Releases: erlang/otp
Releases Β· erlang/otp
OTP 22.3.4.27
Patch Package: OTP 22.3.4.27
Git Tag: OTP-22.3.4.27
Date: 2024-03-18
Trouble Report Id: OTP-18169, OTP-18170, OTP-18175, OTP-18197,
OTP-18258, OTP-18897, OTP-19002
Seq num: ERIERL-1041, GH-6165, GH-6309, PR-6134,
PR-6135, PR-6142, PR-6213, PR-6324
System: OTP
Release: 22
Application: erts-10.7.2.19, ssh-4.9.1.5
Predecessor: OTP 22.3.4.26
Check out the git tag OTP-22.3.4.27, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH User's Guide.
---------------------------------------------------------------------
--- erts-10.7.2.19 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.7.2.19 application *cannot* be applied
independently of other applications on an arbitrary OTP 22
installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.5.2.5 (first satisfied in OTP 22.3.4.25)
--- Fixed Bugs and Malfunctions ---
OTP-18169 Application(s): erts
Related Id(s): PR-6134
A race could cause process_info(Pid, message_queue_len)
on other processes to return invalid results.
OTP-18170 Application(s): erts
Related Id(s): PR-6135
Fixed reduction counting for handling process system
tasks.
OTP-18175 Application(s): erts
Related Id(s): PR-6142
Priority elevation of terminating processes did not
work which could cause execution of such processes to
be delayed.
OTP-18197 Application(s): erts
Related Id(s): GH-6165, PR-6213
The erlang:monotonic_time/1, erlang:system_time/1,
erlang:time_offset/1, and os:system_time/1 BIFs
erroneously failed when passed the argument native.
OTP-18258 Application(s): erts
Related Id(s): GH-6309, PR-6324
Notifications about available distribution data sent to
distribution controller processes could be lost.
Distribution controller processes can be used when
implementing an alternative distribution carrier. The
default distribution over tcp was not effected and the
bug was also not present on x86/x86_64 platforms.
Full runtime dependencies of erts-10.7.2.19: kernel-6.5.2.5,
sasl-3.3, stdlib-3.5
---------------------------------------------------------------------
--- ssh-4.9.1.5 -----------------------------------------------------
---------------------------------------------------------------------
Note! The ssh-4.9.1.5 application *cannot* be applied independently
of other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- crypto-4.6.4 (first satisfied in OTP 22.2.2)
--- Fixed Bugs and Malfunctions ---
OTP-18897 Application(s): ssh
*** POTENTIAL INCOMPATIBILITY ***
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH User's Guide.
OTP-19002 Application(s): ssh
Related Id(s): ERIERL-1041
With this change, KEX strict terminal message is
emitted with debug verbosity.
Full runtime dependencies of ssh-4.9.1.5: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 23.3.4.20
Patch Package: OTP 23.3.4.20
Git Tag: OTP-23.3.4.20
Date: 2024-03-18
Trouble Report Id: OTP-18897, OTP-19002
Seq num: ERIERL-1041
System: OTP
Release: 23
Application: ssh-4.11.1.7
Predecessor: OTP 23.3.4.19
Check out the git tag OTP-23.3.4.20, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH User's Guide.
---------------------------------------------------------------------
--- ssh-4.11.1.7 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.11.1.7 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18897 Application(s): ssh
*** POTENTIAL INCOMPATIBILITY ***
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH User's Guide.
OTP-19002 Application(s): ssh
Related Id(s): ERIERL-1041
With this change, KEX strict terminal message is
emitted with debug verbosity.
