inhji/hajur

Fork 0

chore(deps): update dependency erlang to v29 #128

Open

renovate wants to merge 1 commit from renovate/erlang-29.x into main

renovate commented

2026-05-13 12:00:19 +02:00

Collaborator

This PR contains the following updates:

Package	Update	Change
erlang	major	`28.4.2` → `29.0`

Release Notes

erlang/otp (erlang)

`v29.0`: OTP 29.0

Compare Source

Inital Release:          OTP 29.0
Git Tag:                 OTP-29.0
Date:                    2026-05-13
Trouble Report Id:       OTP-16607, OTP-19587, OTP-19611, OTP-19643,
                         OTP-19663, OTP-19672, OTP-19695, OTP-19708,
                         OTP-19709, OTP-19713, OTP-19734, OTP-19744,
                         OTP-19747, OTP-19750, OTP-19751, OTP-19763,
                         OTP-19766, OTP-19783, OTP-19784, OTP-19785,
                         OTP-19786, OTP-19793, OTP-19800, OTP-19801,
                         OTP-19807, OTP-19809, OTP-19811, OTP-19815,
                         OTP-19822, OTP-19826, OTP-19834, OTP-19838,
                         OTP-19842, OTP-19853, OTP-19858, OTP-19866,
                         OTP-19874, OTP-19882, OTP-19887, OTP-19898,
                         OTP-19903, OTP-19906, OTP-19910, OTP-19912,
                         OTP-19917, OTP-19918, OTP-19919, OTP-19921,
                         OTP-19922, OTP-19925, OTP-19927, OTP-19932,
                         OTP-19933, OTP-19934, OTP-19935, OTP-19936,
                         OTP-19938, OTP-19942, OTP-19943, OTP-19949,
                         OTP-19956, OTP-19960, OTP-19963, OTP-19964,
                         OTP-19965, OTP-19966, OTP-19968, OTP-19969,
                         OTP-19975, OTP-19980, OTP-19982, OTP-19991,
                         OTP-19995, OTP-19996, OTP-19997, OTP-20001,
                         OTP-20002, OTP-20003, OTP-20004, OTP-20010,
                         OTP-20013, OTP-20015, OTP-20016, OTP-20017,
                         OTP-20019, OTP-20020, OTP-20023, OTP-20025,
                         OTP-20026, OTP-20028, OTP-20029, OTP-20030,
                         OTP-20031, OTP-20032, OTP-20034, OTP-20035,
                         OTP-20036, OTP-20045, OTP-20048, OTP-20054,
                         OTP-20055, OTP-20059, OTP-20061, OTP-20066,
                         OTP-20069, OTP-20070, OTP-20071, OTP-20072,
                         OTP-20073, OTP-20076, OTP-20077, OTP-20078,
                         OTP-20079, OTP-20080, OTP-20085, OTP-20087,
                         OTP-20088, OTP-20090, OTP-20092, OTP-20095,
                         OTP-20099, OTP-20100, OTP-20102, OTP-20103,
                         OTP-20111, OTP-20114, OTP-20115, OTP-20116,
                         OTP-20117, OTP-20119, OTP-20123, OTP-20124,
                         OTP-20125, OTP-20126, OTP-20127, OTP-20128,
                         OTP-20132, OTP-20133
Seq num:                 ERIERL-1314, ERIERL-1315, ERIERL-1319,
                         GH-10071, GH-10125, GH-10151, GH-10214,
                         GH-10260, GH-10341, GH-10342, GH-10345,
                         GH-10557, GH-10650, GH-10807, GH-10968,
                         GH-11030, GH-8569, GH-8841, GH-8993, GH-9822,
                         OTP-16608, OTP-19652, OTP-19775, OTP-19779,
                         OTP-19827, OTP-20106, PR-10013, PR-10033,
                         PR-10078, PR-10114, PR-10115, PR-10126,
                         PR-10134, PR-10144, PR-10145, PR-10161,
                         PR-10166, PR-10168, PR-10187, PR-10189,
                         PR-10193, PR-10195, PR-10197, PR-10202,
                         PR-10207, PR-10230, PR-10234, PR-10243,
                         PR-10253, PR-10259, PR-10269, PR-10276,
                         PR-10277, PR-10281, PR-10304, PR-10338,
                         PR-10346, PR-10348, PR-10372, PR-10382,
                         PR-10387, PR-10417, PR-10421, PR-10422,
                         PR-10426, PR-10433, PR-10449, PR-10453,
                         PR-10478, PR-10510, PR-10511, PR-10514,
                         PR-10519, PR-10524, PR-10532, PR-10549,
                         PR-10554, PR-10556, PR-10564, PR-10568,
                         PR-10571, PR-10573, PR-10578, PR-10579,
                         PR-10580, PR-10585, PR-10592, PR-10598,
                         PR-10601, PR-10614, PR-10615, PR-10617,
                         PR-10619, PR-10626, PR-10642, PR-10646,
                         PR-10647, PR-10653, PR-10656, PR-10674,
                         PR-10710, PR-10718, PR-10730, PR-10735,
                         PR-10739, PR-10753, PR-10754, PR-10755,
                         PR-10770, PR-10782, PR-10783, PR-10801,
                         PR-10804, PR-10805, PR-10808, PR-10814,
                         PR-10817, PR-10818, PR-10819, PR-10820,
                         PR-10821, PR-10824, PR-10830, PR-10836,
                         PR-10838, PR-10839, PR-10870, PR-10892,
                         PR-10894, PR-10905, PR-10910, PR-10929,
                         PR-10938, PR-10948, PR-10949, PR-10950,
                         PR-10951, PR-10958, PR-10962, PR-10965,
                         PR-10969, PR-10970, PR-10979, PR-10986,
                         PR-10993, PR-10998, PR-11000, PR-11004,
                         PR-11010, PR-11012, PR-11019, PR-11025,
                         PR-11031, PR-11032, PR-11047, PR-11059,
                         PR-11062, PR-11067, PR-11069, PR-11073,
                         PR-11078, PR-11079, PR-11080, PR-7118,
                         PR-7315, PR-9115, PR-9125, PR-9134, PR-9153,
                         PR-9209, PR-9223, PR-9315, PR-9374, PR-9475,
                         PR-9712, PR-9814, PR-9864, PR-9866, PR-9894,
                         PR-9899, PR-9934, PR-9940, PR-9984
System:                  OTP
Release:                 29
Application:             asn1-5.5, common_test-1.31, compiler-10.0,
                         crypto-5.9, debugger-7.0, dialyzer-6.0,
                         diameter-2.7, edoc-1.5, eldap-1.3,
                         erl_interface-5.8, erts-17.0, et-1.8,
                         eunit-2.11, ftp-1.2.5, inets-9.7,
                         jinterface-1.16, kernel-11.0, megaco-4.9,
                         mnesia-4.26, observer-2.19, odbc-2.17,
                         os_mon-2.12, parsetools-2.8, public_key-1.21,
                         reltool-1.1, runtime_tools-2.4, sasl-4.4,
                         snmp-5.20.3, ssh-6.0, ssl-11.7, stdlib-8.0,
                         syntax_tools-4.1, tftp-1.3, tools-4.2,
                         wx-2.6, xmerl-2.2
Predecessor:             OTP

Check out the git tag OTP-29.0, and build a full OTP system including documentation.

