Skip to content

chore(deps): update dependency erlang to v29#492

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/erlang-29.x
Open

chore(deps): update dependency erlang to v29#492
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/erlang-29.x

Conversation

@renovate

@renovate renovate Bot commented May 14, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Update Change
erlang major 28.529.0.3

Release Notes

erlang/otp (erlang)

v29.0.3: OTP 29.0.3

Compare Source

Patch Package:           OTP 29.0.3
Git Tag:                 OTP-29.0.3
Date:                    2026-07-02
Trouble Report Id:       OTP-20173, OTP-20183, OTP-20185, OTP-20186,
                         OTP-20190, OTP-20191, OTP-20194, OTP-20196,
                         OTP-20197, OTP-20198, OTP-20199, OTP-20200,
                         OTP-20201, OTP-20206, OTP-20207, OTP-20208,
                         OTP-20215, OTP-20216, OTP-20217, OTP-20220,
                         OTP-20222, OTP-20226, OTP-20227, OTP-20230,
                         OTP-20231, OTP-20232, OTP-20233
Seq num:                 CVE-2026-53422, CVE-2026-54886,
                         CVE-2026-54887, CVE-2026-54891,
                         CVE-2026-55950, CVE-2026-55952, ERIERL-1333,
                         GH-SA-7wp4-pc27-2vj9, GH-SA-h9pw-h5w4-h976,
                         PR-11209, PR-11215, PR-11219, PR-11230,
                         PR-11239, PR-11244, PR-11247, PR-11250,
                         PR-11259, PR-11268, PR-11269, PR-11270,
                         PR-11271, PR-11281, PR-11282, PR-11283,
                         PR-11289, PR-11294, PR-11295, PR-11299,
                         PR-11302, PR-11306, PR-11307, PR-11309,
                         PR-11311
System:                  OTP
Release:                 29
Application:             common_test-1.31.1, compiler-10.0.2,
                         crypto-5.9.1, dialyzer-6.0.2, erts-17.0.3,
                         kernel-11.0.3, public_key-1.21.3, ssh-6.0.2,
                         ssl-11.7.3, stdlib-8.0.2
Predecessor:             OTP 29.0.2

Check out the git tag OTP-29.0.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

common_test-1.31.1

The common_test-1.31.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a crash in ct_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation.

    Own Id: OTP-20191
    Related Id(s): ERIERL-1333, PR-11230

Full runtime dependencies of common_test-1.31.1

compiler-10.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-11.0, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-8.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8

compiler-10.0.2

The compiler-10.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed.

    Own Id: OTP-20222
    Related Id(s): PR-11219

Full runtime dependencies of compiler-10.0.2

crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0

crypto-5.9.1

The crypto-5.9.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • crypto:compute_key/4 for eddh and crypto:generate_key/2,3 for eddh/eddsa now raise an error:{notsup, Info, Description} exception instead of returning the atom notsup when the underlying cryptolib lacks support.

    Own Id: OTP-20215
    Related Id(s): PR-11302

Full runtime dependencies of crypto-5.9.1

erts-9.0, kernel-6.0, stdlib-3.9

dialyzer-6.0.2

The dialyzer-6.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fix a bug with native record sets in erl_types.erl

    Own Id: OTP-20201

Full runtime dependencies of dialyzer-6.0.2

compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0

erts-17.0.3

The erts-17.0.3 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed an undefined behavior in the internal erts_qsort() function, which could have been the cause of a beam crash seen when updating large maps.

    Own Id: OTP-20185
    Related Id(s): PR-11215

  • Calculating bxor of the largest supported positive integer (erlang:system_info(max_integer)) and -1 would return [] instead of a raising a system_limit exception.

    Own Id: OTP-20208
    Related Id(s): PR-11269

  • Fix possible race between ets:delete/1 and terminating process with a fixation on the same table.

    Own Id: OTP-20217
    Related Id(s): PR-11283

  • A few code generation issues for the JIT on AArch64 (ARM64) have been fixed.

    For all platforms, the loader will reject some invalid BEAM files earlier.

    Own Id: OTP-20226
    Related Id(s): PR-11299

  • On 32-bit computers, the md5 BIFs would return an incorrect MD5 checksum for data of size 4GiB or more.

    Own Id: OTP-20227
    Related Id(s): PR-11289

Full runtime dependencies of erts-17.0.3

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-11.0.3

The kernel-11.0.3 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • inet:info/1 could crash when calling for a closing (port) socket.

    Own Id: OTP-20173

  • Handling of the truncation bit in inet_res has been fixed so it properly falls back to querying over TCP after a truncated UDP reply.

    This fixes a bug introduced in OTP-28.4.2 - kernel-10.6.2 making a truncated UDP answer fail to parse and never execute the fallback, instead the name resolve operation fails.

    Own Id: OTP-20199
    Related Id(s): PR-11247

Full runtime dependencies of kernel-11.0.3

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

public_key-1.21.3

The public_key-1.21.3 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding.

    Own Id: OTP-20197
    Related Id(s): PR-11239

Full runtime dependencies of public_key-1.21.3

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

ssh-6.0.2

The ssh-6.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a path-existence oracle in the SFTP server where SSH_FXP_REALPATH requests with .. components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem.