Full runtime dependencies of ssh-4.11.1.7: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 25.3.2.10
Patch Package: OTP 25.3.2.10
Git Tag: OTP-25.3.2.10
Date: 2024-03-13
Trouble Report Id: OTP-18971, OTP-18986, OTP-18996, OTP-19002,
OTP-19003, OTP-19006, OTP-19008, OTP-19015,
OTP-19019
Seq num: ERIERL-1041, ERIERL-682, GH-8044, GH-8119,
GH-8187, PR-8173, PR-8174, PR-8189, PR-8201
System: OTP
Release: 25
Application: compiler-8.2.6.4, crypto-5.1.4.2,
erts-13.2.2.7, ssh-4.15.3.3
Predecessor: OTP 25.3.2.9
Check out the git tag OTP-25.3.2.10, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- compiler-8.2.6.4 ------------------------------------------------
---------------------------------------------------------------------
The compiler-8.2.6.4 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19003 Application(s): compiler
Related Id(s): GH-8187, PR-8189
In rare circumstances, an unsafe optimization could
cause the compiler to generate incorrect code for list
matching.
OTP-19019 Application(s): compiler
In rare circumstances, the compiler code generate
unsafe code for a bit syntax match.
Full runtime dependencies of compiler-8.2.6.4: crypto-5.1, erts-13.0,
kernel-8.4, stdlib-4.0
---------------------------------------------------------------------
--- crypto-5.1.4.2 --------------------------------------------------
---------------------------------------------------------------------
The crypto-5.1.4.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18996 Application(s): crypto
Related Id(s): PR-8173, PR-8174
The function crypto:pbkdf2_hmac will no longer block
the main schedulers. If the iteration count or block
size parameters are such that the function is likely to
take a long time to execute, the function will be
scheduled to run on a dirty CPU scheduler.
Full runtime dependencies of crypto-5.1.4.2: erts-9.0, kernel-5.3,
stdlib-3.9
---------------------------------------------------------------------
--- erts-13.2.2.7 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.7 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18971 Application(s): erts
Related Id(s): GH-8044
Fix heap corruption bug that could cause runaway memory
consumption due to circular offheap list at process
exit. Other symptoms may also be possible. Bug exists
since OTP 25.0.
OTP-19006 Application(s): erts
The code server could be hanging if a module with
on_load function was loaded at the same time as another
module was purged using erlang:purge_module directly.
OTP-19008 Application(s): erts
Related Id(s): GH-8119, PR-8201
A process optimized for parallel signal delivery could
under some circumstances lose wakeup information. That
is, the processes was not woken up to take care of the
signal, so the signal would not be taken care of until
the process was woken by another signal. Only processes
configured with message_queue_data set to off_heap
utilize this optimization.
OTP-19015 Application(s): erts
Related Id(s): ERIERL-682
Fix bug in re:run/3 where if an invalid UTF-8 subject
was given, re:run could get stuck in an infinite loop.
Bug was introduced in Erlang/OTP 22.1.
Full runtime dependencies of erts-13.2.2.7: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- ssh-4.15.3.3 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.15.3.3 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18986 Application(s): ssh
With this change, more secure algorithms are preferred
by ssh and documentation is updated to reflect that.
OTP-19002 Application(s): ssh
Related Id(s): ERIERL-1041
With this change, KEX strict terminal message is
emitted with debug verbosity.
Full runtime dependencies of ssh-4.15.3.3: crypto-5.0, erts-11.0,
kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP-26.2.3
Patch Package: OTP 26.2.3
Git Tag: OTP-26.2.3
Date: 2024-03-07
Trouble Report Id: OTP-18890, OTP-18900, OTP-18906, OTP-18907,
OTP-18909, OTP-18910, OTP-18919, OTP-18921,
OTP-18924, OTP-18926, OTP-18935, OTP-18936,
OTP-18937, OTP-18940, OTP-18948, OTP-18952,
OTP-18953, OTP-18962, OTP-18971, OTP-18974,
OTP-18979, OTP-18982, OTP-18985, OTP-18986,
OTP-18988, OTP-18990, OTP-18991, OTP-18996,
OTP-19002, OTP-19003, OTP-19006, OTP-19007,
OTP-19008, OTP-19009, OTP-19011
Seq num: ERIERL-1041, ERIERL-1049, GH-7911, GH-7924,
GH-7934, GH-7968, GH-8016, GH-8021, GH-8024,
GH-8044, GH-8079, GH-8119, GH-8158, GH-8187,
PR-7750, PR-7930, PR-7932, PR-7933, PR-7945,
PR-7984, PR-8025, PR-8046, PR-8075, PR-8173,
PR-8174, PR-8181, PR-8189, PR-8201
System: OTP
Release: 26
Application: compiler-8.4.2, crypto-5.4.1, erts-14.2.3,
kernel-9.2.2, odbc-2.14.2, public_key-1.15.1,
ssh-5.1.3, ssl-11.1.2, stdlib-5.2.1, wx-2.4.1
Predecessor: OTP 26.2.2
Check out the git tag OTP-26.2.3, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- OTP-26.2.3 ------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-18924 Application(s): otp
Quote uninstall path in registry when installing on
windows.
