garazdawi

garazdawi

Erlang Core Team

Patch Package OTP 28.0.1 Released

Patch Package:           OTP 28.0.1
Git Tag:                 OTP-28.0.1
Date:                    2025-06-16
Trouble Report Id:       OTP-19634, OTP-19635, OTP-19637, OTP-19638,
                         OTP-19641, OTP-19644, OTP-19645, OTP-19650,
                         OTP-19653, OTP-19658, OTP-19662, OTP-19665,
                         OTP-19675, OTP-19676
Seq num:                 CVE-2025-4748, ERIERL-1225, ERIERL-1235,
                         GH-6463, GH-9102, GH-9841, GH-9858, GH-9863,
                         GH-9872, PR-9103, PR-9691, PR-9838, PR-9846,
                         PR-9849, PR-9859, PR-9861, PR-9870, PR-9878,
                         PR-9880, PR-9892, PR-9905, PR-9926, PR-9941
System:                  OTP
Release:                 28
Application:             asn1-5.4.1, debugger-6.0.1, eldap-1.2.16,
                         erts-16.0.1, kernel-10.3.1,
                         public_key-1.18.1, ssh-5.3.1, ssl-11.3.1,
                         stdlib-7.0.1, xmerl-2.1.5
Predecessor:             OTP 28.0

Check out the git tag OTP-28.0.1, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the ‘otp_patch_apply’ tool. For information on install
requirements, see descriptions for each application version below.

asn1-5.4.1

The asn1-5.4.1 application can be applied independently of other applications on
a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • The ASN.1 compiler could generate code that would cause Dialyzer with the
    unmatched_returns option to emit warnings.

    Own Id: OTP-19638
    Related Id(s): GH-9841, PR-9846

Full runtime dependencies of asn1-5.4.1

erts-14.0, kernel-9.0, stdlib-5.0

debugger-6.0.1

The debugger-6.0.1 application can be applied independently of other
applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Restore deleted icon so that debugger does not crash on startup.

    Own Id: OTP-19641
    Related Id(s): GH-9858, PR-9861

Full runtime dependencies of debugger-6.0.1

compiler-8.0, erts-15.0, kernel-10.0, stdlib-7.0, wx-2.0

eldap-1.2.16

The eldap-1.2.16 application can be applied independently of other applications
on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • With this change eldap’s ‘not’ function will have specs fixed.

    Own Id: OTP-19658
    Related Id(s): PR-9859

Full runtime dependencies of eldap-1.2.16

asn1-3.0, erts-6.0, kernel-3.0, ssl-5.3.4, stdlib-3.4

erts-16.0.1

The erts-16.0.1 application can be applied independently of other applications
on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Fix Erlang to not crash when io:standard_error/0 is a terminal but
    io:standard_io/0 is not. This bug has existed since Erlang/OTP 28.0 and only
    effects Windows.

    Own Id: OTP-19650
    Related Id(s): GH-9872, PR-9878

  • In a debug build, the BIFs for the native debugger could cause a lock order
    violation diagnostic from the lock checker.

    Own Id: OTP-19665
    Related Id(s): PR-9926

  • When building ERTS make sure correct pcre2.h file is included even if CFLAGS
    contains extra include paths.

    Own Id: OTP-19675
    Related Id(s): PR-9892

Full runtime dependencies of erts-16.0.1

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.3.1

The kernel-10.3.1 application can be applied independently of other applications
on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Fix bug where calling io:setopts/1 in a shell without the line_history
    option would always disable line_history. This bug was introduced in
    Erlang/OTP 28.0.

    Own Id: OTP-19645
    Related Id(s): GH-9863, PR-9870

Full runtime dependencies of kernel-10.3.1

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0

public_key-1.18.1

The public_key-1.18.1 application can be applied independently of other
applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Add back some ASN-1 macros and definitions that should be included in API.