    Own Id: OTP-20183
    Related Id(s): GH-SA-h9pw-h5w4-h976, PR-11294, CVE-2026-53422

  • Fixed an infinite loop in the SFTP server triggered when receiving SSH_MSG_CHANNEL_EXTENDED_DATA on an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue.

    Own Id: OTP-20186
    Related Id(s): GH-SA-7wp4-pc27-2vj9, PR-11295, CVE-2026-54886

  • Fixed mlkem768x25519 hybrid key exchange failing intermittently with "incorrect signature" when the X25519 shared secret had a leading zero byte. The shared secret is now encoded as a fixed-width 32-byte string per the specification.

    Own Id: OTP-20196
    Related Id(s): PR-11209

  • Fixed a race condition where SSH keepalive responses could be matched to unrelated pending requests due to incorrect request queue ordering. Requests are now matched in the order they were sent.

    Own Id: OTP-20198
    Related Id(s): PR-11244

  • The SFTP server now caps the read length in SSH_FXP_READ requests to 255 KiB (matching OpenSSH's SFTP_MAX_READ_LENGTH), preventing excessive memory allocation when clients request large reads.

    Own Id: OTP-20200
    Related Id(s): PR-11259

  • Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade.

    Own Id: OTP-20206
    Related Id(s): PR-11268

Full runtime dependencies of ssh-6.0.2

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-8.0

ssl-11.7.3

Note! The ssl-11.7.3 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.

   On a full OTP 29 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.21.1 (first satisfied in OTP 29.0.1)

Fixed Bugs and Malfunctions

  • Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown.

    Own Id: OTP-20190
    Related Id(s): PR-11250

  • Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window.

    Own Id: OTP-20194
    Related Id(s): PR-11271, CVE-2026-54887

  • Guard TLS client for MITM injection of application data during "plain-text-window" during handshake.

    Own Id: OTP-20207
    Related Id(s): PR-11270, CVE-2026-54891

  • Improve error handling of TLS PSK sending ILLIGAL_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs.

    Own Id: OTP-20216
    Related Id(s): PR-11282, CVE-2026-55952

  • Fix race condition that could be used to DoS attack DTLS servers.

    Own Id: OTP-20220
    Related Id(s): PR-11306, CVE-2026-55950

  • A TLS-1.3 stateless session ticket with obfuscated_ticket_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value.

    Own Id: OTP-20230
    Related Id(s): PR-11307

  • TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4

    Own Id: OTP-20231
    Related Id(s): PR-11309

  • A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used.

    Own Id: OTP-20232
    Related Id(s): PR-11311

  • Correct spec for CRL API

    Own Id: OTP-20233
    Related Id(s): PR-11281

Full runtime dependencies of ssl-11.7.3

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, runtime_tools-1.15.1, stdlib-7.0

stdlib-8.0.2

The stdlib-8.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed.

    Own Id: OTP-20222
    Related Id(s): PR-11219

Full runtime dependencies of stdlib-8.0.2

compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax_tools-3.2.1

Thanks to

Cole Christensen, Nick Krichevsky, Stefan Grundmann

v29.0.2: OTP 29.0.2

Compare Source

Patch Package:           OTP 29.0.2
Git Tag:                 OTP-29.0.2
Date:                    2026-06-10
Trouble Report Id:       OTP-20057, OTP-20149, OTP-20150, OTP-20151,
                         OTP-20153, OTP-20154, OTP-20155, OTP-20156,
                         OTP-20160, OTP-20161, OTP-20162, OTP-20163,
                         OTP-20165, OTP-20166, OTP-20170, OTP-20172,
                         OTP-20174, OTP-20178, OTP-20181
Seq num:                 CVE-2026-48855, CVE-2026-48856,
                         CVE-2026-48858, CVE-2026-48859,
                         CVE-2026-48860, CVE-2026-49759,
                         CVE-2026-49760, GH-11104, GH-11105, GH-11152,
                         GH-SA-24cv-hwgr-37fq, GH-SA-3w6p-vwhf-wvp4,
                         GH-SA-6f4f-chj5-5g97, GH-SA-gp7x-mfv6-52cv,
                         GH-SA-m75x-4vwg-ggjh, GH-SA-pv7g-pjrq-x2fh,
                         GH-SA-xcxj-5pg2-v72j, PR-11141, PR-11145,
                         PR-11146, PR-11148, PR-11154, PR-11157,
                         PR-11168, PR-11181, PR-11186, PR-11192,
                         PR-11193, PR-11195, PR-11199, PR-11205,
                         PR-11212, PR-1234, PR-27384
System:                  OTP
Release:                 29
Application:             dialyzer-6.0.1, diameter-2.7.1,
                         erl_interface-5.8.1, erts-17.0.2, ftp-1.2.6,
                         inets-9.7.1, kernel-11.0.2, mnesia-4.26.1,
                         public_key-1.21.2, ssh-6.0.1, ssl-11.7.2,
                         stdlib-8.0.1, tools-4.2.1
Predecessor:             OTP 29.0.1

Check out the git tag OTP-29.0.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

dialyzer-6.0.1

The dialyzer-6.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fix native record bugs in Dialyzer

    Own Id: OTP-20178
    Related Id(s): PR-11199

Full runtime dependencies of dialyzer-6.0.1

compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0

diameter-2.7.1

The diameter-2.7.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed return value documentation of diameter:service_info(SvcName, statistics)

    Own Id: OTP-20150
    Related Id(s): GH-11105, PR-11146

Full runtime dependencies of diameter-2.7.1

erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0

erl_interface-5.8.1

The erl_interface-5.8.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

erts-17.0.2

The erts-17.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • A buffer overflow error when parsing SCTP ERROR or ABORT chunks has been fixed.