---------------------------------------------------------------------
--- compiler-8.4.2 --------------------------------------------------
---------------------------------------------------------------------
The compiler-8.4.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19003 Application(s): compiler
Related Id(s): GH-8187, PR-8189
In rare circumstances, an unsafe optimization could
cause the compiler to generate incorrect code for list
matching.
--- Improvements and New Features ---
OTP-18936 Application(s): compiler
Fix the compilation server to restart if the
applications in its lib dir changes inbetween erlc
invokations.
Full runtime dependencies of compiler-8.4.2: crypto-5.1, erts-13.0,
kernel-8.4, stdlib-5.0
---------------------------------------------------------------------
--- crypto-5.4.1 ----------------------------------------------------
---------------------------------------------------------------------
The crypto-5.4.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18921 Application(s): crypto
Fix compile error when OPENSSL_NO_DES is defined.
OTP-18996 Application(s): crypto
Related Id(s): PR-8173, PR-8174
The function crypto:pbkdf2_hmac will no longer block
the main schedulers. If the iteration count or block
size parameters are such that the function is likely to
take a long time to execute, the function will be
scheduled to run on a dirty CPU scheduler.
Full runtime dependencies of crypto-5.4.1: erts-9.0, kernel-5.3,
stdlib-3.9
---------------------------------------------------------------------
--- erts-14.2.3 -----------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.3 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18906 Application(s): erts
Related Id(s): PR-7930
Fixed compile warning in erl_nif.c for gcc-13.
OTP-18907 Application(s): erts
Related Id(s): PR-7932
Fix C++ compile error for macros enif_select_read and
friends.
OTP-18940 Application(s): erts
Related Id(s): GH-8024
Fixed a name clash on Solaris that prevented the JIT
from being built.
OTP-18952 Application(s): erts
Related Id(s): PR-8025
Fix termcap detection on solaris.
OTP-18971 Application(s): erts
Related Id(s): GH-8044
Fix heap corruption bug that could cause runaway memory
consumption due to circular offheap list at process
exit. Other symptoms may also be possible. Bug exists
since OTP 25.0.
OTP-18979 Application(s): erts
Do not clear tracing in old module instance if load
fails with 'not_purged'.
OTP-18982 Application(s): erts
When exceeding the `max_heap_size` limit in a garbage
collection initiated by some bit syntax operations, the
process would not always terminate immediately.
OTP-19006 Application(s): erts
The code server could be hanging if a module with
on_load function was loaded at the same time as another
module was purged using erlang:purge_module directly.
OTP-19008 Application(s): erts
Related Id(s): GH-8119, PR-8201
A process optimized for parallel signal delivery could
under some circumstances lose wakeup information. That
is, the processes was not woken up to take care of the
signal, so the signal would not be taken care of until
the process was woken by another signal. Only processes
configured with message_queue_data set to off_heap
utilize this optimization.
OTP-19009 Application(s): erts
Related Id(s): PR-8181
Fix segfault when generating crashdump containing a fun
places in persistent_term storage.
OTP-19011 Application(s): erts
By default the JIT is disabled on Intel Macs, because
of annoying poups on macOS Sonoma. It is now possible
to explicitly enable the JIT on Intel Macs. Here is
how: ./configure --enable-jit
Full runtime dependencies of erts-14.2.3: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-9.2.2 ----------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18910 Application(s): kernel
Related Id(s): GH-7924, PR-7933
Fix performance bug when using io:fread to read from
standard_io. This regression was introduced in OTP
26.0.