    Own Id: OTP-19644
    Related Id(s): PR-9880

Full runtime dependencies of public_key-1.18.1

asn1-5.0, crypto-5.0, erts-13.0, kernel-8.0, stdlib-4.0

ssh-5.3.1

The ssh-5.3.1 application can be applied independently of other applications on
a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Various channel closing robustness improvements. Avoid crashes when channel
    handling process closes channel and immediately exits. Avoid breaking the
    protocol by sending duplicated channel-close messages. Cleanup channels which
    timeout during closing procedure.

    Own Id: OTP-19634
    Related Id(s): GH-9102, PR-9103

  • Improved interoperability with clients acting as Paramiko.

    Own Id: OTP-19637
    Related Id(s): GH-6463, PR-9838

Full runtime dependencies of ssh-5.3.1

crypto-5.0, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1,
stdlib-5.0, stdlib-6.0

ssl-11.3.1

The ssl-11.3.1 application can be applied independently of other applications on
a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • hs_keylog callback properly handle alert in initial states, where encryption
    is not yet used. Also add keylog callback invocation for corner-case where
    server alert is encrypted with application secrets as client is already in
    connection state.

    Own Id: OTP-19635
    Related Id(s): ERIERL-1235, PR-9849

Improvements and New Features

  • The documentation for SSL option verify_fun has been improved.

    Own Id: OTP-19676
    Related Id(s): PR-9691

Full runtime dependencies of ssl-11.3.1

crypto-5.6, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.16.4,
runtime_tools-1.15.1, stdlib-7.0

stdlib-7.0.1

The stdlib-7.0.1 application can be applied independently of other applications
on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • Properly strip the leading / and drive letter from filepaths when zipping
    and unzipping archives.

    Thanks to Wander Nauta for finding and responsibly disclosing this
    vulnerability to the Erlang/OTP project.

    Own Id: OTP-19653
    Related Id(s): PR-9941, CVE-2025-4748

Full runtime dependencies of stdlib-7.0.1

compiler-5.0, crypto-4.5, erts-16.0, kernel-10.0, sasl-3.0, syntax_tools-3.2.1

xmerl-2.1.5

The xmerl-2.1.5 application can be applied independently of other applications
on a full OTP 28 installation.

Fixed Bugs and Malfunctions

  • The type specs of xmerl_scan:file/2 and xmerl_scan:string/2 has been
    updated to return dynamic/0. Due to hook functions they can return any user
    defined term.

    Own Id: OTP-19662
    Related Id(s): ERIERL-1225, PR-9905

Full runtime dependencies of xmerl-2.1.5

erts-6.0, kernel-8.4, stdlib-2.5

Thanks to

Dan Janowski, Ilya Averyanov, Mikael Pettersson, Yaroslav Maslennikov


Original announcement:

Where Next?

Popular in Erlang News Top

erlangforums
This thread posts an alert whenever the Erlang Core Team posts a (non-release) thread on erlangforums.com - often these threads are about...
New
erlangforums
A new Erlang announcement has been posted: Original announcement:
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 23.3.4.2 · erlang/otp · GitHub Posted via Devtalk.
New
Devtalk
A new Erlang news item has been posted! Get the full details here: The Many-to-One Parallel Signal Sending Optimization - Erlang/OTP
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 24.1.2 · erlang/otp · GitHub
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 23.2.7.4 · erlang/otp · GitHub Posted via Devtalk.
New
Devtalk
A new Erlang news item has been posted! Get the full details here: Erlang/OTP 24 Highlights - Erlang/OTP Posted via Devtalk.
New
Devtalk
A new Erlang news item has been posted! Link: Release OTP 23.2.4 · erlang/otp · GitHub Posted via Devtalk.
New
lpil
Hello everyone! The latest version of Gleam is out, v0.13. I’ve written a blog post detailing what’s new in this release here: I hope ...
New
OvermindDL1
A few good fixes and enhancements, SSL added more methods and is faster, socket polling is faster, however 2 big things that I like! Ne...
New

Other popular topics Top

lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41539 114
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
JorisKok
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement