Releases: erlang/otp
Releases · erlang/otp
OTP 26.2.2
Patch Package: OTP 26.2.2
Git Tag: OTP-26.2.2
Date: 2024-02-08
Trouble Report Id: OTP-18901, OTP-18911, OTP-18917, OTP-18931,
OTP-18932, OTP-18949, OTP-18957, OTP-18964
Seq num: ERIERL-1023, GH-7978, GH-7987, GH-8051
System: OTP
Release: 26
Application: common_test-1.26.1, erl_interface-5.5.1,
erts-14.2.2, kernel-9.2.1, ssh-5.1.2,
ssl-11.1.1
Predecessor: OTP 26.2.1
Check out the git tag OTP-26.2.2, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.26.1 ----------------------------------------------
---------------------------------------------------------------------
The common_test-1.26.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18932 Application(s): common_test
Fix how CT finds Erlang/OTP releases for compatability
testing. This functionality is only used to test
Erlang/OTP.
Full runtime dependencies of common_test-1.26.1: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- erl_interface-5.5.1 ---------------------------------------------
---------------------------------------------------------------------
The erl_interface-5.5.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18931 Application(s): erl_interface, erts
Related Id(s): GH-7987, PR-7989
Fix bug where the system installed openssl/md5.h would
be confused with the vendored md5.h.
---------------------------------------------------------------------
--- erts-14.2.2 -----------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18911 Application(s): erts
Related Id(s): ERIERL-1023, PR-7983
32-bit runtime systems on most Unix like platforms
could crash if a BIF timer was set with a huge timeout
of more than 68 years into the future. In order for the
crash to occur, the huge timer (at a later time than
when it was set) had to become the nearest active timer
set on the specific scheduler on which it was set. This
could not happen on a system with only one scheduler
since there would always be shorter timers in the
system.
Setting a timer larger than 49 days on Windows could
under rare circumstances cause the timeout to be
delayed.
OTP-18931 Application(s): erl_interface, erts
Related Id(s): GH-7987, PR-7989
Fix bug where the system installed openssl/md5.h would
be confused with the vendored md5.h.
OTP-18949 Application(s): erts
The JIT has now been disabled on x86 Macs to prevent
annoying the "verifying shm-xyz" popups introduced in
MacOS Sonoma.
ARM Macs are unaffected.
OTP-18957 Application(s): erts
Related Id(s): GH-8051, OTP-18841, PR-8088
Garbage collection of a process on a dirty scheduler
could collide with signal handling for that process
causing a crash of the runtime system. This bug was
introduced in OTP 25.3.2.8 and OTP 26.2.
Full runtime dependencies of erts-14.2.2: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-9.2.1 ----------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18901 Application(s): kernel
Fix group (that is the shell) to properly handle when
an get_until callback function returned {done, eof, []}
when an eof was detected.
Full runtime dependencies of kernel-9.2.1: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- ssh-5.1.2 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18964 Application(s): ssh
With this change, Curve25519 and Curve448 KEX methods
become most preferred (related to RFC8731).
Full runtime dependencies of ssh-5.1.2: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
--- ssl-11.1.1 ------------------------------------------------------
---------------------------------------------------------------------
The ssl-11.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18917 Application(s): ssl
Related Id(s): GH-7978
Legacy name handling could cause interop problems
between TLS-1.3/1.2 client and TLS-1.2 server.
Full runtime dependencies of ssl-11.1.1: crypto-5.0, erts-14.0,
inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-4.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 25.3.2.9
Patch Package: OTP 25.3.2.9
Git Tag: OTP-25.3.2.9
Date: 2024-02-08
Trouble Report Id: OTP-18911, OTP-18932, OTP-18957, OTP-18964
Seq num: ERIERL-1023, GH-8051
System: OTP
Release: 25
Application: common_test-1.24.0.2, erts-13.2.2.6,
ssh-4.15.3.2
Predecessor: OTP 25.3.2.8
Check out the git tag OTP-25.3.2.9, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.24.0.2 --------------------------------------------
---------------------------------------------------------------------
The common_test-1.24.0.2 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18932 Application(s): common_test
Fix how CT finds Erlang/OTP releases for compatability
testing. This functionality is only used to test
Erlang/OTP.