    This could lead to stack corruption and VM crash, but ultimately with hard work by an attacker be refined into maybe even remote code execution.

    Own Id: OTP-20165
    Related Id(s): GH-SA-6f4f-chj5-5g97, PR-1234, CVE-2026-49759

Full runtime dependencies of erts-17.0.2

kernel-9.0, sasl-3.3, stdlib-4.1

ftp-1.2.6

The ftp-1.2.6 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • FTP client default connections that use the so called passive mode of FTP fails to properly validating the response IP of the server, hence a malicious or compromised FTP server could redirect the data connection to an arbitrary host, enabling s server-side request forgery (SSRF) and FTP bounce attacks.

    Own Id: OTP-20166
    Related Id(s): GH-SA-24cv-hwgr-37fq, PR-11186, CVE-2026-48858

Full runtime dependencies of ftp-1.2.6

erts-7.0, kernel-6.0, runtime_tools-1.15.1, ssl-10.2, stdlib-3.5

inets-9.7.1

The inets-9.7.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • The HTTP client (httpc) now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port. Previously these headers were forwarded verbatim, potentially leaking credentials to unintended targets.

    This follows the requirements of RFC 9110 §15.4.

    Own Id: OTP-20155
    Related Id(s): GH-SA-m75x-4vwg-ggjh, PR-11212, CVE-2026-48856

Full runtime dependencies of inets-9.7.1

erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0

kernel-11.0.2

The kernel-11.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • gen_tcp_socket accept should explicitly inherit the same options as plain gen_tcp.

    Own Id: OTP-20057

Full runtime dependencies of kernel-11.0.2

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

mnesia-4.26.1

The mnesia-4.26.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed docs of mnesia:write/3 to clarify when a transaction can terminate.

    Own Id: OTP-20149
    Related Id(s): GH-11104, PR-11145

Full runtime dependencies of mnesia-4.26.1

erts-9.0, kernel-5.3, stdlib-5.0

public_key-1.21.2

The public_key-1.21.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Add missing macro reference for legacy algorithms md5 and sha224. This mainly improves error handling.

    Own Id: OTP-20172
    Related Id(s): PR-11195

Full runtime dependencies of public_key-1.21.2

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

ssh-6.0.1

The ssh-6.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a timing-based username enumeration vulnerability during password authentication with the user_passwords option. A dummy PBKDF2 computation is now performed for invalid usernames to match the response time of valid ones.

    Own Id: OTP-20153
    Related Id(s): GH-SA-3w6p-vwhf-wvp4, PR-11157, CVE-2026-48859

  • Fixed SSH_FXP_READLINK handler in ssh_sftpd to strip the backend root prefix from symlink targets before returning them to the client, preventing disclosure of the server's absolute filesystem path when the root option is configured.

    Own Id: OTP-20162
    Related Id(s): GH-SA-pv7g-pjrq-x2fh, PR-11192, CVE-2026-48855

  • Fixed a race condition where SSH keep-alive responses could consume pending channel open requests, causing channel setup to fail silently.

    Own Id: OTP-20181
    Related Id(s): PR-11205

Full runtime dependencies of ssh-6.0.1

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-8.0

ssl-11.7.2

Note! The ssl-11.7.2 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.

   On a full OTP 29 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.21.1 (first satisfied in OTP 29.0.1)

Fixed Bugs and Malfunctions

  • Fix miscellanies issues that could cause unnecessary memory consumption and in some less common scenarios or configurations cause connection failures.

    Own Id: OTP-20154
    Related Id(s): PR-11148

  • Erlang distribution over TLS run with the kernel 'check_ip' flag now properly enforce connecting nodes to be on the same LAN.

    Own Id: OTP-20156
    Related Id(s): GH-SA-gp7x-mfv6-52cv, PR-11181, CVE-2026-48860

  • Enhance error message, by fixing typo of atom in new error message related to `public_key` CVE-2026-42790 solution.

    Own Id: OTP-20161
    Related Id(s): PR-11148

  • Corrected SNI handling for TLS-1.3 only server, could cause connection failures if supported signature algorithms where changed by SNI option update.

    Own Id: OTP-20174
    Related Id(s): PR-27384

Full runtime dependencies of ssl-11.7.2

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, runtime_tools-1.15.1, stdlib-7.0

stdlib-8.0.1

The stdlib-8.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fix a bug where a tuple record operation within a native record anonymous update can crash.

    Own Id: OTP-20151
    Related Id(s): PR-11141

  • Fixed some bugs in io_lib:bformat/2 and native record printing.