HIGHLIGHTS

The JIT now generates better code for matching or creating binaries with multiple little-endian segments.

Own Id: OTP-19747
Application(s): erts
Related Id(s): PR-10126
In the documentation for the compile module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the to_abstr, to_exp, and from_abstr options.

The documentation for erlc now lists .abstr as one of the supported options.

When compiling with the to_abstr option, the resulting .abstr file now retains any -doc attributes present in the source code.

Own Id: OTP-19784
Application(s): compiler, erts
Related Id(s): PR-10230, PR-10234
Native records as described in EEP-79 has been implemented.

A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

Own Id: OTP-19785
Application(s): compiler, debugger, dialyzer, erts, stdlib
Related Id(s): PR-10617
The guard BIF is_integer/3 has been added. It follows the design of the original EEP-16, only changing the name from is_between to is_integer. This BIF takes in 3 parameters, Term, LowerBound, and UpperBound.

It returns true if Term, LowerBound, and UpperBound are all integers, and LowerBound =< Term =< UpperBound; otherwise, it returns false.

Example:
```
1> I = 42.
2> is_integer(I, 0, 100).
true
```
Own Id: OTP-19809
Application(s): compiler, dialyzer, erts
Related Id(s): PR-10276
There are new functions for random permutation of a list: rand:shuffle/1 and rand:shuffle_s/2. They are inspired by a suggestion and discussion on ErlangForums.

Own Id: OTP-19826
Application(s): stdlib
Related Id(s): PR-10281
In the default code path for the Erlang system, the current working directory (.) is now in the last position instead of the first.

Own Id: OTP-19842
Application(s): erts, kernel

*** POTENTIAL INCOMPATIBILITY ***
Function application is now left associative. That means one can now write:
```
f(X)(Y)
```
instead of:
```
(f(X))(Y)
```
Own Id: OTP-19866
Application(s): compiler
Related Id(s): PR-9223
The old-style type tests in guards (integer, atom, and so on) have been scheduled for removal in Erlang/OTP 30. They have been deprecated for a long time.

Own Id: OTP-19887
Application(s): otp
Related Id(s): PR-10417
There will now be a warning when exporting variables out of a subexpression. For example:
```
case file:open(File, AllOpts = [write,{encoding,utf8}]) of
    {ok,Fd} ->
        {Fd,AllOpts}
end
```
To avoid the warning, this can be rewritten to:
```
AllOpts = [write,{encoding,utf8}],
case file:open(File, AllOpts) of
    {ok,Fd} ->
        {Fd,AllOpts}
end
```
The warning can be suppressed by giving option nowarn_export_var_subexpr to the compiler.

Own Id: OTP-19898
Application(s): compiler, stdlib
Related Id(s): PR-9134
There is a new option warn_obsolete_bool_op that instruct the compiler to emit warnings for the and and or operators. It is recommended to instead use the modern andalso and orelse operators, or , and ; in guards.

Own Id: OTP-19918
Application(s): compiler
Related Id(s): PR-9115
graph is a new module that is a functional equivalent of the digraph and digraph_utils modules.

Own Id: OTP-19922
Application(s): stdlib
Related Id(s): PR-10532

Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
* exception error: bad filter 2614250

In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
* 5:14: matches using '=' are not allowed in comprehension qualifiers
unless the experimental 'compr_assign' language feature is enabled.
With 'compr_assign' enabled, a match 'P = E' will behave as a
strict generator 'P <-:- [E]'."

However, this example will work as expected if the compr_assign feature is enabled when starting the runtime system:

$ erl -enable-feature compr_assign
. . .
1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
[2614250]

Here is another example how compr_assign can be used:

-module(example).
-feature(compr_assign, enable).
-export([cat/1]).

cat(Files) ->
    [Char || F <- Files,
             {ok, Bin} = file:read_file(F),
             Char <- unicode:characters_to_list(Bin)].

Own Id: OTP-19927
Application(s): compiler, stdlib
Related Id(s): PR-9153

*** POTENTIAL INCOMPATIBILITY ***

There will now be a warning when using the catch operator, which has been deprecated for a long time.

It is recommended to instead use try...catch...end but is also possible to disable the warning by using the nowarn_deprecated_catch option.

Own Id: OTP-19938
Application(s): compiler, stdlib
Related Id(s): PR-10421
Multi-valued comprehensions according to EEP 78 has been implemented.

Example:
```
> [I, -I || I <- lists:seq(1, 5)].
[1,-1,2,-2,3,-3,4,-4,5,-5]
```
Own Id: OTP-19942
Application(s): compiler, debugger, stdlib, syntax_tools
Related Id(s): PR-9374
There will now be a warning for matches that unify constructors, such as the following:
```
m({a,B} = {Y,Z}) -> . . .
```
Such a match can be rewritten to:
```
m({a=Y,B=Y}) -> . . .
```
The compiler option nowarn_match_alias_pats can be used to disable the warning.

Own Id: OTP-19943
Application(s): compiler, stdlib
Related Id(s): PR-10433
There is no longer a 32-bit Erlang/OTP build for Windows.

Own Id: OTP-19960
Application(s): otp
While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order:
- maps:keys/1
- maps:values/1
- maps:to_list/1
- maps:to_list(maps:iterator(M))
- Map comprehension: [{K,V} || K := V <- M]
Own Id: OTP-19963
Application(s): erts, stdlib
Related Id(s): PR-10626
The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.

Own Id: OTP-19965
Application(s): ssh
Related Id(s): PR-10656

*** POTENTIAL INCOMPATIBILITY ***
The compiler now generates more efficient code for map comprehensions with constant values that don't depend on the generator, such as the following:
```
#{K => 42} || K <- List}.
#{K => X || K <- List}.
#{K => {X, Y} || K <- List}.
```
Own Id: OTP-19968
Application(s): compiler
Related Id(s): PR-10646

The SSH daemon now defaults to disabled for shell and exec services, implementing the "secure by default" principle. This prevents authenticated users from executing arbitrary Erlang code unless explicitly configured.

Applications requiring shell or exec functionality must now explicitly enable:

  %% Enable Erlang shell
  ssh:daemon(Port, [{shell, {shell, start, []}} | Options])

  %% Enable Erlang term evaluation via exec
  ssh:daemon(Port, [{exec, erlang_eval} | Options])

  %% Restore complete old behavior
  ssh:daemon(Port, [{shell, {shell, start, []}},
                    {exec, erlang_eval}
                    | Options])

Own Id: OTP-19969
Application(s): ssh
Related Id(s): ERIERL-1319, PR-10970, PR-11080

*** POTENTIAL INCOMPATIBILITY ***

The odbc application is now deprecated and is planned to be removed in Erlang/OTP 30.

The ftp and ct_ftp modules are now deprecated and are planned to be removed in Erlang/OTP 30.