Full runtime dependencies of common_test-1.24.0.2: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- erts-13.2.2.6 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.6 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18911 Application(s): erts
Related Id(s): ERIERL-1023, PR-7983
32-bit runtime systems on most Unix like platforms
could crash if a BIF timer was set with a huge timeout
of more than 68 years into the future. In order for the
crash to occur, the huge timer (at a later time than
when it was set) had to become the nearest active timer
set on the specific scheduler on which it was set. This
could not happen on a system with only one scheduler
since there would always be shorter timers in the
system.
Setting a timer larger than 49 days on Windows could
under rare circumstances cause the timeout to be
delayed.
OTP-18957 Application(s): erts
Related Id(s): GH-8051, OTP-18841, PR-8088
Garbage collection of a process on a dirty scheduler
could collide with signal handling for that process
causing a crash of the runtime system. This bug was
introduced in OTP 25.3.2.8 and OTP 26.2.
Full runtime dependencies of erts-13.2.2.6: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- ssh-4.15.3.2 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.15.3.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18964 Application(s): ssh
With this change, Curve25519 and Curve448 KEX methods
become most preferred (related to RFC8731).
Full runtime dependencies of ssh-4.15.3.2: crypto-5.0, erts-11.0,
kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.2.1
Patch Package: OTP 26.2.1
Git Tag: OTP-26.2.1
Date: 2023-12-18
Trouble Report Id: OTP-18897, OTP-18902, OTP-18903
Seq num:
System: OTP
Release: 26
Application: erts-14.2.1, ssh-5.1.1
Predecessor: OTP 26.2
Check out the git tag OTP-26.2.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
---------------------------------------------------------------------
--- OTP-26.2.1 ------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-18903 Application(s): otp
Updated copyright and license information.
---------------------------------------------------------------------
--- erts-14.2.1 -----------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18902 Application(s): erts
Removed unnecessary PCRE source tar-ball.
Full runtime dependencies of erts-14.2.1: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- ssh-5.1.1 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18897 Application(s): ssh
*** POTENTIAL INCOMPATIBILITY ***
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
Full runtime dependencies of ssh-5.1.1: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 25.3.2.8
Patch Package: OTP 25.3.2.8
Git Tag: OTP-25.3.2.8
Date: 2023-12-18
Trouble Report Id: OTP-18739, OTP-18768, OTP-18802, OTP-18830,
OTP-18838, OTP-18839, OTP-18841, OTP-18842,
OTP-18844, OTP-18850, OTP-18869, OTP-18877,
OTP-18885, OTP-18886, OTP-18896, OTP-18897,
OTP-18899, OTP-18902
Seq num: GH-7571, GH-7801, GH-7834, GH-7890
System: OTP
Release: 25
Application: asn1-5.0.21.1, erl_interface-5.3.2.1,
erts-13.2.2.5, mnesia-4.21.4.2,
public_key-1.13.3.2, ssh-4.15.3.1,
ssl-10.9.1.3, wx-2.2.2.1
Predecessor: OTP 25.3.2.7
Check out the git tag OTP-25.3.2.8, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
---------------------------------------------------------------------
--- OTP-25.3.2.8 ----------------------------------------------------
---------------------------------------------------------------------
--- Improvements and New Features ---
OTP-18896 Application(s): otp
Updated copyright and license information.
---------------------------------------------------------------------
--- asn1-5.0.21.1 ---------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.21.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18844 Application(s): asn1
Fix benign warning from gcc 11 about mismatching call
to free().
Full runtime dependencies of asn1-5.0.21.1: erts-11.0, kernel-7.0,
stdlib-3.13
---------------------------------------------------------------------
--- erl_interface-5.3.2.1 -------------------------------------------
---------------------------------------------------------------------
The erl_interface-5.3.2.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18877 Application(s): erl_interface, erts
Replaced old md5 implementation with an implementation
from OpenSSL.
---------------------------------------------------------------------
--- erts-13.2.2.5 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.5 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18802 Application(s): erts
Fix faulty debug assert when page size is larger than
16kb, like on PowerPC. Did crash debug VM directly at
start.
OTP-18838 Application(s): erts
Related Id(s): GH-7801, PR-7822
A process with message_queue_data configured as
off_heap could end up in an inconsistent state when
being receive traced, inspected using process_info/2
with the message_queue_len item, or inspected using the
break menu (CTRL-C). When it ended up in this
inconsistent state, it was not enqueued into a run
queue even though it was set in a runnable state.This
also effected signals being sent to the process after
it had gotten into this inconsistent state, in such a
way that it was from this point not possible to
communicate with it.