OTP-18948 Application(s): kernel
Related Id(s): PR-8046
A bug in the code server could cause it to crash in
some concurrent scenarios. This bug was introduced in
26.1.
OTP-18990 Application(s): kernel
Related Id(s): GH-8158
Fixed gen_udp:open/2 type spec to include already
supported module socket address types.
OTP-19007 Application(s): kernel, ssh
Related Id(s): ERIERL-1049
Fix reading of password for ssh client when in
user_interactive mode.
Full runtime dependencies of kernel-9.2.2: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- odbc-2.14.2 -----------------------------------------------------
---------------------------------------------------------------------
The odbc-2.14.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Improvements and New Features ---
OTP-18926 Application(s): odbc
Use spec for API doc
Full runtime dependencies of odbc-2.14.2: erts-6.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- public_key-1.15.1 -----------------------------------------------
---------------------------------------------------------------------
The public_key-1.15.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18935 Application(s): public_key
Related Id(s): GH-8021
Hostname prefix with X number of dots should not be
accepted.
Full runtime dependencies of public_key-1.15.1: asn1-3.0, crypto-4.6,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- ssh-5.1.3 -------------------------------------------------------
-----...
OTP 27.0-rc1
OTP 27.0-rc1
Erlang/OTP 27.0-rc1 is the first release candidate of three before the OTP 27.0 release.
The intention with this release is to get feedback from our users.
All feedback is welcome, even if it is only to say that it works for you.
We encourage users to try it out and give us feedback either by creating an issue at
https://github.com/erlang/otp/issues or by
posting to Erlang Forums.
All artifacts for the release can be downloaded from the
Erlang/OTP Github release
and you can view the new documentation at
https://erlang.org/documentation/doc-15.0-rc1/doc.
You can also install the latest release using kerl like this:
kerl build 27.0-rc1 27.0-rc1.
Erlang/OTP 27 is a new major release with new features, improvements
as well as a few incompatibilities. Some of the new features are
highlighted below.
Many thanks to all contributors!
Highlights
Documentation
EEP-59 has been
implemented. Documentation attributes in source files can now be used
to document functions, types, callbacks, and modules.
The entire Erlang/OTP documentation is now using the new documentation
system.
New language features
-
Triple-Quoted Strings has been implemented as per
EEP 64 to allow a string
to encompass a complete paragraph. -
Adjacent string literals without intervening white space is now a syntax
error, to avoid possible confusion with triple-quoted strings. -
Sigils on string literals (both ordinary and triple-quoted) have
been implemented as per
EEP 66. For example,
~"BjΓΆrn"or~b"BjΓΆrn"are now equivalent to<<"BjΓΆrn"/utf8>>.
Compiler and JIT improvements
-
The compiler will now merge consecutive updates of the same record.
-
Safe destructive update of tuples has been implemented in the compiler
and runtime system. This allows the VM to update tuples in-place when it
is safe to do so, thus improving performance by doing less copying but
also by producing less garbage. -
The
maybeexpression is now enabled by default, eliminating the need
for enabling themaybe_exprfeature. -
Native coverage support has been implemented in the JIT. It will
automatically be used by thecovertool to reduce the execution
overhead when running cover-compiled code. There are also new APIs
to support native coverage without using thecovertool. -
The compiler will now raise a warning when updating record/map literals
to catch a common mistake. For example, the compiler will now emit a
warning for#r{a=1}#r{b=2}.
ERTS
-
The
erlcommand now supports the-Sflag, which is similar to
the-runflag, but with some of the rough edges filed off. -
By default, escripts will now be compiled instead of interpreted. That
means that thecompilerapplication must be installed. -
The default process limit has been raised to
1048576processes. -
The
erlang:system_monitor/2functionality is now able to monitor long
message queues in the system. -
The obsolete and undocumented support for opening a port to an external
resource by passing an atom (or a string) as first argument to
open_port(), implemented by the vanilla driver,
has been removed. This feature has been scheduled for removal in OTP 27
since the release of OTP 26. -
The
pidfield has been removed fromerlang:fun_info/1,2. -
Multiple trace sessions are now supported.