Own Id: OTP-19980
Application(s): ftp, odbc
Related Id(s): PR-10804
The array module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with term_to_binary/1 in previous releases are not compatible.

Own Id: OTP-20004
Application(s): stdlib
Related Id(s): PR-10578

*** POTENTIAL INCOMPATIBILITY ***
Added support for socket functions recvmmsg() and sendmmsg().

Own Id: OTP-20015
Application(s): erts, kernel
Related Id(s): PR-10564
m:erl_tar will use less memory when extracting large tar entries to disk. Instead of reading each tar entry into memory, erl_tar will now stream data in chunks of 64KB. The chunk size is settable using the new {chunks,ChunkSize} option.

The new {max_size,Size} option will set a limit on the total size of extracted data to protect against filling up the disk.

Checking of symlinks has been improved. Some symlinks that were safe (such as dir/link -> ../file) used to be rejected.

Own Id: OTP-20023
Application(s): stdlib
Related Id(s): PR-10814, PR-10818, PR-10821
Added a new module called io_ansi that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications.

io_ansi uses the local terminfo database in order to be as cross-platform compatible as possible.

It also works across nodes so that if functions on a remote node call io_ansi:fwrite/1 it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use io_ansi and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly.

Own Id: OTP-20028
Application(s): kernel, stdlib
Related Id(s): PR-10905, PR-9940
The ignore_xref attribute has been handled as a post-analysis filter by build tools such as Rebar3. In this release, xref itself does the filtering, ensuring that all tooling that calls xref for any purpose can rely on these declarations to just work.

Own Id: OTP-20032
Application(s): tools
Related Id(s): PR-10592
New in this release is ct_doctest, a module that allows the user to test documentation examples in Erlang module docs and documentation files.

ct_doctest allows you to:
- Test code examples using shell syntax and their returns
- Test code examples that should fail
- Write example modules that are compiled and available in shell examples
- Plugin other documentation parsing engines so that examples in, for example, edoc, asciidoc, and others can also be tested.
See the documentation for more details.

Own Id: OTP-20034
Application(s): common_test
Related Id(s): PR-10824, PR-9315
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Application(s): asn1, common_test, compiler, crypto, debugger, dialyzer, diameter, edoc, eunit, inets, kernel, megaco, mnesia, observer, odbc, os_mon, otp, parsetools, public_key, reltool, runtime_tools, sasl, ssh, ssl, stdlib, syntax_tools, tftp, tools, wx, xmerl
Related Id(s): PR-10839
The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration.

Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512.

The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh_dsa_sha2_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list.

All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status.

Own Id: OTP-20070
Application(s): ssl
Related Id(s): PR-10949

*** POTENTIAL INCOMPATIBILITY ***
The json module now encodes and decodes quoted strings faster. Improvements of up to 55 percent has been measured when decoding JSON data with long strings.

The string:length/1, string:slice/2, and string:slice/3 functions have been optimized. For some strings, they can be up to twice as fast.

Own Id: OTP-20072
Application(s): stdlib
Related Id(s): PR-10938, PR-10948
The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly:
```
ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options])
```
Own Id: OTP-20078
Application(s): ssh
Related Id(s): PR-10970

*** POTENTIAL INCOMPATIBILITY ***
The runtime system now supports generating encrypted crash dumps. See the description of --enable-encrypted-crash-dumps in Building and Installing Erlang/OTP.

Own Id: OTP-20085
Application(s): crypto, erts, public_key, tools
Related Id(s): PR-10993
There is a new Hardening guide giving guidelines on how to strengthen the security for the ssl application.

Own Id: OTP-20087
Application(s): ssl
Related Id(s): PR-11019
There is a new Hardening guide with advice for configuring Inets to be more secure.

Own Id: OTP-20133
Application(s): inets
Related Id(s): PR-11073

POTENTIAL INCOMPATIBILITIES

Fixed (inet) module selection when calling (gen_tcp) listen and connect and (gen_udp) open. Depending on the order of the options, the module option (tcp_module or udp_module) was sometimes ignored.

Own Id: OTP-19695
Application(s): kernel
Related Id(s): GH-9822, PR-10013
ssh:stop_deamon now uses supervisor:stop for shutting down daemons. With this change, the scenario when ssh:stop_daemon is called for a non-existing process results in calling process exiting. Previously an error tuple was returned (which was not documented).

Own Id: OTP-19801
Application(s): ssh
Related Id(s): PR-10253
The mnesia_registry module has been removed.

Own Id: OTP-19807
Application(s): mnesia
Related Id(s): PR-7315
In the default code path for the Erlang system, the current working directory (.) is now in the last position instead of the first.

Own Id: OTP-19842
Application(s): erts, kernel

*** HIGHLIGHT ***

Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
* exception error: bad filter 2614250

In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
* 5:14: matches using '=' are not allowed in comprehension qualifiers
unless the experimental 'compr_assign' language feature is enabled.
With 'compr_assign' enabled, a match 'P = E' will behave as a
strict generator 'P <-:- [E]'."

However, this example will work as expected if the compr_assign feature is enabled when starting the runtime system:

$ erl -enable-feature compr_assign
. . .
1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
[2614250]

Here is another example how compr_assign can be used:

-module(example).
-feature(compr_assign, enable).
-export([cat/1]).

cat(Files) ->
    [Char || F <- Files,
             {ok, Bin} = file:read_file(F),
             Char <- unicode:characters_to_list(Bin)].

Own Id: OTP-19927
Application(s): compiler, stdlib
Related Id(s): PR-9153

*** HIGHLIGHT ***

The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.

Own Id: OTP-19965
Application(s): ssh
Related Id(s): PR-10656

*** HIGHLIGHT ***

Applications requiring shell or exec functionality must now explicitly enable:

  %% Enable Erlang shell
  ssh:daemon(Port, [{shell, {shell, start, []}} | Options])

  %% Enable Erlang term evaluation via exec
  ssh:daemon(Port, [{exec, erlang_eval} | Options])

  %% Restore complete old behavior
  ssh:daemon(Port, [{shell, {shell, start, []}},
                    {exec, erlang_eval}
                    | Options])

Own Id: OTP-19969
Application(s): ssh
Related Id(s): ERIERL-1319, PR-10970, PR-11080

*** HIGHLIGHT ***

Changed ets:update_counter/4 and ets:update_element/4 to always reject default tuples smaller than the keypos of the table. Such keyless tuples are now rejected even if the key exists in the table and the default tuple would not be used. This is a subtle semantic change but is a nicer behavior for development and testing as it will detect faulty default tuple arguments earlier.

Own Id: OTP-19975
Application(s): erts
Related Id(s): PR-10674
Added explicit size validation guards for pre-authentication SSH messages to improve defense-in-depth against DoS attacks. Messages now have per-field size limits based on RFC specifications:
- Transport layer messages (DISCONNECT, IGNORE, DEBUG)
- Key exchange messages (DH, ECDH, DH-GEX)
- Service request messages (SERVICE_REQUEST, SERVICE_ACCEPT, EXT_INFO)
This change enhances the existing 256KB global packet size limit with granular per-message validation. Compliant implementations are not affected.

