chore(deps): update dependency erlang to v29#492
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
ffff9c6 to
a7ee755
Compare
dfb9552 to
8d7a61b
Compare
f622135 to
2c5c1b8
Compare
313c466 to
fbfef13
Compare
fbfef13 to
b6afe3a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
28.5→29.0.3Release Notes
erlang/otp (erlang)
v29.0.3: OTP 29.0.3Compare Source
Check out the git tag OTP-29.0.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
common_test-1.31.1
The common_test-1.31.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed a crash in ct_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation.
Own Id: OTP-20191
Related Id(s): ERIERL-1333, PR-11230
compiler-10.0.2
The compiler-10.0.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed.
Own Id: OTP-20222
Related Id(s): PR-11219
crypto-5.9.1
The crypto-5.9.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
crypto:compute_key/4foreddhandcrypto:generate_key/2,3foreddh/eddsanow raise anerror:{notsup, Info, Description}exception instead of returning the atomnotsupwhen the underlying cryptolib lacks support.Own Id: OTP-20215
Related Id(s): PR-11302
dialyzer-6.0.2
The dialyzer-6.0.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fix a bug with native record sets in
erl_types.erlOwn Id: OTP-20201
erts-17.0.3
The erts-17.0.3 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed an undefined behavior in the internal
erts_qsort()function, which could have been the cause of a beam crash seen when updating large maps.Own Id: OTP-20185
Related Id(s): PR-11215
Calculating
bxorof the largest supported positive integer (erlang:system_info(max_integer)) and-1would return[]instead of a raising asystem_limitexception.Own Id: OTP-20208
Related Id(s): PR-11269
Fix possible race between
ets:delete/1and terminating process with a fixation on the same table.Own Id: OTP-20217
Related Id(s): PR-11283
A few code generation issues for the JIT on AArch64 (ARM64) have been fixed.
For all platforms, the loader will reject some invalid BEAM files earlier.
Own Id: OTP-20226
Related Id(s): PR-11299
On 32-bit computers, the
md5BIFs would return an incorrect MD5 checksum for data of size 4GiB or more.Own Id: OTP-20227
Related Id(s): PR-11289
kernel-11.0.3
The kernel-11.0.3 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
inet:info/1 could crash when calling for a closing (port) socket.
Own Id: OTP-20173
Handling of the truncation bit in
inet_reshas been fixed so it properly falls back to querying over TCP after a truncated UDP reply.This fixes a bug introduced in OTP-28.4.2 - kernel-10.6.2 making a truncated UDP answer fail to parse and never execute the fallback, instead the name resolve operation fails.
Own Id: OTP-20199
Related Id(s): PR-11247
public_key-1.21.3
The public_key-1.21.3 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding.
Own Id: OTP-20197
Related Id(s): PR-11239
ssh-6.0.2
The ssh-6.0.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed a path-existence oracle in the SFTP server where
SSH_FXP_REALPATHrequests with..components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem.Own Id: OTP-20183
Related Id(s): GH-SA-h9pw-h5w4-h976, PR-11294, CVE-2026-53422
Fixed an infinite loop in the SFTP server triggered when receiving
SSH_MSG_CHANNEL_EXTENDED_DATAon an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue.Own Id: OTP-20186
Related Id(s): GH-SA-7wp4-pc27-2vj9, PR-11295, CVE-2026-54886
Fixed mlkem768x25519 hybrid key exchange failing intermittently with "incorrect signature" when the X25519 shared secret had a leading zero byte. The shared secret is now encoded as a fixed-width 32-byte string per the specification.
Own Id: OTP-20196
Related Id(s): PR-11209
Fixed a race condition where SSH keepalive responses could be matched to unrelated pending requests due to incorrect request queue ordering. Requests are now matched in the order they were sent.
Own Id: OTP-20198
Related Id(s): PR-11244
The SFTP server now caps the read length in
SSH_FXP_READrequests to 255 KiB (matching OpenSSH'sSFTP_MAX_READ_LENGTH), preventing excessive memory allocation when clients request large reads.Own Id: OTP-20200
Related Id(s): PR-11259
Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade.