    Own Id: OTP-20170
    Related Id(s): PR-11154

Full runtime dependencies of stdlib-8.0.1

compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax_tools-3.2.1

tools-4.2.1

The tools-4.2.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Xref could crash instead of returning an appropriate error tuple when asked to open a BEAM file without debug information but with a moduledoc(false) attribute.

    Own Id: OTP-20163
    Related Id(s): GH-11152, PR-11168

Full runtime dependencies of tools-4.2.1

compiler-8.5, crypto-5.9, erts-15.0, kernel-10.0, public_key-1.21, runtime_tools-2.1, stdlib-6.0

Thanks to

John Downey, Jonatan Männchen

v29.0.1: OTP 29.0.1

Compare Source

Patch Package:           OTP 29.0.1
Git Tag:                 OTP-29.0.1
Date:                    2026-05-27
Trouble Report Id:       OTP-20112, OTP-20129, OTP-20130, OTP-20134,
                         OTP-20138, OTP-20139, OTP-20140, OTP-20141,
                         OTP-20146
Seq num:                 CVE-2026-42789, CVE-2026-42790, ERIERL-1321,
                         GH-11088, PR-11007, PR-11089, PR-11100,
                         PR-11107, PR-11123, PR-11124, PR-11125,
                         PR-11135, PR-11136
System:                  OTP
Release:                 29
Application:             compiler-10.0.1, erts-17.0.1, kernel-11.0.1,
                         public_key-1.21.1, snmp-5.20.4, ssl-11.7.1
Predecessor:             OTP 29.0

Check out the git tag OTP-29.0.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

POTENTIAL INCOMPATIBILITIES

  • 'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.

    'ssl'. Error handling is slightly changed to better reflect public_key behaviour.

    Own Id: OTP-20130
    Application(s): public_key, ssl
    Related Id(s): PR-11124, CVE-2026-42790

compiler-10.0.1

The compiler-10.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • In rare circumstances, optimization of boolean expressions could invert the boolean value.

    Own Id: OTP-20140
    Related Id(s): GH-11088, PR-11089

  • The compiler could crash when compiling code using native records in certain ways.

    Own Id: OTP-20146
    Related Id(s): PR-11135

Full runtime dependencies of compiler-10.0.1

crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0

erts-17.0.1

The erts-17.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Comparison of two native records could return an incorrect result or crash the runtime system.

    Own Id: OTP-20139
    Related Id(s): PR-11107

Full runtime dependencies of erts-17.0.1

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-11.0.1

The kernel-11.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • SCTP peeloff of an IPv6 socket, the peeled-off socket does not inherit the parent options as expected.

    Own Id: OTP-20134
    Related Id(s): PR-11007

Full runtime dependencies of kernel-11.0.1

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

public_key-1.21.1

The public_key-1.21.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • OCSP responder certificates are now checked for expiration before being accepted as authorized responders. Previously, expired or not-yet-valid responder certificates were incorrectly accepted when verifying OCSP responses.

    Own Id: OTP-20112
    Related Id(s): PR-11136

  • Corrected basic constraint path validation check in accordance to RFC 5280.

    Own Id: OTP-20129
    Related Id(s): PR-11123, CVE-2026-42789

  • 'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.

    'ssl'. Error handling is slightly changed to better reflect public_key behaviour.

    Own Id: OTP-20130
    Related Id(s): PR-11124, CVE-2026-42790

    *** POTENTIAL INCOMPATIBILITY ***

Full runtime dependencies of public_key-1.21.1

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

snmp-5.20.4

The snmp-5.20.4 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a bug in snmpm_usm:generate_outgoing_msg/5 that caused a badmatch crash when constructing an error response for an unknown user/engineID combination.

    Own Id: OTP-20138
    Related Id(s): ERIERL-1321, PR-11100

Full runtime dependencies of snmp-5.20.4

asn1-5.4, crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-5.0

ssl-11.7.1

Note! The ssl-11.7.1 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.

   On a full OTP 29 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.21.1 (first satisfied in OTP 29.0.1)

Fixed Bugs and Malfunctions

  • 'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.

    'ssl'. Error handling is slightly changed to better reflect public_key behaviour.

    Own Id: OTP-20130
    Related Id(s): PR-11124, CVE-2026-42790

    *** POTENTIAL INCOMPATIBILITY ***

  • Could cause server to terminate a connection without an alert towards a bad client.

    Own Id: OTP-20141
    Related Id(s): PR-11125

Full runtime dependencies of ssl-11.7.1

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, runtime_tools-1.15.1, stdlib-7.0