Own Id: OTP-19995
Application(s): ssh
Related Id(s): PR-10739
The array module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with term_to_binary/1 in previous releases are not compatible.

Own Id: OTP-20004
Application(s): stdlib
Related Id(s): PR-10578

*** HIGHLIGHT ***
The SFTP subsystem root option now properly rejects relative paths at daemon startup. Previously, relative paths would cause unpredictable behavior as file operations resolved relative to the Erlang VM's current working directory. The option now requires an absolute path or empty string.

Own Id: OTP-20019
Application(s): ssh
Related Id(s): PR-10820
The gb_sets:from_ordset/1 and gb_trees:from_orddict/1 functions would trust their inputs. If the input contained duplicates or was not properly sorted, the resulting gb_set or gb_tree would be invalid, and any number of interesting problems could occur.

In this release, these functions will raise an exception if their input is not valid. That could mean that incorrect programs that seemed to work could now stop working altogether.

There is also a new gb_trees:from_list/1 function for directly creating a gb_tree from a list.

Own Id: OTP-20061
Application(s): stdlib
Related Id(s): PR-10910
The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration.

Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512.

The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh_dsa_sha2_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list.

All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status.

Own Id: OTP-20070
Application(s): ssl
Related Id(s): PR-10949

*** HIGHLIGHT ***
The old Tcl-based implementation of erl_errno_id() has been replaced by our own implementation now supporting more errno values on modern operating systems. It also returns the string "errno_<ERRNO_INTEGER>" corresponding to the integer given as argument if the errno integer is unknown instead of as previously just return the string "unknown".

The result of erl_errno_id() is often converted into an atom and passed as an error from a driver or a NIF.

Own Id: OTP-20076
Application(s): erts
Related Id(s): PR-10958, PR-10969
The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly:
```
ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options])
```
Own Id: OTP-20078
Application(s): ssh
Related Id(s): PR-10970

*** HIGHLIGHT ***
Secure renegotiation for TLS-1.2 specified in RFC 5746 from 2010 is now always used. The interoperability fallback option {secure_renegotiate,SecureRenegotiate} is no longer needed.

Own Id: OTP-20080
Application(s): ssl
Related Id(s): PR-10979
The erlang:suspend_process/1 and erlang:suspend_process/2 BIFs now also suspend BIF timers that will send messages to the process if the timer was created using the PID of the process as destination. Timers created using registered names are not affected.

Own Id: OTP-20095
Application(s): erts
Related Id(s): PR-10619, PR-11004
The TOS handling on socket has been significantlyupdated and improved. Socket did not properly handle set, get and recv (cmsg) of TOS.

Note that the returned TOS value has been changed. It was previously an atom or an integer. Now it is a map with different interpretations of the TOS octet. See the documentation.

Own Id: OTP-20102
Application(s): erts, kernel
Related Id(s): GH-10968, PR-11059

OTP-29.0

Fixed Bugs and Malfunctions

The start_erl script will now work on embedded systems.

Own Id: OTP-20111
Related Id(s): GH-10342, PR-10346

Improvements and New Features

Vendor dependencies and OpenVEX statements in the otp repository is now scanned for vulnerabilities. It is verified that OTP security issues reported at Github exist in the published OpenVEX statements, and issues are automatically opened in the otp repository if vendor vulnerabilities are detected.

Own Id: OTP-19763
Related Id(s): PR-10145, PR-10166, PR-10168, PR-10189, PR-10193, PR-10195, PR-10197, PR-10202, OTP-19652, OTP-19775, OTP-19779
Documentation about how to validate the SBOM using sigstore has been added.

Own Id: OTP-19766
Related Id(s): GH-10151, PR-10187
The old-style type tests in guards (integer, atom, and so on) have been scheduled for removal in Erlang/OTP 30. They have been deprecated for a long time.

Own Id: OTP-19887
Related Id(s): PR-10417

*** HIGHLIGHT ***
Removed the undocumented dyn_erl utility.

Own Id: OTP-19933
Related Id(s): PR-10573
There is no longer a 32-bit Erlang/OTP build for Windows.

Own Id: OTP-19960
*** HIGHLIGHT ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The Upcoming Potential Incompatibilities page has been updated to note that in Erlang/OTP 30, erlang:fun_info(Fun, pid) will no longer retrieve a pid, but will raise a badarg exception.

Own Id: OTP-20092
Related Id(s): PR-10998
Add security improvements to GitHub Actions workflows based on findings from zizmor, a GitHub Actions security linter.

Own Id: OTP-20103
Related Id(s): PR-11000
Improve mermaid diagram rending in documentation.

Own Id: OTP-20132
Related Id(s): PR-11047

asn1-5.5

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of asn1-5.5

erts-14.0, kernel-9.0, stdlib-5.0

common_test-1.31

Fixed Bugs and Malfunctions

Improved support for QuickCheck when writing property tests.

Own Id: OTP-20010
Related Id(s): PR-10783

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
'EXIT' messages are now formatted in the same way as badmatch errors.

Own Id: OTP-19910
Related Id(s): PR-10277
Error notifications now contain the name of the source file in which the error occurred.

Own Id: OTP-19925
Related Id(s): GH-10260, PR-10269
New in this release is ct_doctest, a module that allows the user to test documentation examples in Erlang module docs and documentation files.

ct_doctest allows you to:
- Test code examples using shell syntax and their returns
- Test code examples that should fail
- Write example modules that are compiled and available in shell examples
- Plugin other documentation parsing engines so that examples in, for example, edoc, asciidoc, and others can also be tested.
See the documentation for more details.

Own Id: OTP-20034
Related Id(s): PR-10824, PR-9315

*** HIGHLIGHT ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of common_test-1.31

compiler-10.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-11.0, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-8.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8

compiler-10.0

Fixed Bugs and Malfunctions

For a function such as the following:
```
bar(S0) ->
    S1 = setelement(8, S0, a),
    S2 = setelement(7, S1, b),
    setelement(5, S2, c).
```
the compiler would keep all of the calls to setelement/3 and emit extra unnecessary set_tuple_element instructions.

This has been corrected so that the compiler will never emit code that uses the set_tuple_element instruction. In a future release, support for the set_tuple_element will be removed from the runtime system.

Own Id: OTP-19751
Related Id(s): GH-10125, PR-10144
beam_lib:strip/1 will now retain the Beam debug information chunk produced by the beam_debug_info option. The chunk will also be retained when combing the beam_debug_info option with the undocumented slim option.

The runtime system will no longer crash when attempting to load modules that have been compiled with beam_debug_info but lack the actual Beam debug info chunk.

Own Id: OTP-19991
Related Id(s): GH-10557, PR-10735

Improvements and New Features

In comprehensions, a generator that builds a list with a single element will now be optimized to avoid building and matching the list. Example:
```
[H || E <- List, H <- [erlang:phash2(E)], H rem 10 =:= 0]
```
Own Id: OTP-19672
Related Id(s): PR-9934
In the documentation for the compile module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the to_abstr, to_exp, and from_abstr options.