Own Id: OTP-20206
Related Id(s): PR-11268
ssl-11.7.3
Note! The ssl-11.7.3 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.
Fixed Bugs and Malfunctions
Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown.
Own Id: OTP-20190
Related Id(s): PR-11250
Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window.
Own Id: OTP-20194
Related Id(s): PR-11271, CVE-2026-54887
Guard TLS client for MITM injection of application data during "plain-text-window" during handshake.
Own Id: OTP-20207
Related Id(s): PR-11270, CVE-2026-54891
Improve error handling of TLS PSK sending ILLIGAL_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs.
Own Id: OTP-20216
Related Id(s): PR-11282, CVE-2026-55952
Fix race condition that could be used to DoS attack DTLS servers.
Own Id: OTP-20220
Related Id(s): PR-11306, CVE-2026-55950
A TLS-1.3 stateless session ticket with obfuscated_ticket_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value.
Own Id: OTP-20230
Related Id(s): PR-11307
TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4
Own Id: OTP-20231
Related Id(s): PR-11309
A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used.
Own Id: OTP-20232
Related Id(s): PR-11311
Correct spec for CRL API
Own Id: OTP-20233
Related Id(s): PR-11281
stdlib-8.0.2
The stdlib-8.0.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed.
Own Id: OTP-20222
Related Id(s): PR-11219
Thanks to
Cole Christensen, Nick Krichevsky, Stefan Grundmann
v29.0.2: OTP 29.0.2Compare Source
Check out the git tag OTP-29.0.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
dialyzer-6.0.1
The dialyzer-6.0.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fix native record bugs in Dialyzer
Own Id: OTP-20178
Related Id(s): PR-11199
diameter-2.7.1
The diameter-2.7.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed return value documentation of
diameter:service_info(SvcName, statistics)Own Id: OTP-20150
Related Id(s): GH-11105, PR-11146
erl_interface-5.8.1
The erl_interface-5.8.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed stack overflow in
ei_s_print_termfor very big integer terms (> 2000 hexadecimal digits long).Own Id: OTP-20160
Related Id(s): GH-SA-xcxj-5pg2-v72j, PR-11193, CVE-2026-49760
erts-17.0.2
The erts-17.0.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
A buffer overflow error when parsing SCTP ERROR or ABORT chunks has been fixed.
This could lead to stack corruption and VM crash, but ultimately with hard work by an attacker be refined into maybe even remote code execution.
Own Id: OTP-20165
Related Id(s): GH-SA-6f4f-chj5-5g97, PR-1234, CVE-2026-49759
ftp-1.2.6
The ftp-1.2.6 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
FTP client default connections that use the so called passive mode of FTP fails to properly validating the response IP of the server, hence a malicious or compromised FTP server could redirect the data connection to an arbitrary host, enabling s server-side request forgery (SSRF) and FTP bounce attacks.
Own Id: OTP-20166
Related Id(s): GH-SA-24cv-hwgr-37fq, PR-11186, CVE-2026-48858
inets-9.7.1
The inets-9.7.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
The HTTP client (httpc) now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port. Previously these headers were forwarded verbatim, potentially leaking credentials to unintended targets.
This follows the requirements of RFC 9110 §15.4.
Own Id: OTP-20155
Related Id(s): GH-SA-m75x-4vwg-ggjh, PR-11212, CVE-2026-48856
kernel-11.0.2
The kernel-11.0.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
gen_tcp_socket accept should explicitly inherit the same options as plain gen_tcp.
Own Id: OTP-20057
mnesia-4.26.1
The mnesia-4.26.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed docs of
mnesia:write/3to clarify when a transaction can terminate.Own Id: OTP-20149
Related Id(s): GH-11104, PR-11145
public_key-1.21.2
The public_key-1.21.2 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Add missing macro reference for legacy algorithms md5 and sha224. This mainly improves error handling.