Thanks to

Martin Hässler, Paul Guyot

v29.0: OTP 29.0

Compare Source

Inital Release:          OTP 29.0
Git Tag:                 OTP-29.0
Date:                    2026-05-13
Trouble Report Id:       OTP-16607, OTP-19587, OTP-19611, OTP-19643,
                         OTP-19663, OTP-19672, OTP-19695, OTP-19708,
                         OTP-19709, OTP-19713, OTP-19734, OTP-19744,
                         OTP-19747, OTP-19750, OTP-19751, OTP-19763,
                         OTP-19766, OTP-19783, OTP-19784, OTP-19785,
                         OTP-19786, OTP-19793, OTP-19800, OTP-19801,
                         OTP-19807, OTP-19809, OTP-19811, OTP-19815,
                         OTP-19822, OTP-19826, OTP-19834, OTP-19838,
                         OTP-19842, OTP-19853, OTP-19858, OTP-19866,
                         OTP-19874, OTP-19882, OTP-19887, OTP-19898,
                         OTP-19903, OTP-19906, OTP-19910, OTP-19912,
                         OTP-19917, OTP-19918, OTP-19919, OTP-19921,
                         OTP-19922, OTP-19925, OTP-19927, OTP-19932,
                         OTP-19933, OTP-19934, OTP-19935, OTP-19936,
                         OTP-19938, OTP-19942, OTP-19943, OTP-19949,
                         OTP-19956, OTP-19960, OTP-19963, OTP-19964,
                         OTP-19965, OTP-19966, OTP-19968, OTP-19969,
                         OTP-19975, OTP-19980, OTP-19982, OTP-19991,
                         OTP-19995, OTP-19996, OTP-19997, OTP-20001,
                         OTP-20002, OTP-20003, OTP-20004, OTP-20010,
                         OTP-20013, OTP-20015, OTP-20016, OTP-20017,
                         OTP-20019, OTP-20020, OTP-20023, OTP-20025,
                         OTP-20026, OTP-20028, OTP-20029, OTP-20030,
                         OTP-20031, OTP-20032, OTP-20034, OTP-20035,
                         OTP-20036, OTP-20045, OTP-20048, OTP-20054,
                         OTP-20055, OTP-20059, OTP-20061, OTP-20066,
                         OTP-20069, OTP-20070, OTP-20071, OTP-20072,
                         OTP-20073, OTP-20076, OTP-20077, OTP-20078,
                         OTP-20079, OTP-20080, OTP-20085, OTP-20087,
                         OTP-20088, OTP-20090, OTP-20092, OTP-20095,
                         OTP-20099, OTP-20100, OTP-20102, OTP-20103,
                         OTP-20111, OTP-20114, OTP-20115, OTP-20116,
                         OTP-20117, OTP-20119, OTP-20123, OTP-20124,
                         OTP-20125, OTP-20126, OTP-20127, OTP-20128,
                         OTP-20132, OTP-20133
Seq num:                 ERIERL-1314, ERIERL-1315, ERIERL-1319,
                         GH-10071, GH-10125, GH-10151, GH-10214,
                         GH-10260, GH-10341, GH-10342, GH-10345,
                         GH-10557, GH-10650, GH-10807, GH-10968,
                         GH-11030, GH-8569, GH-8841, GH-8993, GH-9822,
                         OTP-16608, OTP-19652, OTP-19775, OTP-19779,
                         OTP-19827, OTP-20106, PR-10013, PR-10033,
                         PR-10078, PR-10114, PR-10115, PR-10126,
                         PR-10134, PR-10144, PR-10145, PR-10161,
                         PR-10166, PR-10168, PR-10187, PR-10189,
                         PR-10193, PR-10195, PR-10197, PR-10202,
                         PR-10207, PR-10230, PR-10234, PR-10243,
                         PR-10253, PR-10259, PR-10269, PR-10276,
                         PR-10277, PR-10281, PR-10304, PR-10338,
                         PR-10346, PR-10348, PR-10372, PR-10382,
                         PR-10387, PR-10417, PR-10421, PR-10422,
                         PR-10426, PR-10433, PR-10449, PR-10453,
                         PR-10478, PR-10510, PR-10511, PR-10514,
                         PR-10519, PR-10524, PR-10532, PR-10549,
                         PR-10554, PR-10556, PR-10564, PR-10568,
                         PR-10571, PR-10573, PR-10578, PR-10579,
                         PR-10580, PR-10585, PR-10592, PR-10598,
                         PR-10601, PR-10614, PR-10615, PR-10617,
                         PR-10619, PR-10626, PR-10642, PR-10646,
                         PR-10647, PR-10653, PR-10656, PR-10674,
                         PR-10710, PR-10718, PR-10730, PR-10735,
                         PR-10739, PR-10753, PR-10754, PR-10755,
                         PR-10770, PR-10782, PR-10783, PR-10801,
                         PR-10804, PR-10805, PR-10808, PR-10814,
                         PR-10817, PR-10818, PR-10819, PR-10820,
                         PR-10821, PR-10824, PR-10830, PR-10836,
                         PR-10838, PR-10839, PR-10870, PR-10892,
                         PR-10894, PR-10905, PR-10910, PR-10929,
                         PR-10938, PR-10948, PR-10949, PR-10950,
                         PR-10951, PR-10958, PR-10962, PR-10965,
                         PR-10969, PR-10970, PR-10979, PR-10986,
                         PR-10993, PR-10998, PR-11000, PR-11004,
                         PR-11010, PR-11012, PR-11019, PR-11025,
                         PR-11031, PR-11032, PR-11047, PR-11059,
                         PR-11062, PR-11067, PR-11069, PR-11073,
                         PR-11078, PR-11079, PR-11080, PR-7118,
                         PR-7315, PR-9115, PR-9125, PR-9134, PR-9153,
                         PR-9209, PR-9223, PR-9315, PR-9374, PR-9475,
                         PR-9712, PR-9814, PR-9864, PR-9866, PR-9894,
                         PR-9899, PR-9934, PR-9940, PR-9984
System:                  OTP
Release:                 29
Application:             asn1-5.5, common_test-1.31, compiler-10.0,
                         crypto-5.9, debugger-7.0, dialyzer-6.0,
                         diameter-2.7, edoc-1.5, eldap-1.3,
                         erl_interface-5.8, erts-17.0, et-1.8,
                         eunit-2.11, ftp-1.2.5, inets-9.7,
                         jinterface-1.16, kernel-11.0, megaco-4.9,
                         mnesia-4.26, observer-2.19, odbc-2.17,
                         os_mon-2.12, parsetools-2.8, public_key-1.21,
                         reltool-1.1, runtime_tools-2.4, sasl-4.4,
                         snmp-5.20.3, ssh-6.0, ssl-11.7, stdlib-8.0,
                         syntax_tools-4.1, tftp-1.3, tools-4.2,
                         wx-2.6, xmerl-2.2
Predecessor:             OTP