The documentation for erlc now lists .abstr as one of the supported options.

When compiling with the to_abstr option, the resulting .abstr file now retains any -doc attributes present in the source code.

Own Id: OTP-19784
Related Id(s): PR-10230, PR-10234

*** HIGHLIGHT ***
Native records as described in EEP-79 has been implemented.

A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

Own Id: OTP-19785
Related Id(s): PR-10617

*** HIGHLIGHT ***
The guard BIF is_integer/3 has been added. It follows the design of the original EEP-16, only changing the name from is_between to is_integer. This BIF takes in 3 parameters, Term, LowerBound, and UpperBound.

It returns true if Term, LowerBound, and UpperBound are all integers, and LowerBound =< Term =< UpperBound; otherwise, it returns false.

Example:
```
1> I = 42.
2> is_integer(I, 0, 100).
true
```
Own Id: OTP-19809
Related Id(s): PR-10276

*** HIGHLIGHT ***
Function application is now left associative. That means one can now write:
```
f(X)(Y)
```
instead of:
```
(f(X))(Y)
```
Own Id: OTP-19866
Related Id(s): PR-9223

*** HIGHLIGHT ***
There will now be a warning when exporting variables out of a subexpression. For example:
```
case file:open(File, AllOpts = [write,{encoding,utf8}]) of
    {ok,Fd} ->
        {Fd,AllOpts}
end
```
To avoid the warning, this can be rewritten to:
```
AllOpts = [write,{encoding,utf8}],
case file:open(File, AllOpts) of
    {ok,Fd} ->
        {Fd,AllOpts}
end
```
The warning can be suppressed by giving option nowarn_export_var_subexpr to the compiler.

Own Id: OTP-19898
Related Id(s): PR-9134

*** HIGHLIGHT ***
There is a new option warn_obsolete_bool_op that instruct the compiler to emit warnings for the and and or operators. It is recommended to instead use the modern andalso and orelse operators, or , and ; in guards.

Own Id: OTP-19918
Related Id(s): PR-9115

*** HIGHLIGHT ***

Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
* exception error: bad filter 2614250

In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
* 5:14: matches using '=' are not allowed in comprehension qualifiers
unless the experimental 'compr_assign' language feature is enabled.
With 'compr_assign' enabled, a match 'P = E' will behave as a
strict generator 'P <-:- [E]'."

However, this example will work as expected if the compr_assign feature is enabled when starting the runtime system:

$ erl -enable-feature compr_assign
. . .
1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
[2614250]

Here is another example how compr_assign can be used:

-module(example).
-feature(compr_assign, enable).
-export([cat/1]).

cat(Files) ->
    [Char || F <- Files,
             {ok, Bin} = file:read_file(F),
             Char <- unicode:characters_to_list(Bin)].

Own Id: OTP-19927
Related Id(s): PR-9153

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***

There will now be a warning when using the catch operator, which has been deprecated for a long time.

It is recommended to instead use try...catch...end but is also possible to disable the warning by using the nowarn_deprecated_catch option.

Own Id: OTP-19938
Related Id(s): PR-10421

*** HIGHLIGHT ***
Multi-valued comprehensions according to EEP 78 has been implemented.

Example:
```
> [I, -I || I <- lists:seq(1, 5)].
[1,-1,2,-2,3,-3,4,-4,5,-5]
```
Own Id: OTP-19942
Related Id(s): PR-9374

*** HIGHLIGHT ***
There will now be a warning for matches that unify constructors, such as the following:
```
m({a,B} = {Y,Z}) -> . . .
```
Such a match can be rewritten to:
```
m({a=Y,B=Y}) -> . . .
```
The compiler option nowarn_match_alias_pats can be used to disable the warning.

Own Id: OTP-19943
Related Id(s): PR-10433

*** HIGHLIGHT ***
The compiler now generates more efficient code for map comprehensions with constant values that don't depend on the generator, such as the following:
```
#{K => 42} || K <- List}.
#{K => X || K <- List}.
#{K => {X, Y} || K <- List}.
```
Own Id: OTP-19968
Related Id(s): PR-10646

*** HIGHLIGHT ***
Compilation times of modules with a huge number of calls to element/2 has been improved.

Own Id: OTP-20020
Related Id(s): GH-10807, PR-10819
The format of the debug information stored by the beam_debug_info option (used by the edb debugger) has been updated to more easily extendible and to contain more information about call targets. (See the linked PR for more details.)

Own Id: OTP-20048
Related Id(s): PR-9814
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of compiler-10.0

crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0

crypto-5.9

Fixed Bugs and Malfunctions

Fixed crypto:hash_equals/2 and FIPS when crypto is statically linked to the beam (with --enable-static-nifs and --disable-dynamic-ssl-lib).

Own Id: OTP-20025
Related Id(s): PR-10817

Improvements and New Features

The rand:bytes/1 and rand:bytes_s/2 functions have been optimized by implementing a new internal callback function that crypto:rand_seed_alg/1 and crypto:alg_seed_alg_s/1 have been updated to use.

A new algorithm crypto_prng1, which also takes advantage of this new internal callback, has been added to crypto:rand_seed_alg/2 and crypto:rand_seed_alg_s/2. It is much faster then the existing crypto_aes, in particular for generating bytes.

Own Id: OTP-19882
Related Id(s): PR-10453, OTP-19827
In interactive mode, application crypto is automatically loaded when the crypto module is loaded. This will ensure that the correct value of configuration parameter fips_mode is used to initialize OpenSSL if module crypto is called/loaded before the application crypto has been loaded. In embedded mode, module crypto will fail to load if the application has not been loaded.

Own Id: OTP-20035
Related Id(s): PR-10830
OpenSSL engine support has been removed on Windows.

Own Id: OTP-20036
Related Id(s): PR-10836
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The runtime system now supports generating encrypted crash dumps. See the description of --enable-encrypted-crash-dumps in Building and Installing Erlang/OTP.

Own Id: OTP-20085
Related Id(s): PR-10993

*** HIGHLIGHT ***

Full runtime dependencies of crypto-5.9

erts-9.0, kernel-6.0, stdlib-3.9

debugger-7.0

Improvements and New Features

Native records as described in EEP-79 has been implemented.

A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

Own Id: OTP-19785
Related Id(s): PR-10617

*** HIGHLIGHT ***
Tools such as the debugger, beam_lib, and xref no longer support BEAM files created before OTP 13B.

Own Id: OTP-19906
Related Id(s): PR-10519
Multi-valued comprehensions according to EEP 78 has been implemented.

Example:
```
> [I, -I || I <- lists:seq(1, 5)].
[1,-1,2,-2,3,-3,4,-4,5,-5]
```
Own Id: OTP-19942
Related Id(s): PR-9374

*** HIGHLIGHT ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of debugger-7.0

compiler-8.0, erts-15.0, kernel-10.0, stdlib-7.0, wx-2.0

dialyzer-6.0

Improvements and New Features

Native records as described in EEP-79 has been implemented.