Own Id: OTP-20172
Related Id(s): PR-11195
ssh-6.0.1
The ssh-6.0.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed a timing-based username enumeration vulnerability during password authentication with the user_passwords option. A dummy PBKDF2 computation is now performed for invalid usernames to match the response time of valid ones.
Own Id: OTP-20153
Related Id(s): GH-SA-3w6p-vwhf-wvp4, PR-11157, CVE-2026-48859
Fixed SSH_FXP_READLINK handler in ssh_sftpd to strip the backend root prefix from symlink targets before returning them to the client, preventing disclosure of the server's absolute filesystem path when the root option is configured.
Own Id: OTP-20162
Related Id(s): GH-SA-pv7g-pjrq-x2fh, PR-11192, CVE-2026-48855
Fixed a race condition where SSH keep-alive responses could consume pending channel open requests, causing channel setup to fail silently.
Own Id: OTP-20181
Related Id(s): PR-11205
ssl-11.7.2
Note! The ssl-11.7.2 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.
Fixed Bugs and Malfunctions
Fix miscellanies issues that could cause unnecessary memory consumption and in some less common scenarios or configurations cause connection failures.
Own Id: OTP-20154
Related Id(s): PR-11148
Erlang distribution over TLS run with the kernel 'check_ip' flag now properly enforce connecting nodes to be on the same LAN.
Own Id: OTP-20156
Related Id(s): GH-SA-gp7x-mfv6-52cv, PR-11181, CVE-2026-48860
Enhance error message, by fixing typo of atom in new error message related to `public_key` CVE-2026-42790 solution.
Own Id: OTP-20161
Related Id(s): PR-11148
Corrected SNI handling for TLS-1.3 only server, could cause connection failures if supported signature algorithms where changed by SNI option update.
Own Id: OTP-20174
Related Id(s): PR-27384
stdlib-8.0.1
The stdlib-8.0.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fix a bug where a tuple record operation within a native record anonymous update can crash.
Own Id: OTP-20151
Related Id(s): PR-11141
Fixed some bugs in
io_lib:bformat/2and native record printing.Own Id: OTP-20170
Related Id(s): PR-11154
tools-4.2.1
The tools-4.2.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Xref could crash instead of returning an appropriate error tuple when asked to open a BEAM file without debug information but with a
moduledoc(false)attribute.Own Id: OTP-20163
Related Id(s): GH-11152, PR-11168
Thanks to
John Downey, Jonatan Männchen
v29.0.1: OTP 29.0.1Compare Source
Check out the git tag OTP-29.0.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
POTENTIAL INCOMPATIBILITIES
'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.
'ssl'. Error handling is slightly changed to better reflect public_key behaviour.
Own Id: OTP-20130
Application(s): public_key, ssl
Related Id(s): PR-11124, CVE-2026-42790
compiler-10.0.1
The compiler-10.0.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
In rare circumstances, optimization of boolean expressions could invert the boolean value.
Own Id: OTP-20140
Related Id(s): GH-11088, PR-11089
The compiler could crash when compiling code using native records in certain ways.
Own Id: OTP-20146
Related Id(s): PR-11135
erts-17.0.1
The erts-17.0.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Comparison of two native records could return an incorrect result or crash the runtime system.
Own Id: OTP-20139
Related Id(s): PR-11107
kernel-11.0.1
The kernel-11.0.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
SCTP peeloff of an IPv6 socket, the peeled-off socket does not inherit the parent options as expected.
Own Id: OTP-20134
Related Id(s): PR-11007
public_key-1.21.1
The public_key-1.21.1 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
OCSP responder certificates are now checked for expiration before being accepted as authorized responders. Previously, expired or not-yet-valid responder certificates were incorrectly accepted when verifying OCSP responses.
Own Id: OTP-20112
Related Id(s): PR-11136
Corrected basic constraint path validation check in accordance to RFC 5280.
Own Id: OTP-20129
Related Id(s): PR-11123, CVE-2026-42789
'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.