Check out the git tag OTP-29.0, and build a full OTP system including documentation.

HIGHLIGHTS

  • The JIT now generates better code for matching or creating binaries with multiple little-endian segments.

    Own Id: OTP-19747
    Application(s): erts
    Related Id(s): [PR-10126]

  • In the documentation for the [compile] module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the to_abstr, to_exp, and from_abstr options.

    The documentation for [erlc] now lists .abstr as one of the supported options.

    When compiling with the to_abstr option, the resulting .abstr file now retains any -doc attributes present in the source code.

    Own Id: OTP-19784
    Application(s): compiler, erts
    Related Id(s): [PR-10230], [PR-10234]

  • Native records as described in [EEP-79] has been implemented.

    A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

    Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

    Own Id: OTP-19785
    Application(s): compiler, debugger, dialyzer, erts, stdlib
    Related Id(s): [PR-10617]

  • The guard BIF is_integer/3 has been added. It follows the design of the original EEP-16, only changing the name from is_between to is_integer. This BIF takes in 3 parameters, Term, LowerBound, and UpperBound.

    It returns true if Term, LowerBound, and UpperBound are all integers, and LowerBound =< Term =< UpperBound; otherwise, it returns false.

    Example:

    1> I = 42.
    2> is_integer(I, 0, 100).
    true

    Own Id: OTP-19809
    Application(s): compiler, dialyzer, erts
    Related Id(s): [PR-10276]

  • There are new functions for random permutation of a list: rand:shuffle/1 and rand:shuffle_s/2. They are inspired by a suggestion and discussion on ErlangForums.

    Own Id: OTP-19826
    Application(s): stdlib
    Related Id(s): [PR-10281]

  • In the default code path for the Erlang system, the current working directory (.) is now in the last position instead of the first.

    Own Id: OTP-19842
    Application(s): erts, kernel

    *** POTENTIAL INCOMPATIBILITY ***

  • Function application is now left associative. That means one can now write:

    f(X)(Y)
    

    instead of:

    (f(X))(Y)
    

    Own Id: OTP-19866
    Application(s): compiler
    Related Id(s): [PR-9223]

  • The old-style type tests in guards (integer, atom, and so on) have been scheduled for removal in Erlang/OTP 30. They have been deprecated for a long time.

    Own Id: OTP-19887
    Application(s): otp
    Related Id(s): [PR-10417]

  • There will now be a warning when exporting variables out of a subexpression. For example:

    case file:open(File, AllOpts = [write,{encoding,utf8}]) of
        {ok,Fd} ->
            {Fd,AllOpts}
    end
    

    To avoid the warning, this can be rewritten to:

    AllOpts = [write,{encoding,utf8}],
    case file:open(File, AllOpts) of
        {ok,Fd} ->
            {Fd,AllOpts}
    end
    

    The warning can be suppressed by giving option nowarn_export_var_subexpr to the compiler.

    Own Id: OTP-19898
    Application(s): compiler, stdlib
    Related Id(s): [PR-9134]

  • There is a new option warn_obsolete_bool_op that instruct the compiler to emit warnings for the and and or operators. It is recommended to instead use the modern andalso and orelse operators, or , and ; in guards.

    Own Id: OTP-19918
    Application(s): compiler
    Related Id(s): [PR-9115]

  • graph is a new module that is a functional equivalent of the [digraph] and [digraph_utils] modules.

    Own Id: OTP-19922
    Application(s): stdlib
    Related Id(s): [PR-10532]

  • Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:

    1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
    ok
    2> fh(lists:seq(1, 10)).
    * exception error: bad filter 2614250
    

    In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:

    1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
    * 5:14: matches using '=' are not allowed in comprehension qualifiers
    unless the experimental 'compr_assign' language feature is enabled.
    With 'compr_assign' enabled, a match 'P = E' will behave as a
    strict generator 'P <-:- [E]'."
    

    However, this example will work as expected if the compr_assign feature is enabled when starting the runtime system:

    $ erl -enable-feature compr_assign
    . . .
    1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
    ok
    2> fh(lists:seq(1, 10)).
    [2614250]
    

    Here is another example how compr_assign can be used:

    -module(example).
    -feature(compr_assign, enable).
    -export([cat/1]).
    
    cat(Files) ->
        [Char || F <- Files,
                 {ok, Bin} = file:read_file(F),
                 Char <- unicode:characters_to_list(Bin)].
    