A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

Own Id: OTP-19785
Related Id(s): PR-10617

*** HIGHLIGHT ***
The guard BIF is_integer/3 has been added. It follows the design of the original EEP-16, only changing the name from is_between to is_integer. This BIF takes in 3 parameters, Term, LowerBound, and UpperBound.

It returns true if Term, LowerBound, and UpperBound are all integers, and LowerBound =< Term =< UpperBound; otherwise, it returns false.

Example:
```
1> I = 42.
2> is_integer(I, 0, 100).
true
```
Own Id: OTP-19809
Related Id(s): PR-10276

*** HIGHLIGHT ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of dialyzer-6.0

compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0

diameter-2.7

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of diameter-2.7

erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0

edoc-1.5

Improvements and New Features

Changed behavior of EDoc so that when a module defines a private type and a private function spec uses it, that type no longer gets included in the EDoc chunk.

Own Id: OTP-20030
Related Id(s): PR-10770
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of edoc-1.5

erts-11.0, inets-5.10, kernel-7.0, stdlib-4.0, syntax_tools-2.0, xmerl-1.3.7

eldap-1.3

Improvements and New Features

Only minor internal changes.

Own Id: OTP-19964

Full runtime dependencies of eldap-1.3

asn1-3.0, erts-6.0, kernel-3.0, ssl-5.3.4, stdlib-3.4

erl_interface-5.8

Improvements and New Features

Improved name consistency of EPMD protocol messages in documentation and code. Renamed PORT_PLEASE2_REQ to PORT2_REQ and added prefix EPMD_.

Own Id: OTP-19734
Related Id(s): GH-10071, PR-10078
Replaced embedded OpenSSL MD5 implementation.

Own Id: OTP-20045
Related Id(s): PR-10870

Known Bugs and Problems

The ei API for decoding/encoding terms is not fully 64-bit compatible since terms that have a representation on the external term format larger than 2 GB cannot be handled.

Own Id: OTP-16607
Related Id(s): OTP-16608

erts-17.0

Fixed Bugs and Malfunctions

For a function such as the following:
```
bar(S0) ->
    S1 = setelement(8, S0, a),
    S2 = setelement(7, S1, b),
    setelement(5, S2, c).
```
the compiler would keep all of the calls to setelement/3 and emit extra unnecessary set_tuple_element instructions.

This has been corrected so that the compiler will never emit code that uses the set_tuple_element instruction. In a future release, support for the set_tuple_element will be removed from the runtime system.

Own Id: OTP-19751
Related Id(s): GH-10125, PR-10144
Improved the handling of the logging directory for the start script on Unix-like systems, so that it no longer crashes when $ROOTDIR/log is not writable.

Own Id: OTP-19874
Related Id(s): GH-10341, PR-10348
The -nocookie option for erl is now documented.

Own Id: OTP-19935
Related Id(s): PR-10549
beam_lib:strip/1 will now retain the Beam debug information chunk produced by the beam_debug_info option. The chunk will also be retained when combing the beam_debug_info option with the undocumented slim option.

The runtime system will no longer crash when attempting to load modules that have been compiled with beam_debug_info but lack the actual Beam debug info chunk.

Own Id: OTP-19991
Related Id(s): GH-10557, PR-10735
Fixed potential symbol clashing on MacOS by passing RTLD_LOCAL to dlopen. This will make symbols to not be resolvable between subsequently loaded NIF/drivers, which is the default behavior on Linux and BSD.

Own Id: OTP-20026
Related Id(s): PR-10805
The configure script used to call isfinite() with argument 0. That could fail on some platforms. This has been changed to call isfinite() with 1.0 instead.

Own Id: OTP-20088
Related Id(s): PR-10965
The TOS handling on socket has been significantlyupdated and improved. Socket did not properly handle set, get and recv (cmsg) of TOS.

Note that the returned TOS value has been changed. It was previously an atom or an integer. Now it is a map with different interpretations of the TOS octet. See the documentation.

Own Id: OTP-20102
Related Id(s): GH-10968, PR-11059

*** POTENTIAL INCOMPATIBILITY ***
Fixed erlang:md5_init to always return the same deterministic context binary. Only an issue in OTP 28.5 when OTP was built with --disable-builtin-openssl or --enable-use-embedded-3pp-alternatives.

Own Id: OTP-20123
Added explicit configure test for C++ function std::to_chars if options --disable-builtin-ryu or --enable-use-embedded-3pp-alternatives is used.

Own Id: OTP-20126
Related Id(s): PR-11067

Improvements and New Features

The exported name space of the beam executable has been cleaned to only expose symbols of documented interfaces like NIF and driver APIs. This will avoid accidental name clashes with, for example, our statically linked variants of PCRE2 and ZSTD. NIFs and drivers that abuse undocumented internal interfaces will fail to load due to this change.

Own Id: OTP-19643
Related Id(s): PR-9864
Improved name consistency of EPMD protocol messages in documentation and code. Renamed PORT_PLEASE2_REQ to PORT2_REQ and added prefix EPMD_.

Own Id: OTP-19734
Related Id(s): GH-10071, PR-10078
The JIT now generates better code for matching or creating binaries with multiple little-endian segments.

Own Id: OTP-19747
Related Id(s): PR-10126

*** HIGHLIGHT ***
In the documentation for the compile module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the to_abstr, to_exp, and from_abstr options.

The documentation for erlc now lists .abstr as one of the supported options.

When compiling with the to_abstr option, the resulting .abstr file now retains any -doc attributes present in the source code.

Own Id: OTP-19784
Related Id(s): PR-10230, PR-10234

*** HIGHLIGHT ***
Native records as described in EEP-79 has been implemented.

A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

Own Id: OTP-19785
Related Id(s): PR-10617

*** HIGHLIGHT ***
Task stealing between schedulers has been further optimized.

Own Id: OTP-19793
Related Id(s): PR-9984
The guard BIF is_integer/3 has been added. It follows the design of the original EEP-16, only changing the name from is_between to is_integer. This BIF takes in 3 parameters, Term, LowerBound, and UpperBound.

It returns true if Term, LowerBound, and UpperBound are all integers, and LowerBound =< Term =< UpperBound; otherwise, it returns false.

Example:
```
1> I = 42.
2> is_integer(I, 0, 100).
true
```
Own Id: OTP-19809
Related Id(s): PR-10276

*** HIGHLIGHT ***
Calls to trace:info(_, {M,F,A}, Item), with Item as call_time, call_memory, or all, will no longer block all scheduler threads from running.

Own Id: OTP-19811
Related Id(s): PR-10207
Full support for SCTP in socket. Not (yet) supported for FreeBSD.

Own Id: OTP-19834
In the default code path for the Erlang system, the current working directory (.) is now in the last position instead of the first.

Own Id: OTP-19842
*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***
Tools such as the debugger, beam_lib, and xref no longer support BEAM files created before OTP 13B.

Own Id: OTP-19906
Related Id(s): PR-10519
Optimized ETS named table lookup scalability by replacing read locks with lockless atomic operations.

Own Id: OTP-19919
Related Id(s): PR-7118
Removed the undocumented dyn_erl utility.

Own Id: OTP-19933
Related Id(s): PR-10573
Added zstd:flush/2 for flushing compressed data without closing the compression context.

Own Id: OTP-19936
Related Id(s): GH-10345, PR-10511
While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order:
- maps:keys/1
- maps:values/1
- maps:to_list/1
- maps:to_list(maps:iterator(M))
- Map comprehension: [{K,V} || K := V <- M]
Own Id: OTP-19963
Related Id(s): PR-10626

*** HIGHLIGHT ***
Improved the performance of code loading.

Own Id: OTP-19966
Related Id(s): PR-10615
Changed ets:update_counter/4 and ets:update_element/4 to always reject default tuples smaller than the keypos of the table. Such keyless tuples are now rejected even if the key exists in the table and the default tuple would not be used. This is a subtle semantic change but is a nicer behavior for development and testing as it will detect faulty default tuple arguments earlier.

Own Id: OTP-19975
Related Id(s): PR-10674

*** POTENTIAL INCOMPATIBILITY ***
Improved compatibility with systems that lack certain shell utilities.

Own Id: OTP-20002
Related Id(s): PR-10647
It was previously not possible to check on the socket nif load result. A successful load was self-evident, but a failure was only visible from the fact that most socket functions failed with notsup. This has now been improved such that the (socket nif) load result is visible in the info map (from socket:info/0).

Own Id: OTP-20003
The default for the configure option --{enable,disable}-use-embedded-3pp-alternatives has changed and the subset of embedded third-party products (3pps) affected by it has also changed. Currently this option affects zstd, zlib, ryu (with STL). By default zstd and zlib available on the OS will be used if they fulfill the requirements. The builtin ryu (with STL) will be used by default. The 3pps openssl and tcl that previously were present have been replaced by our own implementations.

Requirements for the affected 3pps alternatives are still the same as before:
- zstd - Static library and include files of at least version 1.5.6 needs to be available.
- zlib - Library and include files of at least version 1.2.5 needs to be available.
- ryu (with STL) - A usable C++ compiler with C++17 library support.
Own Id: OTP-20013
Related Id(s): PR-10894, PR-10986, OTP-20106
Added support for socket functions recvmmsg() and sendmmsg().

Own Id: OTP-20015
Related Id(s): PR-10564

*** HIGHLIGHT ***
There is a new NIF function enif_term_size().

Own Id: OTP-20016
Related Id(s): PR-10782
Call trace match specs can use [Arg1, Arg2 | '_'] syntax to match functions with at least N number of arguments.

Own Id: OTP-20017
Related Id(s): PR-10754
Replaced embedded OpenSSL MD5 implementation.

Own Id: OTP-20045
Related Id(s): PR-10870
The format of the debug information stored by the beam_debug_info option (used by the edb debugger) has been updated to more easily extendible and to contain more information about call targets. (See the linked PR for more details.)

Own Id: OTP-20048
Related Id(s): PR-9814
There are new functions erlang:exit_signal/2,3 replacing the old erlang:exit/2,3. The primary purpose is better naming to distinguish between exit exceptions and exit signals. The new exit_signal functions will also avoid a historical quirk when a process sends an exit signal to itself with reason normal.

The old erlang:exit/2,3 will work as before, but it is recommended to use the new exit:signal/2,3 functions for new or modified code. Deprecation of erlang:exit/2,3 with a compiler warning is planned for OTP 30.

Own Id: OTP-20069
Related Id(s): PR-10801
The old Tcl-based implementation of erl_errno_id() has been replaced by our own implementation now supporting more errno values on modern operating systems. It also returns the string "errno_<ERRNO_INTEGER>" corresponding to the integer given as argument if the errno integer is unknown instead of as previously just return the string "unknown".

The result of erl_errno_id() is often converted into an atom and passed as an error from a driver or a NIF.

Own Id: OTP-20076
Related Id(s): PR-10958, PR-10969

*** POTENTIAL INCOMPATIBILITY ***
The runtime system now supports generating encrypted crash dumps. See the description of --enable-encrypted-crash-dumps in Building and Installing Erlang/OTP.

Own Id: OTP-20085
Related Id(s): PR-10993

*** HIGHLIGHT ***
When implementing an alternate distribution implementors can now use an alternate handshake complete fun of arity 4 if needed.

Own Id: OTP-20090
Related Id(s): PR-10478
The erlang:suspend_process/1 and erlang:suspend_process/2 BIFs now also suspend BIF timers that will send messages to the process if the timer was created using the PID of the process as destination. Timers created using registered names are not affected.

Own Id: OTP-20095
Related Id(s): PR-10619, PR-11004

*** POTENTIAL INCOMPATIBILITY ***
Added support for socket option SO_TIMESTAMPNS (not available on all platforms).

Own Id: OTP-20115
Related Id(s): PR-10929

Full runtime dependencies of erts-17.0

kernel-9.0, sasl-3.3, stdlib-4.1

et-1.8

Improvements and New Features

Only minor internal changes.

Own Id: OTP-19964

Full runtime dependencies of et-1.8

erts-9.0, kernel-5.3, runtime_tools-1.10, stdlib-3.4, wx-1.2

eunit-2.11

Improvements and New Features

Added randomDelay macro.

Own Id: OTP-19997
Related Id(s): PR-10614
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of eunit-2.11

erts-9.0, kernel-11.0, stdlib-6.0

ftp-1.2.5

Fixed Bugs and Malfunctions

The odbc application is now deprecated and is planned to be removed in Erlang/OTP 30.

The ftp and ct_ftp modules are now deprecated and are planned to be removed in Erlang/OTP 30.

Own Id: OTP-19980
Related Id(s): PR-10804

*** HIGHLIGHT ***

Full runtime dependencies of ftp-1.2.5

erts-7.0, kernel-6.0, runtime_tools-1.15.1, ssl-10.2, stdlib-3.5

inets-9.7

Fixed Bugs and Malfunctions

A call to httpd:reload_config/2 now validates the new configuration before removing the old one, leaving the server running in case of faulty config, instead of putting it in an unrecoverable state.

Own Id: OTP-20128
Related Id(s): ERIERL-1314, PR-11079

Improvements and New Features

A new option max_connections_open has been added to the httpc HTTP client profile configuration. It limits the maximum number of concurrent HTTP handler processes that can be open simultaneously.

When the limit is reached, new requests are queued internally and started automatically as existing handlers complete. This prevents bandwidth exhaustion in high-load scenarios where too many parallel connections cause remote servers to close sockets before transfers finish (the socket_closed_remotely error).

The option can be set via httpc:set_options([{max_connections_open, 10}], Profile).

The default value is infinity (unlimited), preserving backward compatibility. The value must be a positive integer or infinity and must be greater than or equal to max_sessions.

Own Id: OTP-19587
Related Id(s): GH-8841, PR-9712
The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The mod_cgi and mod_actions modules are now deprecated and are scheduled to be removed in OTP 30.

Own Id: OTP-20071
Related Id(s): PR-10950
There is a new Hardening guide with advice for configuring Inets to be more secure.