STDLIB
-
Several new functions that accept funs have been added to module
timer. -
The functions
is_equal/2,map/2, andfiltermap/2have been added to
the modulessets,ordsets, andgb_sets. -
There are new efficient
etstraversal functions with guaranteed atomicity.
For example,ets:next/2followed byets:lookup/2can now be replaced
withets:next_lookup/1. -
The new function
ets:update_element/4is similar toets:update_element/3,
but takes a default tuple as the fourth argument, which will be inserted
if no previous record with that key exists. -
binary:replace/3,4now supports using a fun for supplying the
replacement binary. -
The new function
proc_lib:set_label/1can be used to add a descriptive
term to any process that does not have a registered name. The name will
be shown by tools such asc:i/0andobserver, and it will be included
in crash reports produced by processes usinggen_server,gen_statem,
gen_event, andgen_fsm. -
Added functions to retrieve the next higher or lower key/element from
gb_treesandgb_sets, as well as returning iterators that start at
given keys/elements.
common_test
-
Calls to
ct:capture_start/0andct:capture_stop/0are now synchronous to
ensure that all output is captured. -
The default CSS will now include a basic dark mode handling if it is
preferred by the browser.
crypto
- The functions
crypto_dyn_iv_init/3andcrypto_dyn_iv_update/3
that were marked as deprecated in Erlang/OTP 25 have been removed.
dialyzer
- The
--guioption for Dialyzer has been removed.
ssl
- The
sslclient can negotiate and handle certificate status request (OCSP
stapling support on the client side).
tools
- There is a new tool
tprof, which combines the functionality ofeprof
andcprofunder one interface. It also adds heap profiling.
xmerl
- As an alternative to
xmerl_xml, a new export modulexmerl_xml_indent
that provides out-of-the box indented output has been added.
For more details about new features and potential incompatibilities see the README.
OTP 24.3.4.16
Patch Package: OTP 24.3.4.16
Git Tag: OTP-24.3.4.16
Date: 2024-02-12
Trouble Report Id: OTP-18911, OTP-18932, OTP-18964
Seq num: ERIERL-1023
System: OTP
Release: 24
Application: common_test-1.22.1.2, erts-12.3.2.16,
ssh-4.13.2.5
Predecessor: OTP 24.3.4.15
Check out the git tag OTP-24.3.4.16, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.22.1.2 --------------------------------------------
---------------------------------------------------------------------
The common_test-1.22.1.2 application can be applied independently of
other applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18932 Application(s): common_test
Fix how CT finds Erlang/OTP releases for compatability
testing. This functionality is only used to test
Erlang/OTP.
Full runtime dependencies of common_test-1.22.1.2: compiler-6.0,
crypto-3.6, debugger-4.1, erts-7.0, ftp-1.0.0, inets-6.0, kernel-4.0,
observer-2.1, runtime_tools-1.8.16, sasl-2.4.2, snmp-5.1.2, ssh-4.0,
stdlib-3.5, syntax_tools-1.7, tools-2.8, xmerl-1.3.8
---------------------------------------------------------------------
--- erts-12.3.2.16 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-12.3.2.16 application *cannot* be applied
independently of other applications on an arbitrary OTP 24
installation.
On a full OTP 24 installation, also the following runtime
dependency has to be satisfied:
-- kernel-8.3 (first satisfied in OTP 24.3)
--- Fixed Bugs and Malfunctions ---
OTP-18911 Application(s): erts
Related Id(s): ERIERL-1023, PR-7983
32-bit runtime systems on most Unix like platforms
could crash if a BIF timer was set with a huge timeout
of more than 68 years into the future. In order for the
crash to occur, the huge timer (at a later time than
when it was set) had to become the nearest active timer
set on the specific scheduler on which it was set. This
could not happen on a system with only one scheduler
since there would always be shorter timers in the
system.
Setting a timer larger than 49 days on Windows could
under rare circumstances cause the timeout to be
delayed.