'ssl'. Error handling is slightly changed to better reflect public_key behaviour.
Own Id: OTP-20130
Related Id(s): PR-11124, CVE-2026-42790
*** POTENTIAL INCOMPATIBILITY ***
snmp-5.20.4
The snmp-5.20.4 application can be applied independently of other applications on a full OTP 29 installation.
Fixed Bugs and Malfunctions
Fixed a bug in snmpm_usm:generate_outgoing_msg/5 that caused a badmatch crash when constructing an error response for an unknown user/engineID combination.
Own Id: OTP-20138
Related Id(s): ERIERL-1321, PR-11100
ssl-11.7.1
Note! The ssl-11.7.1 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.
Fixed Bugs and Malfunctions
'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.
'ssl'. Error handling is slightly changed to better reflect public_key behaviour.
Own Id: OTP-20130
Related Id(s): PR-11124, CVE-2026-42790
*** POTENTIAL INCOMPATIBILITY ***
Could cause server to terminate a connection without an alert towards a bad client.
Own Id: OTP-20141
Related Id(s): PR-11125
Thanks to
Martin Hässler, Paul Guyot
v29.0: OTP 29.0Compare Source
Check out the git tag OTP-29.0, and build a full OTP system including documentation.
HIGHLIGHTS
The JIT now generates better code for matching or creating binaries with multiple little-endian segments.
Own Id: OTP-19747
Application(s): erts
Related Id(s): [PR-10126]
In the documentation for the [
compile] module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for theto_abstr,to_exp, andfrom_abstroptions.The documentation for [erlc] now lists
.abstras one of the supported options.When compiling with the
to_abstroption, the resulting.abstrfile now retains any-docattributes present in the source code.Own Id: OTP-19784
Application(s): compiler, erts
Related Id(s): [PR-10230], [PR-10234]
Native records as described in [EEP-79] has been implemented.
A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.
Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.
Own Id: OTP-19785
Application(s): compiler, debugger, dialyzer, erts, stdlib
Related Id(s): [PR-10617]
The guard BIF
is_integer/3has been added. It follows the design of the original EEP-16, only changing the name fromis_betweentois_integer. This BIF takes in 3 parameters,Term,LowerBound, andUpperBound.It returns
trueifTerm,LowerBound, andUpperBoundare all integers, andLowerBound =< Term =< UpperBound; otherwise, it returns false.Example:
Own Id: OTP-19809
Application(s): compiler, dialyzer, erts
Related Id(s): [PR-10276]
There are new functions for random permutation of a list:
rand:shuffle/1andrand:shuffle_s/2. They are inspired by a suggestion and discussion on ErlangForums.Own Id: OTP-19826
Application(s): stdlib
Related Id(s): [PR-10281]
In the default code path for the Erlang system, the current working directory (
.) is now in the last position instead of the first.Own Id: OTP-19842
Application(s): erts, kernel
*** POTENTIAL INCOMPATIBILITY ***
Function application is now left associative. That means one can now write:
instead of:
Own Id: OTP-19866
Application(s): compiler
Related Id(s): [PR-9223]
The old-style type tests in guards (
integer,atom, and so on) have been scheduled for removal in Erlang/OTP 30. They have been deprecated for a long time.Own Id: OTP-19887
Application(s): otp
Related Id(s): [PR-10417]
There will now be a warning when exporting variables out of a subexpression. For example:
To avoid the warning, this can be rewritten to:
The warning can be suppressed by giving option
nowarn_export_var_subexprto the compiler.Own Id: OTP-19898
Application(s): compiler, stdlib
Related Id(s): [PR-9134]
There is a new option
warn_obsolete_bool_opthat instruct the compiler to emit warnings for theandandoroperators. It is recommended to instead use the modernandalsoandorelseoperators, or,and;in guards.Own Id: OTP-19918
Application(s): compiler
Related Id(s): [PR-9115]
graphis a new module that is a functional equivalent of the [digraph] and [digraph_utils] modules.Own Id: OTP-19922
Application(s): stdlib
Related Id(s): [PR-10532]
Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:
In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:
However, this example will work as expected if the
compr_assignfeature is enabled when starting the runtime system:Here is another example how
compr_assigncan be used:Own Id: OTP-19927
Application(s): compiler, stdlib
Related Id(s): [PR-9153]
*** POTENTIAL INCOMPATIBILITY ***
There will now be a warning when using the
catchoperator, which has been deprecated for a long time.It is recommended to instead use
try...catch...endbut is also possible to disable the warning by using thenowarn_deprecated_catchoption.Own Id: OTP-19938
Application(s): compiler, stdlib
Related Id(s): [PR-10421]
Multi-valued comprehensions according to [EEP 78] has been implemented.