OTP-18839 Application(s): erts
Related Id(s): GH-7801, PR-7822
A race occurring when a process was selected for dirty
execution simultaneously as it was scheduled for
handling a signal could cause the process to end up in
an inconsistent state. When it ended up in this
inconsistent state, it was not enqueued into a run
queue even though it was set in a runnable state. This
also effected signals being sent to the process after
it had gotten into this inconsistent state, in such a
way that it was from this point not possible to
communicate with it.
OTP-18841 Application(s): erts
Related Id(s): GH-7801, OTP-18737, PR-7822
When a process had to to wait in the run queue for a
long time before being selected for dirty execution, it
could not receive signals. This caused inspection of
such a process, for example using process_info/2, to
take a long time.
This issue was introduced in OTP 25.3.2.6 and 26.1 when
fixing an issue where a constant flow of signals
prevented a process from being able to execute dirty.
OTP-18842 Application(s): erts
Fixed a bug in the JIT that miscompiled large
select_val instructions.
OTP-18885 Application(s): erts
Related Id(s): GH-7834, GH-7890, PR-7915
On OTP 24 and OTP 25, incoming distributed messages
larger than 64 KiB sent using an alias leaked memory if
the alias had been removed prior to entering the node.
This issue was not present on OTP 26.
Incoming distributed messages larger than 64 KiB sent
using an alias which had been removed on the receiving
node could crash the node. This crash was quite
unlikely on OTP 24 and OTP 25, but very likely on OTP
26.
'DOWN' signals with exit reason larger than 64 KiB
directed towards a process on a node with a not
matching creation leaked memory on the receiving node.
Such signals should however be very rare.
OTP-18902 Application(s): erts
Removed unnecessary PCRE source tar-ball.
--- Improvements and New Features ---
OTP-18830 Application(s): erts
Related Id(s): PR-7823
Removed unnecessary regexp library used when generating
yielding BIFs.
OTP-18877 Application(s): erl_interface, erts
Replaced old md5 implementation with an implementation
from OpenSSL.
OTP-18899 Application(s): erts
Removed unused makewhatis script.
Full runtime dependencies of erts-13.2.2.5: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- mnesia-4.21.4.2 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.21.4.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18850 Application(s): mnesia
mnesia:add_table_copy/3 no longer fails with reason
system_limit when the node is starting.
Full runtime dependencies of mnesia-4.21.4.2: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- public_key-1.13.3.2 ---------------------------------------------
---------------------------------------------------------------------
The public_key-1.13.3.2 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18739 Application(s): public_key, ssl
ssl application will validate id-kp-serverAuth and
id-kp-clientAuth extended key usage only in end entity
certificates. public_key application will disallow
"anyExtendedKeyUsage" for CA certificates that includes
the extended key usage extension and marks it critical.
Full runtime dependencies of public_key-1.13.3.2: asn1-3.0,
crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- ssh-4.15.3.1 --------------------------------------------------...
OTP 24.3.4.15
Patch Package: OTP 24.3.4.15
Git Tag: OTP-24.3.4.15
Date: 2023-12-18
Trouble Report Id: OTP-18802, OTP-18830, OTP-18844, OTP-18850,
OTP-18869, OTP-18877, OTP-18885, OTP-18896,
OTP-18897, OTP-18899, OTP-18902
Seq num: GH-7571, GH-7834, GH-7890
System: OTP
Release: 24
Application: asn1-5.0.18.2, erl_interface-5.2.2.1,
erts-12.3.2.15, mnesia-4.20.4.4, ssh-4.13.2.4
Predecessor: OTP 24.3.4.14
Check out the git tag OTP-24.3.4.15, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18897 Application(s): ssh
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
---------------------------------------------------------------------
--- OTP-24.3.4.15 ---------------------------------------------------
---------------------------------------------------------------------
--- Improvements and New Features ---
OTP-18896 Application(s): otp
Updated copyright and license information.
---------------------------------------------------------------------
--- asn1-5.0.18.2 ---------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.18.2 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18844 Application(s): asn1
Fix benign warning from gcc 11 about mismatching call
to free().
Full runtime dependencies of asn1-5.0.18.2: erts-11.0, kernel-7.0,
stdlib-3.13
---------------------------------------------------------------------
--- erl_interface-5.2.2.1 -------------------------------------------
---------------------------------------------------------------------
The erl_interface-5.2.2.1 application can be applied independently of
other applications on a full OTP 24 installation.