Full runtime dependencies of erts-12.3.2.16: kernel-8.3, sasl-3.3,
stdlib-3.13
---------------------------------------------------------------------
--- ssh-4.13.2.5 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.13.2.5 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18964 Application(s): ssh
With this change, Curve25519 and Curve448 KEX methods
become most preferred (related to RFC8731).
Full runtime dependencies of ssh-4.13.2.5: crypto-5.0, erts-9.0,
kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.2.2
Patch Package: OTP 26.2.2
Git Tag: OTP-26.2.2
Date: 2024-02-08
Trouble Report Id: OTP-18901, OTP-18911, OTP-18917, OTP-18931,
OTP-18932, OTP-18949, OTP-18957, OTP-18964
Seq num: ERIERL-1023, GH-7978, GH-7987, GH-8051
System: OTP
Release: 26
Application: common_test-1.26.1, erl_interface-5.5.1,
erts-14.2.2, kernel-9.2.1, ssh-5.1.2,
ssl-11.1.1
Predecessor: OTP 26.2.1
Check out the git tag OTP-26.2.2, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.26.1 ----------------------------------------------
---------------------------------------------------------------------
The common_test-1.26.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18932 Application(s): common_test
Fix how CT finds Erlang/OTP releases for compatability
testing. This functionality is only used to test
Erlang/OTP.
Full runtime dependencies of common_test-1.26.1: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- erl_interface-5.5.1 ---------------------------------------------
---------------------------------------------------------------------
The erl_interface-5.5.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18931 Application(s): erl_interface, erts
Related Id(s): GH-7987, PR-7989
Fix bug where the system installed openssl/md5.h would
be confused with the vendored md5.h.
---------------------------------------------------------------------
--- erts-14.2.2 -----------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18911 Application(s): erts
Related Id(s): ERIERL-1023, PR-7983
32-bit runtime systems on most Unix like platforms
could crash if a BIF timer was set with a huge timeout
of more than 68 years into the future. In order for the
crash to occur, the huge timer (at a later time than
when it was set) had to become the nearest active timer
set on the specific scheduler on which it was set. This
could not happen on a system with only one scheduler
since there would always be shorter timers in the
system.
Setting a timer larger than 49 days on Windows could
under rare circumstances cause the timeout to be
delayed.
OTP-18931 Application(s): erl_interface, erts
Related Id(s): GH-7987, PR-7989
Fix bug where the system installed openssl/md5.h would
be confused with the vendored md5.h.
OTP-18949 Application(s): erts
The JIT has now been disabled on x86 Macs to prevent
annoying the "verifying shm-xyz" popups introduced in
MacOS Sonoma.
ARM Macs are unaffected.
OTP-18957 Application(s): erts
Related Id(s): GH-8051, OTP-18841, PR-8088
Garbage collection of a process on a dirty scheduler
could collide with signal handling for that process
causing a crash of the runtime system. This bug was
introduced in OTP 25.3.2.8 and OTP 26.2.
Full runtime dependencies of erts-14.2.2: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-9.2.1 ----------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18901 Application(s): kernel
Fix group (that is the shell) to properly handle when
an get_until callback function returned {done, eof, []}
when an eof was detected.
Full runtime dependencies of kernel-9.2.1: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- ssh-5.1.2 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18964 Application(s): ssh
With this change, Curve25519 and Curve448 KEX methods
become most preferred (related to RFC8731).
Full runtime dependencies of ssh-5.1.2: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
--- ssl-11.1.1 ------------------------------------------------------
---------------------------------------------------------------------
The ssl-11.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18917 Application(s): ssl
Related Id(s): GH-7978
Legacy name handling could cause interop problems
between TLS-1.3/1.2 client and TLS-1.2 server.