    Own Id: OTP-19927
    Application(s): compiler, stdlib
    Related Id(s): [PR-9153]

    *** POTENTIAL INCOMPATIBILITY ***

  • There will now be a warning when using the catch operator, which has been deprecated for a long time.

    It is recommended to instead use try...catch...end but is also possible to disable the warning by using the nowarn_deprecated_catch option.

    Own Id: OTP-19938
    Application(s): compiler, stdlib
    Related Id(s): [PR-10421]

  • Multi-valued comprehensions according to [EEP 78] has been implemented.

    Example:

    > [I, -I || I <- lists:seq(1, 5)].
    [1,-1,2,-2,3,-3,4,-4,5,-5]

    Own Id: OTP-19942
    Application(s): compiler, debugger, stdlib, syntax_tools
    Related Id(s): [PR-9374]

  • There will now be a warning for matches that unify constructors, such as the following:

    m({a,B} = {Y,Z}) -> . . .
    

    Such a match can be rewritten to:

    m({a=Y,B=Y}) -> . . .
    

    The compiler option nowarn_match_alias_pats can be used to disable the warning.

    Own Id: OTP-19943
    Application(s): compiler, stdlib
    Related Id(s): [PR-10433]

  • There is no longer a 32-bit Erlang/OTP build for Windows.

    Own Id: OTP-19960
    Application(s): otp

  • While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order:

    • maps:keys/1
    • maps:values/1
    • maps:to_list/1
    • maps:to_list(maps:iterator(M))
    • Map comprehension: [{K,V} || K := V <- M]

    Own Id: OTP-19963
    Application(s): erts, stdlib
    Related Id(s): [PR-10626]

  • The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.

    Own Id: OTP-19965
    Application(s): ssh
    Related Id(s): [PR-10656]

    *** POTENTIAL INCOMPATIBILITY ***

  • The compiler now generates more efficient code for map comprehensions with constant values that don't depend on the generator, such as the following:

    #{K => 42} || K <- List}.
    #{K => X || K <- List}.
    #{K => {X, Y} || K <- List}.
    

    Own Id: OTP-19968
    Application(s): compiler
    Related Id(s): [PR-10646]

  • The SSH daemon now defaults to disabled for shell and exec services, implementing the "secure by default" principle. This prevents authenticated users from executing arbitrary Erlang code unless explicitly configured.

    Applications requiring shell or exec functionality must now explicitly enable:

      %% Enable Erlang shell
      ssh:daemon(Port, [{shell, {shell, start, []}} | Options])
    
      %% Enable Erlang term evaluation via exec
      ssh:daemon(Port, [{exec, erlang_eval} | Options])
    
      %% Restore complete old behavior
      ssh:daemon(Port, [{shell, {shell, start, []}},
                        {exec, erlang_eval}
                        | Options])

    Own Id: OTP-19969
    Application(s): ssh
    Related Id(s): ERIERL-1319, [PR-10970], [PR-11080]

    *** POTENTIAL INCOMPATIBILITY ***

  • The odbc application is now deprecated and is planned to be removed in Erlang/OTP 30.

    The [ftp] and [ct_ftp] modules are now deprecated and are planned to be removed in Erlang/OTP 30.

    Own Id: OTP-19980
    Application(s): ftp, odbc
    Related Id(s): [PR-10804]

  • The array module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with term_to_binary/1 in previous releases are not compatible.

    Own Id: OTP-20004
    Application(s): stdlib
    Related Id(s): [PR-10578]

    *** POTENTIAL INCOMPATIBILITY ***

  • Added support for socket functions recvmmsg() and sendmmsg().

    Own Id: OTP-20015
    Application(s): erts, kernel
    Related Id(s): [PR-10564]

  • m:erl_tar will use less memory when extracting large tar entries to disk. Instead of reading each tar entry into memory, [erl_tar] will now stream data in chunks of 64KB. The chunk size is settable using the new {chunks,ChunkSize} option.

    The new {max_size,Size} option will set a limit on the total size of extracted data to protect against filling up the disk.

    Checking of symlinks has been improved. Some symlinks that were safe (such as dir/link -> ../file) used to be rejected.

    Own Id: OTP-20023
    Application(s): stdlib
    Related Id(s): [PR-10814], [PR-10818], [PR-10821]

  • Added a new module called io_ansi that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications.

    io_ansi uses the local terminfo database in order to be as cross-platform compatible as possible.

    It also works across nodes so that if functions on a remote node call io_ansi:fwrite/1 it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use io_ansi and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly.

    Own Id: OTP-20028
    Application(s): kernel, stdlib
    Related Id(s): [PR-10905], [PR-9940]

  • The ignore_xref attribute has been handled as a post-analysis filter by build tools such as Rebar3. In this release, [xref] itself does the filtering, ensuring that all tooling that calls xref for any purpose can rely on these declarations to just work.