--- Improvements and New Features ---
OTP-18877 Application(s): erl_interface, erts
Replaced old md5 implementation with an implementation
from OpenSSL.
---------------------------------------------------------------------
--- erts-12.3.2.15 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-12.3.2.15 application *cannot* be applied
independently of other applications on an arbitrary OTP 24
installation.
On a full OTP 24 installation, also the following runtime
dependency has to be satisfied:
-- kernel-8.3 (first satisfied in OTP 24.3)
--- Fixed Bugs and Malfunctions ---
OTP-18802 Application(s): erts
Fix faulty debug assert when page size is larger than
16kb, like on PowerPC. Did crash debug VM directly at
start.
OTP-18885 Application(s): erts
Related Id(s): GH-7834, GH-7890, PR-7915
On OTP 24 and OTP 25, incoming distributed messages
larger than 64 KiB sent using an alias leaked memory if
the alias had been removed prior to entering the node.
This issue was not present on OTP 26.
Incoming distributed messages larger than 64 KiB sent
using an alias which had been removed on the receiving
node could crash the node. This crash was quite
unlikely on OTP 24 and OTP 25, but very likely on OTP
26.
'DOWN' signals with exit reason larger than 64 KiB
directed towards a process on a node with a not
matching creation leaked memory on the receiving node.
Such signals should however be very rare.
OTP-18902 Application(s): erts
Removed unnecessary PCRE source tar-ball.
--- Improvements and New Features ---
OTP-18830 Application(s): erts
Related Id(s): PR-7823
Removed unnecessary regexp library used when generating
yielding BIFs.
OTP-18877 Application(s): erl_interface, erts
Replaced old md5 implementation with an implementation
from OpenSSL.
OTP-18899 Application(s): erts
Removed unused makewhatis script.
Full runtime dependencies of erts-12.3.2.15: kernel-8.3, sasl-3.3,
stdlib-3.13
---------------------------------------------------------------------
--- mnesia-4.20.4.4 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.20.4.4 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18850 Application(s): mnesia
mnesia:add_table_copy/3 no longer fails with reason
system_limit when the node is starting.
Full runtime dependencies of mnesia-4.20.4.4: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- ssh-4.13.2.4 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.13.2.4 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18869 Application(s): ssh
Related Id(s): GH-7571, PR-7849
With this change, connection handler does not execute
socket operations until it becomes socket owner.
Previously errors could occur if connection handler
tried to work with socket whose owner exited.
OTP-18897 Application(s): ssh
*** POTENTIAL INCOMPATIBILITY ***
With this change (being response to CVE-2023-48795),
ssh can negotiate "strict KEX" OpenSSH extension with
peers supporting it; also
'[email protected]' algorithm becomes a
less preferred cipher.
If strict KEX availability cannot be ensured on both
connection sides, affected encryption modes(CHACHA and
CBC) can be disabled with standard ssh configuration.
This will provide protection against vulnerability, but
at a cost of affecting interoperability. See
Configuring algorithms in SSH.
Full runtime dependencies of ssh-4.13.2.4: crypto-5.0, erts-9.0,
kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.2
Patch Package: OTP 26.2
Git Tag: OTP-26.2
Date: 2023-12-13
Trouble Report Id: OTP-16607, OTP-17844, OTP-18728, OTP-18730,
OTP-18735, OTP-18739, OTP-18749, OTP-18751,
OTP-18760, OTP-18762, OTP-18764, OTP-18765,
OTP-18767, OTP-18771, OTP-18772, OTP-18775,
OTP-18776, OTP-18777, OTP-18782, OTP-18798,
OTP-18799, OTP-18800, OTP-18802, OTP-18810,
OTP-18811, OTP-18812, OTP-18814, OTP-18815,
OTP-18817, OTP-18818, OTP-18821, OTP-18822,
OTP-18823, OTP-18824, OTP-18826, OTP-18827,
OTP-18828, OTP-18829, OTP-18830, OTP-18832,
OTP-18833, OTP-18836, OTP-18838, OTP-18839,
OTP-18840, OTP-18841, OTP-18842, OTP-18843,
OTP-18844, OTP-18850, OTP-18853, OTP-18854,
OTP-18855, OTP-18857, OTP-18858, OTP-18861,
OTP-18866, OTP-18867, OTP-18868, OTP-18869,
OTP-18871, OTP-18872, OTP-18873, OTP-18877,
OTP-18880, OTP-18882, OTP-18883, OTP-18885,