Example:
Own Id: OTP-19942
Application(s): compiler, debugger, stdlib, syntax_tools
Related Id(s): [PR-9374]
There will now be a warning for matches that unify constructors, such as the following:
Such a match can be rewritten to:
The compiler option
nowarn_match_alias_patscan be used to disable the warning.Own Id: OTP-19943
Application(s): compiler, stdlib
Related Id(s): [PR-10433]
There is no longer a 32-bit Erlang/OTP build for Windows.
Own Id: OTP-19960
Application(s): otp
While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order:
maps:keys/1maps:values/1maps:to_list/1maps:to_list(maps:iterator(M))[{K,V} || K := V <- M]Own Id: OTP-19963
Application(s): erts, stdlib
Related Id(s): [PR-10626]
The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.
Own Id: OTP-19965
Application(s): ssh
Related Id(s): [PR-10656]
*** POTENTIAL INCOMPATIBILITY ***
The compiler now generates more efficient code for map comprehensions with constant values that don't depend on the generator, such as the following:
Own Id: OTP-19968
Application(s): compiler
Related Id(s): [PR-10646]
The SSH daemon now defaults to disabled for shell and exec services, implementing the "secure by default" principle. This prevents authenticated users from executing arbitrary Erlang code unless explicitly configured.
Applications requiring shell or exec functionality must now explicitly enable:
Own Id: OTP-19969
Application(s): ssh
Related Id(s): ERIERL-1319, [PR-10970], [PR-11080]
*** POTENTIAL INCOMPATIBILITY ***
The
odbcapplication is now deprecated and is planned to be removed in Erlang/OTP 30.The [
ftp] and [ct_ftp] modules are now deprecated and are planned to be removed in Erlang/OTP 30.Own Id: OTP-19980
Application(s): ftp, odbc
Related Id(s): [PR-10804]
The
arraymodule have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized withterm_to_binary/1in previous releases are not compatible.Own Id: OTP-20004
Application(s): stdlib
Related Id(s): [PR-10578]
*** POTENTIAL INCOMPATIBILITY ***
Added support for socket functions
recvmmsg()andsendmmsg().Own Id: OTP-20015
Application(s): erts, kernel
Related Id(s): [PR-10564]
m:erl_tarwill use less memory when extracting large tar entries to disk. Instead of reading each tar entry into memory, [erl_tar] will now stream data in chunks of 64KB. The chunk size is settable using the new{chunks,ChunkSize}option.The new
{max_size,Size}option will set a limit on the total size of extracted data to protect against filling up the disk.Checking of symlinks has been improved. Some symlinks that were safe (such as
dir/link -> ../file) used to be rejected.Own Id: OTP-20023
Application(s): stdlib
Related Id(s): [PR-10814], [PR-10818], [PR-10821]
Added a new module called
io_ansithat allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications.io_ansiuses the local terminfo database in order to be as cross-platform compatible as possible.It also works across nodes so that if functions on a remote node call
io_ansi:fwrite/1it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that useio_ansiand it will properly detect the terminal sequences the target terminal can handle and will print using them correctly.Own Id: OTP-20028
Application(s): kernel, stdlib
Related Id(s): [PR-10905], [PR-9940]
The
ignore_xrefattribute has been handled as a post-analysis filter by build tools such as Rebar3. In this release, [xref] itself does the filtering, ensuring that all tooling that callsxreffor any purpose can rely on these declarations to just work.Own Id: OTP-20032
Application(s): tools
Related Id(s): [PR-10592]
New in this release is
ct_doctest, a module that allows the user to test documentation examples in Erlang module docs and documentation files.ct_doctest allows you to:
edoc,asciidoc, and others can also be tested.See the documentation for more details.