Full runtime dependencies of ssl-11.1.1: crypto-5.0, erts-14.0,
inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-4.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 25.3.2.9
Patch Package: OTP 25.3.2.9
Git Tag: OTP-25.3.2.9
Date: 2024-02-08
Trouble Report Id: OTP-18911, OTP-18932, OTP-18957, OTP-18964
Seq num: ERIERL-1023, GH-8051
System: OTP
Release: 25
Application: common_test-1.24.0.2, erts-13.2.2.6,
ssh-4.15.3.2
Predecessor: OTP 25.3.2.8
Check out the git tag OTP-25.3.2.9, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.24.0.2 --------------------------------------------
---------------------------------------------------------------------
The common_test-1.24.0.2 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18932 Application(s): common_test
Fix how CT finds Erlang/OTP releases for compatability
testing. This functionality is only used to test
Erlang/OTP.
Full runtime dependencies of common_test-1.24.0.2: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- erts-13.2.2.6 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.6 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18911 Application(s): erts
Related Id(s): ERIERL-1023, PR-7983
32-bit runtime systems on most Unix like platforms
could crash if a BIF timer was set with a huge timeout
of more than 68 years into the future. In order for the
crash to occur, the huge timer (at a later time than
when it was set) had to become the nearest active timer
set on the specific scheduler on which it was set. This
could not happen on a system with only one scheduler
since there would always be shorter timers in the
system.
Setting a timer larger than 49 days on Windows could
under rare circumstances cause the timeout to be
delayed.
OTP-18957 Application(s): erts
Related Id(s): GH-8051, OTP-18841, PR-8088
Garbage collection of a process on a dirty scheduler
could collide with signal handling for that process
causing a crash of the runtime system. This bug was
introduced in OTP 25.3.2.8 and OTP 26.2.
Full runtime dependencies of erts-13.2.2.6: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- ssh-4.15.3.2 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.15.3.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18964 Application(s): ssh
With this change, Curve25519 and Curve448 KEX methods
become most preferred (related to RFC8731).
Full runtime dependencies of ssh-4.15.3.2: crypto-5.0, erts-11.0,
kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.2.1
Patch Package: OTP 26.2.1
Git Tag: OTP-26.2.1
Date: 2023-12-18
Trouble Report Id: OTP-18897, OTP-18902, OTP-18903
Seq num:
System: OTP
Release: 26
Application: erts-14.2.1, ssh-5.1.1
Predecessor: OTP 26.2
Check out the git tag OTP-26.2.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
---------------------------------------------------------------------
--- OTP-26.2.1 ------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-18903 Application(s): otp
Updated copyright and license information.
---------------------------------------------------------------------
--- erts-14.2.1 -----------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18902 Application(s): erts
Removed unnecessary PCRE source tar-ball.
Full runtime dependencies of erts-14.2.1: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- ssh-5.1.1 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18897 Application(s): ssh
*** POTENTIAL INCOMPATIBILITY ***
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
Full runtime dependencies of ssh-5.1.1: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 25.3.2.8
Patch Package: OTP 25.3.2.8
Git Tag: OTP-25.3.2.8
Date: 2023-12-18
Trouble Report Id: OTP-18739, OTP-18768, OTP-18802, OTP-18830,
OTP-18838, OTP-18839, OTP-18841, OTP-18842,
OTP-18844, OTP-18850, OTP-18869, OTP-18877,
OTP-18885, OTP-18886, OTP-18896, OTP-18897,
OTP-18899, OTP-18902
Seq num: GH-7571, GH-7801, GH-7834, GH-7890
System: OTP
Release: 25
Application: asn1-5.0.21.1, erl_interface-5.3.2.1,
erts-13.2.2.5, mnesia-4.21.4.2,
public_key-1.13.3.2, ssh-4.15.3.1,
ssl-10.9.1.3, wx-2.2.2.1
Predecessor: OTP 25.3.2.7
Check out the git tag OTP-25.3.2.8, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
---------------------------------------------------------------------
--- OTP-25.3.2.8 ----------------------------------------------------
---------------------------------------------------------------------
--- Improvements and New Features ---
OTP-18896 Application(s): otp
Updated copyright and license information.
---------------------------------------------------------------------
--- asn1-5.0.21.1 ---------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.21.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18844 Application(s): asn1
Fix benign warning from gcc 11 about mismatching call
to free().