OTP-18886, OTP-18888, OTP-18891, OTP-18893,
OTP-18895, OTP-18896, OTP-18899
Seq num: ERIERL-738, ERIERL-994, ERIERL-997, GH-7515,
GH-7548, GH-7571, GH-7580, GH-7591, GH-7608,
GH-7621, GH-7625, GH-7676, GH-7685, GH-7735,
GH-7736, GH-7766, GH-7795, GH-7801, GH-7827,
GH-7832, GH-7834, GH-7838, GH-7875, GH-7890,
GH-7914
System: OTP
Release: 26
Application: asn1-5.2.1, common_test-1.26, crypto-5.4,
debugger-5.3.3, dialyzer-5.1.2,
diameter-2.3.1, edoc-1.2.1, eldap-1.2.12,
erl_docgen-1.5.2, erl_interface-5.5,
erts-14.2, eunit-2.9, ftp-1.2.1, inets-9.1,
kernel-9.2, mnesia-4.23, os_mon-2.9.1,
public_key-1.15, runtime_tools-2.0.1,
ssh-5.1, ssl-11.1, stdlib-5.2, tftp-1.1.1,
wx-2.4, xmerl-1.3.34
Predecessor: OTP 26.1.2
Check out the git tag OTP-26.2, and build a full OTP system including
documentation. Apply one or more applications from this build as
patches to your installation using the 'otp_patch_apply' tool. For
information on install requirements, see descriptions for each
application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18728 Application(s): common_test
Related Id(s): PR-7487, PR-7674
With this change, common_test returns an error when
suite with a badly defined group is executed.
---------------------------------------------------------------------
--- OTP-26.2 --------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-18815 Application(s): diameter, erts, ftp, inets, kernel,
otp, ssh, ssl, stdlib, tftp
Related Id(s): PR-7780
Replaced unintentional Erlang Public License 1.1
headers in some files with the intended Apache License
2.0 header.
--- Improvements and New Features ---
OTP-18840 Application(s): otp, stdlib
Related Id(s): PR-7629
The removal of the deprecated slave module, originally
planned for OTP 27, has been postponed to OTP 29.
OTP-18896 Application(s): otp
Updated copyright and license information.
---------------------------------------------------------------------
--- asn1-5.2.1 ------------------------------------------------------
---------------------------------------------------------------------
The asn1-5.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18844 Application(s): asn1
Fix benign warning from gcc 11 about mismatching call
to free().
Full runtime dependencies of asn1-5.2.1: erts-11.0, kernel-7.0,
stdlib-3.13
---------------------------------------------------------------------
--- common_test-1.26 ------------------------------------------------
---------------------------------------------------------------------
The common_test-1.26 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18728 Application(s): common_test
Related Id(s): PR-7487, PR-7674
*** POTENTIAL INCOMPATIBILITY ***
With this change, common_test returns an error when
suite with a badly defined group is executed.
OTP-18760 Application(s): common_test
With this change, stylesheet option is applied to all
HTML report pages.
OTP-18799 Application(s): common_test, erl_docgen, xmerl
Related Id(s): PR-7695
Update all <tt> html tags to be <code> instead.
--- Improvements and New Features ---
OTP-18858 Application(s): common_test
Related Id(s): PR-7825
This change fixes docs, so that historically deprecated
?config macro is no longer recommended to be used.
Full runtime dependencies of common_test-1.26: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- crypto-5.4 ------------------------------------------------------
---------------------------------------------------------------------
The crypto-5.4 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18895 Application(s): crypto, erl_interface, os_mon,
runtime_tools
Fixed some benign compile warnings on Windows.
--- Improvements and New Features ---
OTP-18832 Application(s): crypto
Related Id(s): PR-7763
Enable engine support for OpenSSL versions 3.
Full runtime dependencies of crypto-5.4: erts-9.0, kernel-5.3,
stdlib-3.9
---------------------------------------------------------------------
--- debugger-5.3.3 --------------------------------------------------
---------------------------------------------------------------------
The debugger-5.3.3 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18888 Application(s): debugger
Related Id(s): GH-7914
Map comprehensions now work in the Debugger.
Full runtime dependencies of debugger-5.3.3: compiler-8.0, erts-12.0,
kernel-8.0, stdlib-3.15, wx-2.0
---------------------------------------------------------------------
--- dialyzer-5.1.2 --------------------------------------------------
---------------------------------------------------------------------
The dialyzer-5.1.2 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18767 Application(s): dialyzer
Related Id(s): PR-7657
Fix dialyzer --output flag to work. This option was
accidentally removed in OTP 26.0.
OTP-18772 Application(s): dialyzer
Related Id(s): GH-7676
Fixed a crash in contract checking relating to opaque
types.
Full runtime dependencies of dialyzer-5.1.2: compiler-8.0, erts-12.0,
kernel-8.0, stdlib-5.0, syntax_tools-2.0, wx-2.0
---------------------------------------------------------------------
--- diameter-2.3.1 --------------------------------------------------
---------------------------------------------------------------------
The diameter-2.3.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18815 Application(s): diameter, erts, ftp, inets, kernel,
otp, ssh, ssl, stdlib, tftp
Related Id(s): PR-7780
Replaced unintentional Erlang Public License 1.1
headers in some files with the intended Apache License
2.0 header.
Full runtime dependencies of diameter-2.3.1: erts-10.0, kernel-3.2,
ssl-9.0, stdlib-5.0
---------------------------------------------------------------------
--- edoc-1.2.1 ------------------------------------------------------
---------------------------------------------------------------------
The edoc-1.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18782 Application(s): edoc
Related Id(s): PR-7643
Emit <code> instead of <tt>.
Full runtime dependencies of edoc-1.2.1: erts-6.0, inets-5.10,
kernel-3.0, stdlib-3.15, syntax_tools-2.0, xmerl-1.3.7
---------------------------------------------------------------------
--- eldap-1.2.12 ----------------------------------------------------
---------------------------------------------------------------------
T...
OTP 25.3.2.7
Patch Package: OTP 25.3.2.7
Git Tag: OTP-25.3.2.7
Date: 2023-10-12
Trouble Report Id: OTP-18773, OTP-18790, OTP-18792, OTP-18797
Seq num: GH-7683, GH-7687
System: OTP
Release: 25
Application: erts-13.2.2.4, stdlib-4.3.1.3
Predecessor: OTP 25.3.2.6
Check out the git tag OTP-25.3.2.7, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- erts-13.2.2.4 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.4 application *cannot* be applied independently
of other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18790 Application(s): erts
Related Id(s): PR-7742
If the external term format encoding of an argument
list part of a distributed spawn operation was faulty,
the newly spawned remote process could misbehave. The
misbehavior included hanging or interpret an incoming
message as an argument list to use. This was very
unlikely to happen unless using an alternate
implementation of the distribution protocol which made
a faulty encoding of the argument list. The child
process will now detect this error and terminate before
executing the user specified code.
OTP-18792 Application(s): erts
Related Id(s): GH-7687
On Apple Silicon Macs running macOS Sonoma, the runtime
system with the JIT enabled would crash. Therefore, the
configure script will by default now disable the JIT on
Macs with Apple Silicon. When building for earlier
versions of macOS, the JIT can be explicitly enabled by
passing --enable-jit to the configure script.
OTP-18797 Application(s): erts
Related Id(s): GH-7683, PR-7712
Fix bugs where if the body of a matchspec would return
a map with a variable ('$1', '$_' etc) as one of the
keys or values and the variable was not an immidiate,
the term would not be copied to the receiving processes
heap. This would later corrupt the term in the table as
the GC could place move markers in it, which in turn
would cause the VM to crash.
Bug has been present for since OTP 17.0.
Full runtime dependencies of erts-13.2.2.4: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- stdlib-4.3.1.3 --------------------------------------------------
---------------------------------------------------------------------
Note! The stdlib-4.3.1.3 application *cannot* be applied
independently of other applications on an arbitrary OTP 25
installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- erts-13.1 (first satisfied in OTP 25.1)
-- kernel-8.5.1 (first satisfied in OTP 25.1.1)
--- Improvements and New Features ---
OTP-18773 Application(s): stdlib
Related Id(s): PR-7691
Garbage collect the shell process when reducing the
amount of saved history and results.
