Normally, we don’t announce patch release Nerves systems, but the nerves_system_br v1.30.1 release is particularly important for anyone using SSH to log into their Nerves devices. See CVE-2025-32433 and the many places on this forum and the Internet where this has been discussed and the exploit demoed.
All official Nerves systems have been updated so if you are using one of them, updating your nerves_system_xyz to the latest will bring in Erlang/OTP 27.3.3 which has the fix.
If it has been a while since you’ve updated your Nerves system, please see the CHANGELOG.md and review the updates. We recommend updating a minor nerves_system_br release at a time to make it easier to narrow down a regression or compilation error. For this particular security issue, we’ll consider backporting the Erlang updates to previous nerves_system_br minor releases. Let us know here or via a GitHub issue if you need this.