    Own Id: OTP-20032
    Application(s): tools
    Related Id(s): [PR-10592]

  • New in this release is ct_doctest, a module that allows the user to test documentation examples in Erlang module docs and documentation files.

    ct_doctest allows you to:

    • Test code examples using shell syntax and their returns
    • Test code examples that should fail
    • Write example modules that are compiled and available in shell examples
    • Plugin other documentation parsing engines so that examples in, for example, edoc, asciidoc, and others can also be tested.

    See the documentation for more details.

    Own Id: OTP-20034
    Application(s): common_test
    Related Id(s): [PR-10824], [PR-9315]

  • Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

    This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

    Furthermore, [xref] can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

    Own Id: OTP-20066
    Application(s): asn1, common_test, compiler, crypto, debugger, dialyzer, diameter, edoc, eunit, inets, kernel, megaco, mnesia, observer, odbc, os_mon, otp, parsetools, public_key, reltool, runtime_tools, sasl, ssh, ssl, stdlib, syntax_tools, tftp, tools, wx, xmerl
    Related Id(s): [PR-10839]

  • The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration.

    Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512.

    The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh_dsa_sha2_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list.

    All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status.

    Own Id: OTP-20070
    Application(s): ssl
    Related Id(s): [PR-10949]

    *** POTENTIAL INCOMPATIBILITY ***

  • The [json] module now encodes and decodes quoted strings faster. Improvements of up to 55 percent has been measured when decoding JSON data with long strings.

    The string:length/1, string:slice/2, and string:slice/3 functions have been optimized. For some strings, they can be up to twice as fast.

    Own Id: OTP-20072
    Application(s): stdlib
    Related Id(s): [PR-10938], [PR-10948]

  • The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly:

    ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options])

    Own Id: OTP-20078
    Application(s): ssh
    Related Id(s): [PR-10970]

    *** POTENTIAL INCOMPATIBILITY ***

  • The runtime system now supports generating encrypted crash dumps. See the description of --enable-encrypted-crash-dumps in [Building and Installing Erlang/OTP].

    Own Id: OTP-20085
    Application(s): crypto, erts, public_key, tools
    Related Id(s): [PR-10993]

  • There is a new Hardening guide giving guidelines on how to strengthen the security for the ssl application.

    Own Id: OTP-20087
    Application(s): ssl
    Related Id(s): [PR-11019]

  • There is a new Hardening guide with advice for configuring Inets to be more secure.

    Own Id: OTP-20133
    Application(s): inets
    Related Id(s): [PR-11073]

POTENTIAL INCOMPATIBILITIES

  • Fixed (inet) module selection when calling (gen_tcp) listen and connect and (gen_udp) open. Depending on the order of the options, the module option (tcp_module or udp_module) was sometimes ignored.

    Own Id: OTP-19695
    Application(s): kernel
    Related Id(s): [GH-9822], [PR-10013]

  • ssh:stop_deamon now uses supervisor:stop for shutting down daemons. With this change, the scenario when ssh:stop_daemon is called for a non-existing process results in calling process exiting. Previously an error tuple was returned (which was not documented).

    Own Id: OTP-19801
    Application(s): ssh
    Related Id(s): [PR-10253]

  • The mnesia_registry module has been removed.

    Own Id: OTP-19807
    Application(s): mnesia
    Related Id(s): [PR-7315]

  • In the default code path for the Erlang system, the current working directory (.) is now in the last position instead of the first.

    Own Id: OTP-19842
    Application(s): erts, kernel

    *** HIGHLIGHT ***

  • Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:

    1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
    ok
    2> fh(lists:seq(1, 10)).
    * exception error: bad filter 2614250
    

    In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:

    1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
    * 5:14: matches using '=' are not allowed in comprehension qualifiers
    unless the experimental 'compr_assign' language feature is enabled.
    With 'compr_assign' enabled, a match 'P = E' will behave as a
    strict generator 'P <-:- [E]'."
    

    However, this example will work as expected if the compr_assign feature is enabled when starting the runtime system:

    $ erl -enable-feature compr_assign
    . . .
    1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
    ok
    2> fh(lists:seq(1, 10)).
    [2614250]
    

    Here is another example how compr_assign can be used:

    -module(example).
    -feature(compr_assign, enable).
    -export([cat/1]).
    
    cat(Files) ->
        [Char || F <- Files,
                 {ok, Bin} = file:read_file(F),
                 Char <- unicode:characters_to_list(Bin)].
    

    Own Id: OTP-19927
    Application(s): compiler, stdlib
    Related Id(s): [PR-9153]

    *** HIGHLIGHT ***

  • The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/erlang-29.x branch from ffff9c6 to a7ee755 Compare May 14, 2026 15:30
@renovate renovate Bot force-pushed the renovate/erlang-29.x branch 2 times, most recently from dfb9552 to 8d7a61b Compare May 27, 2026 10:05
@renovate renovate Bot force-pushed the renovate/erlang-29.x branch 2 times, most recently from f622135 to 2c5c1b8 Compare June 10, 2026 10:47
@renovate renovate Bot force-pushed the renovate/erlang-29.x branch 2 times, most recently from 313c466 to fbfef13 Compare July 2, 2026 14:36
@renovate renovate Bot force-pushed the renovate/erlang-29.x branch from fbfef13 to b6afe3a Compare July 2, 2026 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants