.1, kernel-10.2.1, ssh-5.2.6,
tftp-1.2.2
Predecessor: OTP 27.2
Check out the git tag OTP-27.2.1, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.
common_test-1.27.6
The common_test-1.27.6 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Common test will now not crash when running tests with otp26 and earlier,
while having previous test resuts from otp27.Own Id: OTP-19385
Related Id(s): ERIERL-1166, PR-9155, PR-9156
Full runtime dependencies of common_test-1.27.6
compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0,
kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
dialyzer-5.3.1
The dialyzer-5.3.1 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Fixed a crash caused by the use of opaque types.
Own Id: OTP-19439
Related Id(s): ERIERL-1183, PR-9314
Full runtime dependencies of dialyzer-5.3.1
compiler-8.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0
erts-15.2.1
The erts-15.2.1 application can be applied independently of other applications
on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Fixed configure tests for GCC 14
-
Fix bug where log printouts would go missing when
application_controlleris
stopping while log messages are being sent.This bug was introduced by OTP-19078 in Erlang/OTP 26.2.5.
Full runtime dependencies of erts-15.2.1
kernel-9.0, sasl-3.3, stdlib-4.1
kernel-10.2.1
Note! The kernel-10.2.1 application cannot be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- erts-15.1 (first satisfied in OTP 27.1)
Fixed Bugs and Malfunctions
-
Fix the default group_leader to reply
{error,request}on invalid I/O
requests instead of crashing.This bug was introduced in Erlang/OTP 27.2.
Full runtime dependencies of kernel-10.2.1
crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0
ssh-5.2.6
The ssh-5.2.6 application can be applied independently of other applications on
a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
With this change, type specs for ssh:connection_info/1,2 functions are fixed
so they include {error, term()} return value.Own Id: OTP-19388
Related Id(s): ERIERL-1165, PR-9161 -
With this change, ssh client accepts a banner sent during processing keyboard
interactive user authentication. -
With this change, large sftp transfers does not hang. Redundant window
adjustment are not requested.Own Id: OTP-19435
Related Id(s): PR-9309
Full runtime dependencies of ssh-5.2.6
crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1,
stdlib-5.0, stdlib-6.0
tftp-1.2.2
The tftp-1.2.2 application can be applied independently of other applications on
a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Fix specs in tftp:read_file function.
Own Id: OTP-19446
Related Id(s): ERIERL-1179, PR-9327
Full runtime dependencies of tftp-1.2.2
erts-6.0, kernel-6.0, stdlib-5.0
Thanks to
Alexandre Rodrigues, Luke Bakken
OTP 27.2
OTP 27.2
Erlang/OTP 27.2 is the second maintenance patch package for OTP 27, with mostly bug fixes as well as improvements.
Potential incompatibilities:
- The HTTP client now correctly takes into account the
full_resultrequest option
when returning an asynchronous request.
For details about bugfixes and potential incompatibilities see the Erlang 27.2 README
The Erlang/OTP source can also be found at GitHub on the official Erlang repository, https://github.com/erlang/otp
Download links for this and previous versions are found here
OTP 27.1.3
Patch Package: OTP 27.1.3
Git Tag: OTP-27.1.3
Date: 2024-12-05
Trouble Report Id: OTP-19240, OTP-19293, OTP-19311, OTP-19325,
OTP-19326, OTP-19328, OTP-19332, OTP-19340,
OTP-19350, OTP-19352, OTP-19357, OTP-19365,
OTP-19366, OTP-19374
Seq num: #8989, CVE-2024-53846, ERIERL-1134,
ERIERL-1139, ERIERL-1147, ERIERL-1157,
GH-8929, GH-9009, GH-9014, GH-9100,
OTP-19061, OTP-19240, OTP-19532, PR-8840,
PR-8924, PR-8931, PR-8980, PR-8995, PR-9001,
PR-9024, PR-9053, PR-9080, PR-9111, PR-9130
System: OTP
Release: 27
Application: common_test-1.27.4, compiler-8.5.3,
erts-15.1.3, kernel-10.1.2,
public_key-1.16.4, ssh-5.2.4, ssl-11.2.5
Predecessor: OTP 27.1.2
Check out the git tag OTP-27.1.3, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.
common_test-1.27.4
The common_test-1.27.4 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
With this change, cth_surefire hook module handles group path reduction for a
skipped group. This fixes a bug manifesting with improper group path for a
group executed after a group which was skipped.Own Id: OTP-19365
Related Id(s): ERIERL-1157, PR-9080
Improvements and New Features
-
With this change, prefix option can be specified in cth_conn_log option list.
Option allows to specify how much of additional information is added in raw
log output.Own Id: OTP-19293
Related Id(s): ERIERL-1139, PR-8924, PR-8931
Full runtime dependencies of common_test-1.27.4
compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0,
kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
compiler-8.5.3
The compiler-8.5.3 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
In rare circumstances, the destructive tuple update optimization could be
applied when it was unsafe. -
In rare circumstances involving appending to multiple binaries, the compile
could emit unsafe code that would crash the runtime system.
Full runtime dependencies of compiler-8.5.3
crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0
erts-15.1.3
The erts-15.1.3 application can be applied independently of other applications
on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
gen_udp:send on domain local can leak inet_reply messages.
Own Id: OTP-19332
Related Id(s): #8989 -
net:getifaddrs does not properly report the running flag on windows.
Own Id: OTP-19366
Related Id(s): ERIERL-1134, OTP-19061
Full runtime dependencies of erts-15.1.3
kernel-9.0, sasl-3.3, stdlib-4.1
kernel-10.1.2
Note! The kernel-10.1.2 application cannot be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- erts-15.1 (first satisfied in OTP 27.1)
Fixed Bugs and Malfunctions
-
On windows the socket:recv could return with success ({ok, Data}) even though
not all data had been read.Own Id: OTP-19328
-
gen_udp:send on domain local can leak inet_reply messages.
Own Id: OTP-19332
Related Id(s): #8989 -
Failure to create an UDP IPv6 socket when inet_backend = socket with certain
IPv6 socket options.Own Id: OTP-19357
-
net:getifaddrs does not properly report the running flag on windows.
Own Id: OTP-19366
Related Id(s): ERIERL-1134, OTP-19061
Full runtime dependencies of kernel-10.1.2
crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0
public_key-1.16.4
The public_key-1.16.4 application can be applied independently of other
applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
If both
ext-key-usageandkey-usageare defined for a certificate it
should be checked that these usages are consistent with each other. This will
have the affect that such certificates where theext-key-usagesis marked as
critical and the usages is consistent with thekey-useit can be considered
valid without mandatory application specific checks for theext-key-useage
extension.Own Id: OTP-19240
Related Id(s): PR-8840, OTP-19532 -
Handle decoding of EDDSA key properly, when decoding a PEM file that contains
only the public EDDSA key.
Full runtime dependencies of public_key-1.16.4
asn1-3.0, crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5
ssh-5.2.4
The ssh-5.2.4 application can be applied independently of other applications on
a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
With this change, ssh connection does not crash upon receiving exit-signal
message for an already terminated channel.
Full runtime dependencies of ssh-5.2.4
crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1,
stdlib-5.0, stdlib-6.0
ssl-11.2.5
Note! The ssl-11.2.5 application cannot be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.16.4 (first satisfied in OTP 27.1.3)
Fixed Bugs and Malfunctions
-
Avoid generating an internal alert for case that should have been an orderly
shutdown by the supervisor.Own Id: OTP-19311
Related Id(s): PR-8980 -
If present, extended key-usage TLS (SSL) role check (
pk-clientAuth,
pk-serverAuth) should always be performed for peer-cert. An intermediate CA
cert may relax the requirement ifAnyExtendedKeyUsagepurpose is present.In OTP-25.3.2.8, OTP-26.2 and OTP-27.0 these requirements became too relaxed.
There where two problems, firstly the peer cert extension was only checked if
it was marked critical, and secondly the CA cert check did not assert the
relaxedAnyExtendedKeyUsagepurpose.This could result in that certificates might be misused for purposes not
intended by the certificate authority.Thanks to Bryan Paxton for reporting the issue.
Own Id: OTP-19352
Related Id(s): PR-9130, CVE-2024-53846, OTP-19240
Improvements and New Features
-
Back port certificate_authorities option for TLS-1.3 servers to pre TLS-1.3
servers to enable them to disable the sending of certificate authorities in
their certificate request. This will have same affect as the the TLS-1.3
server option although it is handled by a different mechanism in these
versions, where the functionality is described to be more of a guidance,
although some pre TLS clients have proven to make it mandatory as in TLS-1.3
extension handling.Own Id: OTP-19325
Related Id(s): ERIERL-1147, PR-9001
Full runtime dependencies of ssl-11.2.5
crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4,
runtime_tools-1.15.1, stdlib-6.0
Thanks to
Frej Drejhammar, zmstone
OTP 26.2.5.6
Patch Package: OTP 26.2.5.6
Git Tag: OTP-26.2.5.6
Date: 2024-12-05
Trouble Report Id: OTP-19240, OTP-19330, OTP-19332, OTP-19350,
OTP-19352, OTP-19357, OTP-19365, OTP-19366,
OTP-19368, OTP-19379, OTP-19380
Seq num: #8989, CVE-2024-53846, ERIERL-1134,
ERIERL-1154, ERIERL-1157, GH-8755, GH-8829,
GH-8983, GH-9009, OTP-19061, OTP-19240,
OTP-19532, PR-8840, PR-8878, PR-9008,
PR-9053, PR-9080, PR-9093, PR-9130
System: OTP
Release: 26
Application: common_test-1.26.2.3, erts-14.2.5.5,
inets-9.1.0.2, kernel-9.2.4.4,
mnesia-4.23.1.1, public_key-1.15.1.4,
ssl-11.1.4.6, stdlib-5.2.3.3
Predecessor: OTP 26.2.5.5
Check out the git tag OTP-26.2.5.6, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.26.2.3 --------------------------------------------
---------------------------------------------------------------------
The common_test-1.26.2.3 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19365 Application(s): common_test
Related Id(s): ERIERL-1157, PR-9080
With this change, cth_surefire hook module handles
group path reduction for a skipped group. This fixes a
bug manifesting with improper group path for a group
executed after a group which was skipped.