Own Id: OTP-20034
Application(s): common_test
Related Id(s): [PR-10824], [PR-9315]
Added support for
-unsafeattributes, which is used to mark functions as unsafe to use.This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.
Furthermore, [
xref] can now be used to find calls to functions in another application that lack a-docattribute (undocumented_function_calls), calls to functions in another application marked-doc false.(private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).Own Id: OTP-20066
Application(s): asn1, common_test, compiler, crypto, debugger, dialyzer, diameter, edoc, eunit, inets, kernel, megaco, mnesia, observer, odbc, os_mon, otp, parsetools, public_key, reltool, runtime_tools, sasl, ssh, ssl, stdlib, syntax_tools, tftp, tools, wx, xmerl
Related Id(s): [PR-10839]
The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration.
Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512.
The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh_dsa_sha2_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list.
All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status.
Own Id: OTP-20070
Application(s): ssl
Related Id(s): [PR-10949]
*** POTENTIAL INCOMPATIBILITY ***
The [
json] module now encodes and decodes quoted strings faster. Improvements of up to 55 percent has been measured when decoding JSON data with long strings.The
string:length/1,string:slice/2, andstring:slice/3functions have been optimized. For some strings, they can be up to twice as fast.Own Id: OTP-20072
Application(s): stdlib
Related Id(s): [PR-10938], [PR-10948]
The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly:
Own Id: OTP-20078
Application(s): ssh
Related Id(s): [PR-10970]
*** POTENTIAL INCOMPATIBILITY ***
The runtime system now supports generating encrypted crash dumps. See the description of
--enable-encrypted-crash-dumpsin [Building and Installing Erlang/OTP].Own Id: OTP-20085
Application(s): crypto, erts, public_key, tools
Related Id(s): [PR-10993]
There is a new Hardening guide giving guidelines on how to strengthen the security for the
sslapplication.Own Id: OTP-20087
Application(s): ssl
Related Id(s): [PR-11019]
There is a new Hardening guide with advice for configuring Inets to be more secure.
Own Id: OTP-20133
Application(s): inets
Related Id(s): [PR-11073]
POTENTIAL INCOMPATIBILITIES
Fixed (
inet) module selection when calling (gen_tcp) listen and connect and (gen_udp) open. Depending on the order of the options, the module option (tcp_moduleorudp_module) was sometimes ignored.Own Id: OTP-19695
Application(s): kernel
Related Id(s): [GH-9822], [PR-10013]
ssh:stop_deamonnow usessupervisor:stopfor shutting down daemons. With this change, the scenario whenssh:stop_daemonis called for a non-existing process results in calling process exiting. Previously an error tuple was returned (which was not documented).Own Id: OTP-19801
Application(s): ssh
Related Id(s): [PR-10253]
The
mnesia_registrymodule has been removed.Own Id: OTP-19807
Application(s): mnesia
Related Id(s): [PR-7315]
In the default code path for the Erlang system, the current working directory (
.) is now in the last position instead of the first.Own Id: OTP-19842
Application(s): erts, kernel
*** HIGHLIGHT ***
Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:
In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:
However, this example will work as expected if the
compr_assignfeature is enabled when starting the runtime system:Here is another example how
compr_assigncan be used:Own Id: OTP-19927
Application(s): compiler, stdlib
Related Id(s): [PR-9153]
*** HIGHLIGHT ***
The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.
Configuration
📅 Schedule: (in timezone America/New_York)
* 0-3 * * *)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.