Full runtime dependencies of stdlib-4.3.1.3: compiler-5.0,
crypto-4.5, erts-13.1, kernel-8.5.1, sasl-3.0
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.1.2
Patch Package: OTP 26.1.2
Git Tag: OTP-26.1.2
Date: 2023-10-12
Trouble Report Id: OTP-18790, OTP-18797, OTP-18803
Seq num: GH-7683
System: OTP
Release: 26
Application: erts-14.1.1, xmerl-1.3.33
Predecessor: OTP 26.1.1
Check out the git tag OTP-26.1.2, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- OTP-26.1.2 ------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-18803 Application(s): otp, xmerl
The xmerl version 1.3.32 was released in OTP 26.0.1,
but the incorrect version number of 1.3.31.1 was used
for it. This incorrect version number continued to
appear in OTP 26.0.2, OTP 26.1, and OTP 26.1.1. The
actual xmerl code in these OTP versions however
corresponds to xmerl version 1.3.32.
---------------------------------------------------------------------
--- erts-14.1.1 -----------------------------------------------------
---------------------------------------------------------------------
The erts-14.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18790 Application(s): erts
Related Id(s): PR-7742
If the external term format encoding of an argument
list part of a distributed spawn operation was faulty,
the newly spawned remote process could misbehave. The
misbehavior included hanging or interpret an incoming
message as an argument list to use. This was very
unlikely to happen unless using an alternate
implementation of the distribution protocol which made
a faulty encoding of the argument list. The child
process will now detect this error and terminate before
executing the user specified code.
OTP-18797 Application(s): erts
Related Id(s): GH-7683, PR-7712
Fix bugs where if the body of a matchspec would return
a map with a variable ('$1', '$_' etc) as one of the
keys or values and the variable was not an immidiate,
the term would not be copied to the receiving processes
heap. This would later corrupt the term in the table as
the GC could place move markers in it, which in turn
would cause the VM to crash.
Bug has been present for since OTP 17.0.
Full runtime dependencies of erts-14.1.1: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- xmerl-1.3.33 ----------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.33 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18803 Application(s): otp, xmerl
The xmerl version 1.3.32 was released in OTP 26.0.1,
but the incorrect version number of 1.3.31.1 was used
for it. This incorrect version number continued to
appear in OTP 26.0.2, OTP 26.1, and OTP 26.1.1. The
actual xmerl code in these OTP versions however
corresponds to xmerl version 1.3.32.
Full runtime dependencies of xmerl-1.3.33: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 24.3.4.14
Patch Package: OTP 24.3.4.14
Git Tag: OTP-24.3.4.14
Date: 2023-10-12
Trouble Report Id: OTP-18670, OTP-18707, OTP-18711, OTP-18712,
OTP-18718, OTP-18732, OTP-18752, OTP-18790,
OTP-18797
Seq num: ERIERL-963, GH-7431, GH-7436, GH-7444,
GH-7546, GH-7683
System: OTP
Release: 24
Application: crypto-5.0.6.4, erts-12.3.2.14,
kernel-8.3.2.4, mnesia-4.20.4.3,
public_key-1.12.0.2, ssl-10.7.3.9
Predecessor: OTP 24.3.4.13
Check out the git tag OTP-24.3.4.14, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- crypto-5.0.6.4 --------------------------------------------------
---------------------------------------------------------------------
The crypto-5.0.6.4 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18670 Application(s): crypto
Related Id(s): GH-7436, PR-7450
Fix VM crash caused by crypto being purged and reloaded
(by init:restart for example) on OS with musl libc
(such as Alpine linux).
Full runtime dependencies of crypto-5.0.6.4: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- erts-12.3.2.14 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-12.3.2.14 application *cannot* be applied
independently of other applications on an arbitrary OTP 24
installation.
On a full OTP 24 installation, also the following runtime
dependency has to be satisfied:
-- kernel-8.3 (first satisfied in OTP 24.3)
--- Fixed Bugs and Malfunctions ---
OTP-18732 Application(s): erts
Related Id(s): GH-7444, PR-7458
Fix bug causing "magic" references in a compressed ETS
table to not keep the referred object alive. The
symptom would be the referred object being garbage
collected prematurely and the reference appearing
stale, not referring to anything. Examples of such
magically referred objects are atomics and NIF
resources.
OTP-18752 Application(s): erts
Related Id(s): PR-7633
The cleanup operation of not yet delivered signals to a
terminated process yielded excessively.
OTP-18790 Application(s): erts
Related Id(s): PR-7742
If the external term format encoding of an argument
list part of a distributed spawn operation was faulty,
the newly spawned remote process could misbehave. The
misbehavior included hanging or interpret an incoming
message as an argument list to use. This was very
unlikely to happen unless using an alternate
implementation of the distribution protocol which made
a faulty encoding of the argument list. The child
process will now detect this error and terminate before
executing the user specified code.
OTP-18797 Application(s): erts
Related Id(s): GH-7683, PR-7712
Fix bugs where if the body of a matchspec would return
a map with a variable ('$1', '$_' etc) as one of the
keys or values and the variable was not an immidiate,
the term would not be copied to the receiving processes
heap. This would later corrupt the term in the table as
the GC could place move markers in it, which in turn
would cause the VM to crash.
Bug has been present for since OTP 17.0.
Full runtime dependencies of erts-12.3.2.14: kernel-8.3, sasl-3.3,
stdlib-3.13
---------------------------------------------------------------------
--- kernel-8.3.2.4 --------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-8.3.2.4 application *cannot* be applied
independently of other applications on an arbitrary OTP 24
installation.
On a full OTP 24 installation, also the following runtime
dependency has to be satisfied:
-- erts-12.3 (first satisfied in OTP 24.3)
--- Fixed Bugs and Malfunctions ---
OTP-18707 Application(s): kernel
Related Id(s): #7530
gen_tcp:connect with socket address and socket (inet-)
backend fails because of missing callback function.
Full runtime dependencies of kernel-8.3.2.4: crypto-5.0, erts-12.3,
sasl-3.0, stdlib-3.13
---------------------------------------------------------------------
--- mnesia-4.20.4.3 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.20.4.3 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18711 Application(s): mnesia
Related Id(s): ERIERL-963
Do not delete old backup file if the new backup fails.
Full runtime dependencies of mnesia-4.20.4.3: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- public_key-1.12.0.2 ---------------------------------------------
---------------------------------------------------------------------
The public_key-1.12.0.2 application can be applied independently of
other applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18718 Application(s): public_key
Related Id(s): GH-7546
Country name comparison shall be case insensitive
Full runtime dependencies of public_key-1.12.0.2: asn1-3.0,
crypto-3.8, erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- ssl-10.7.3.9 ----------------------------------------------------
---------------------------------------------------------------------
Note! The ssl-10.7.3.9 application *cannot* be applied independently
of other applications on an arbitrary OTP 24 installation.
On a full OTP 24 installation, also the following runtime
dependencies have to be satisfied:
-- public_key-1.11.3 (first satisfied in OTP 24.1.2)
-- stdlib-3.17.2.1 (first satisfied in OTP 24.3.4.5)
--- Fixed Bugs and Malfunctions ---
OTP-18712 Application(s): ssl
Related Id(s): GH-7431
When a client initiated renegotiation was rejected and
the client socket was in active mode the expected error
message to the controlling process was not sent.
Full runtime dependencies of ssl-10.7.3.9: crypto-5.0, erts-10.0,
inets-5.10.7, kernel-8.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-3.17.2.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 26.1.1
Patch Package: OTP 26.1.1
Git Tag: OTP-26.1.1
Date: 2023-09-28
Trouble Report Id: OTP-18768, OTP-18770, OTP-18773
Seq num: GH-7667
System: OTP
Release: 26
Application: compiler-8.4.1, stdlib-5.1.1, wx-2.3.1
Predecessor: OTP 26.1
Check out the git tag OTP-26.1.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- compiler-8.4.1 --------------------------------------------------
---------------------------------------------------------------------
The compiler-8.4.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18770 Application(s): compiler
Related Id(s): GH-7667, PR-7672
The compiler could become extremely slow for modules
containing huge functions.
Full runtime dependencies of compiler-8.4.1: crypto-5.1, erts-13.0,
kernel-8.4, stdlib-5.0
---------------------------------------------------------------------
--- stdlib-5.1.1 ----------------------------------------------------
---------------------------------------------------------------------
The stdlib-5.1.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Improvements and New Features ---
OTP-18773 Application(s): stdlib
Related Id(s): PR-7691
Garbage collect the shell process when reducing the
amount of saved history and results.
Full runtime dependencies of stdlib-5.1.1: compiler-5.0, crypto-4.5,
erts-13.1, kernel-9.0, sasl-3.0
---------------------------------------------------------------------
--- wx-2.3.1 --------------------------------------------------------
---------------------------------------------------------------------
The wx-2.3.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18768 Application(s): wx
Related Id(s): PR-7670
The wx application would fail to build on macOS with
Xcode 15.
Full runtime dependencies of wx-2.3.1: erts-12.0, kernel-8.0,
stdlib-5.0
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------