Full runtime dependencies of common_test-1.26.2.3: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- erts-14.2.5.5 ---------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.5.5 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19330 Application(s): erts
Related Id(s): GH-8983, PR-9008
Fix lock order violation if a NIF monitor down callback
calls enif_whereis_pid. Would cause debug emulator to
crash but could potentially lead to deadlocks in
optimized emulator.
OTP-19332 Application(s): erts, kernel
Related Id(s): #8989
gen_udp:send on domain local can leak inet_reply
messages.
OTP-19366 Application(s): erts, kernel
Related Id(s): ERIERL-1134, OTP-19061
net:getifaddrs does not properly report the running
flag on windows.
Full runtime dependencies of erts-14.2.5.5: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- inets-9.1.0.2 ---------------------------------------------------
---------------------------------------------------------------------
The inets-9.1.0.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19379 Application(s): inets
Related Id(s): GH-8829, PR-8878
Fixed a bug where calling httpc:set_options/2 when one
of keys: ipfamily or unix_socket, was not present,
would cause the other value to get overriden by the
default value. The validation of these options was also
improved.
Full runtime dependencies of inets-9.1.0.2: erts-14.0, kernel-9.0,
mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0,
stdlib-5.0, stdlib-5.0
---------------------------------------------------------------------
--- kernel-9.2.4.4 --------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.4.4 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19332 Application(s): erts, kernel
Related Id(s): #8989
gen_udp:send on domain local can leak inet_reply
messages.
OTP-19357 Application(s): kernel
Failure to create an UDP IPv6 socket when inet_backend
= socket with certain IPv6 socket options.
OTP-19366 Application(s): erts, kernel
Related Id(s): ERIERL-1134, OTP-19061
net:getifaddrs does not properly report the running
flag on windows.
Full runtime dependencies of kernel-9.2.4.4: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- mnesia-4.23.1.1 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.23.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19368 Application(s): mnesia
Related Id(s): ERIERL-1154, PR-9093
Mnesia could crash if table was deleted during
checkpoint initialization.
Full runtime dependencies of mnesia-4.23.1.1: erts-9.0, kernel-5.3,
stdlib-5.0
---------------------------------------------------------------------
--- public_key-1.15.1.4 ---------------------------------------------
---------------------------------------------------------------------
The public_key-1.15.1.4 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19240 Application(s): public_key
Related Id(s): PR-8840, OTP-19532
If both ext-key-usage and key-usage are defined for a
certificate it should be checked that these usages are
consistent with each other. This will have the affect
that such certificates where the ext-key-usages is
marked as critical and the usages is consistent with
the key-use it can be considered valid without
mandatory application specific checks for the
ext-key-useage extension.
OTP-19350 Application(s): public_key
Related Id(s): GH-9009, PR-9053
Handle decoding of EDDSA key properly, when decoding a
PEM file that contains only the public EDDSA key.
Full runtime dependencies of public_key-1.15.1.4: asn1-3.0,
crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- ssl-11.1.4.6 ----------------------------------------------------
---------------------------------------------------------------------
The ssl-11.1.4.6 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19352 Application(s): ssl
Related Id(s): PR-9130, CVE-2024-53846, OTP-19240
If present, extended key-usage TLS (SSL) role check
(pk-clientAuth, pk-serverAuth) should always be
performed for peer-cert. An intermediate CA cert may
relax the requirement if AnyExtendedKeyUsage purpose is
present.
In OTP-25.3.2.8, OTP-26.2 and OTP-27.0 these
requirements became too relaxed. There where two
problems, firstly the peer cert extension was only
checked if it was marked critical, and secondly the CA
cert check did not assert the relaxed
AnyExtendedKeyUsage purpose.
This could result in that certificates might be misused
for purposes not intended by the certificate authority.
Thanks to Bryan Paxton for reporting the issue.
Full runtime dependencies of ssl-11.1.4.6: crypto-5.0, erts-14.0,
inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-4.1
---------------------------------------------------------------------
--- stdlib-5.2.3.3 --------------------------------------------------
---------------------------------------------------------------------
The stdlib-5.2.3.3 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19380 Application(s): stdlib
Related Id(s): GH-8755
Fixed an error in uri_string:percent_decode spec
Full runtime dependencies of stdlib-5.2.3.3: compiler-5.0,
crypto-4.5, erts-13.1, kernel-9.0, sasl-3.0
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
Marko Mindek
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------