Full runtime dependencies of asn1-5.0.21.1: erts-11.0, kernel-7.0,
stdlib-3.13
---------------------------------------------------------------------
--- erl_interface-5.3.2.1 -------------------------------------------
---------------------------------------------------------------------
The erl_interface-5.3.2.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18877 Application(s): erl_interface, erts
Replaced old md5 implementation with an implementation
from OpenSSL.
---------------------------------------------------------------------
--- erts-13.2.2.5 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.5 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18802 Application(s): erts
Fix faulty debug assert when page size is larger than
16kb, like on PowerPC. Did crash debug VM directly at
start.
OTP-18838 Application(s): erts
Related Id(s): GH-7801, PR-7822
A process with message_queue_data configured as
off_heap could end up in an inconsistent state when
being receive traced, inspected using process_info/2
with the message_queue_len item, or inspected using the
break menu (CTRL-C). When it ended up in this
inconsistent state, it was not enqueued into a run
queue even though it was set in a runnable state.This
also effected signals being sent to the process after
it had gotten into this inconsistent state, in such a
way that it was from this point not possible to
communicate with it.
OTP-18839 Application(s): erts
Related Id(s): GH-7801, PR-7822
A race occurring when a process was selected for dirty
execution simultaneously as it was scheduled for
handling a signal could cause the process to end up in
an inconsistent state. When it ended up in this
inconsistent state, it was not enqueued into a run
queue even though it was set in a runnable state. This
also effected signals being sent to the process after
it had gotten into this inconsistent state, in such a
way that it was from this point not possible to
communicate with it.
OTP-18841 Application(s): erts
Related Id(s): GH-7801, OTP-18737, PR-7822
When a process had to to wait in the run queue for a
long time before being selected for dirty execution, it
could not receive signals. This caused inspection of
such a process, for example using process_info/2, to
take a long time.
This issue was introduced in OTP 25.3.2.6 and 26.1 when
fixing an issue where a constant flow of signals
prevented a process from being able to execute dirty.
OTP-18842 Application(s): erts
Fixed a bug in the JIT that miscompiled large
select_val instructions.
OTP-18885 Application(s): erts
Related Id(s): GH-7834, GH-7890, PR-7915
On OTP 24 and OTP 25, incoming distributed messages
larger than 64 KiB sent using an alias leaked memory if
the alias had been removed prior to entering the node.
This issue was not present on OTP 26.
Incoming distributed messages larger than 64 KiB sent
using an alias which had been removed on the receiving
node could crash the node. This crash was quite
unlikely on OTP 24 and OTP 25, but very likely on OTP
26.
'DOWN' signals with exit reason larger than 64 KiB
directed towards a process on a node with a not
matching creation leaked memory on the receiving node.
Such signals should however be very rare.
OTP-18902 Application(s): erts
Removed unnecessary PCRE source tar-ball.
--- Improvements and New Features ---
OTP-18830 Application(s): erts
Related Id(s): PR-7823
Removed unnecessary regexp library used when generating
yielding BIFs.
OTP-18877 Application(s): erl_interface, erts
Replaced old md5 implementation with an implementation
from OpenSSL.
OTP-18899 Application(s): erts
Removed unused makewhatis script.
Full runtime dependencies of erts-13.2.2.5: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- mnesia-4.21.4.2 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.21.4.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18850 Application(s): mnesia
mnesia:add_table_copy/3 no longer fails with reason
system_limit when the node is starting.
Full runtime dependencies of mnesia-4.21.4.2: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- public_key-1.13.3.2 ---------------------------------------------
---------------------------------------------------------------------
The public_key-1.13.3.2 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18739 Application(s): public_key, ssl
ssl application will validate id-kp-serverAuth and
id-kp-clientAuth extended key usage only in end entity
certificates. public_key application will disallow
"anyExtendedKeyUsage" for CA certificates that includes
the extended key usage extension and marks it critical.
Full runtime dependencies of public_key-1.13.3.2: asn1-3.0,
crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- ssh-4.15.3.1 --------------------------------------------------...