Own Id: OTP-20133
Related Id(s): PR-11073

*** HIGHLIGHT ***

Full runtime dependencies of inets-9.7

erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0

jinterface-1.16

Improvements and New Features

The jinterface build now honors SOURCE_DATE_EPOCH for deterministic build of OtpErlang.jar.

Own Id: OTP-19956
Related Id(s): PR-10556
Removed prebuilt java files from source tar file to avoid issues with different version of the java runtime.

Own Id: OTP-20073
Related Id(s): PR-10951

kernel-11.0

Fixed Bugs and Malfunctions

Fixed (inet) module selection when calling (gen_tcp) listen and connect and (gen_udp) open. Depending on the order of the options, the module option (tcp_module or udp_module) was sometimes ignored.

Own Id: OTP-19695
Related Id(s): GH-9822, PR-10013

*** POTENTIAL INCOMPATIBILITY ***
The TCP/UDP compatibility layer has been fixed so that inet_backend = socket now supports socket options reuseport and reuseport_lb for gen_tcp and gen_udp.

Own Id: OTP-19917
Related Id(s): PR-10514
Some errors in config files for the application controller would result in very cryptic crashes. Error handling has been improved to ensure that the file name and line number of the offending token are now printed.

Own Id: OTP-20054
Related Id(s): GH-10214, PR-10259
The TOS handling on socket has been significantlyupdated and improved. Socket did not properly handle set, get and recv (cmsg) of TOS.

Note that the returned TOS value has been changed. It was previously an atom or an integer. Now it is a map with different interpretations of the TOS octet. See the documentation.

Own Id: OTP-20102
Related Id(s): GH-10968, PR-11059

*** POTENTIAL INCOMPATIBILITY ***
Replaced a sleep clause in user_drv shutdown with a flush of the output buffer.

Own Id: OTP-20124
Related Id(s): PR-10808

Improvements and New Features

Added an option to set the erl_boot_server listen port.

Own Id: OTP-19708
Related Id(s): PR-9894
The memory footprint of some supervisors has been reduced by purging obsoleted data when the supervisor is transitioning to and from hibernation.

Own Id: OTP-19713
Related Id(s): PR-9866
Improved name consistency of EPMD protocol messages in documentation and code. Renamed PORT_PLEASE2_REQ to PORT2_REQ and added prefix EPMD_.

Own Id: OTP-19734
Related Id(s): GH-10071, PR-10078
The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
Refactored a kernel_load_completed clause in the init module for conciseness.

Own Id: OTP-19786
Related Id(s): PR-10134
Full support for SCTP in socket. Not (yet) supported for FreeBSD.

Own Id: OTP-19834
In the default code path for the Erlang system, the current working directory (.) is now in the last position instead of the first.

Own Id: OTP-19842
*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***
It was previously not possible to check on the socket nif load result. A successful load was self-evident, but a failure was only visible from the fact that most socket functions failed with notsup. This has now been improved such that the (socket nif) load result is visible in the info map (from socket:info/0).

Own Id: OTP-20003
Added support for socket functions recvmmsg() and sendmmsg().

Own Id: OTP-20015
Related Id(s): PR-10564

*** HIGHLIGHT ***
Added a new module called io_ansi that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications.

io_ansi uses the local terminfo database in order to be as cross-platform compatible as possible.

It also works across nodes so that if functions on a remote node call io_ansi:fwrite/1 it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use io_ansi and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly.

Own Id: OTP-20028
Related Id(s): PR-10905, PR-9940

*** HIGHLIGHT ***
Polished the documentation groups, essentially removed groups that did nothing but obscure the documentation.

Own Id: OTP-20029
Related Id(s): PR-10755
Added a new behavior, data_publisher, for building eventually consistent, replicated data stores across distributed nodes. This is a generalization of the pg module.

Own Id: OTP-20055
Related Id(s): PR-10426
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
When implementing an alternate distribution implementors can now use an alternate handshake complete fun of arity 4 if needed.

Own Id: OTP-20090
Related Id(s): PR-10478
Added support for socket option SO_TIMESTAMPNS (not available on all platforms).

Own Id: OTP-20115
Related Id(s): PR-10929
Added a flag log_missed_net_ticks = true | false that controls whether a warning is logged for each missed sub-tick on a distribution connection. A sub-tick is missed when no data has been received from a connected node during one tick interval. A warning is emitted on every subsequent missed sub-tick until the node is declared down after net_tickintensity consecutive missed sub-ticks, at which point a final timeout warning is always logged regardless of this setting. Defaults to false.

Own Id: OTP-20117
Related Id(s): PR-11031

Full runtime dependencies of kernel-11.0

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

megaco-4.9

Fixed Bugs and Malfunctions

Running Dialyzer on Windows in an Erlang repo, causes Dialyzer warnings for the megaco_flex_scanner module. This is because the flex scanner is not built on Windows. These warnings are now suppressed.

Own Id: OTP-20114
Related Id(s): PR-11025

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of megaco-4.9

asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5

mnesia-4.26

Improvements and New Features

mnesia now has new functions select_reverse/1-6 supporting iteration over tables in reverse order.

Own Id: OTP-19611
Related Id(s): GH-8993, PR-9475
The mnesia_registry module has been removed.

Own Id: OTP-19807
Related Id(s): PR-7315

*** POTENTIAL INCOMPATIBILITY ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of mnesia-4.26

erts-9.0, kernel-5.3, stdlib-5.0

observer-2.19

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of observer-2.19

erts-15.0, et-1.5, kernel-10.0, runtime_tools-2.1, stdlib-5.0, wx-2.3

odbc-2.17

Fixed Bugs and Malfunctions

The odbc application is now deprecated and is planned to be removed in Erlang/OTP 30.

The ftp and ct_ftp modules are now deprecated and are planned to be removed in Erlang/OTP 30.

Own Id: OTP-19980
Related Id(s): PR-10804

*** HIGHLIGHT ***

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of odbc-2.17

erts-6.0, kernel-3.0, stdlib-2.0

os_mon-2.12

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of os_mon-2.12

erts-14.0, kernel-9.0, sasl-4.2.1, stdlib-5.0

parsetools-2.8

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of parsetools-2.8

erts-6.0, kernel-3.0, stdlib-3.4

public_key-1.21

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
Added an option for relaxed encoding of certificates to allow some values to be empty. This may be used by other applications for interoperability reasons. This option is not used by the ssl application.

Own Id: OTP-19822
Related Id(s): PR-10033
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The runtime system now supports generating encrypted crash dumps. See the description of --enable-encrypted-crash-dumps in Building and Installing Erlang/OTP.

Own Id: OTP-20085
Related Id(s): PR-10993

*** HIGHLIGHT ***

Full runtime dependencies of public_key-1.21

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

reltool-1.1

Improvements and New Features

Removed the undocumented dyn_erl utility.

Own Id: OTP-19933
Related Id(s): PR-10573
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of reltool-1.1

erts-15.0, kernel-9.0, sasl-4.2.1, stdlib-5.0, tools-2.6.14, wx-2.3

runtime_tools-2.4

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of runtime_tools-2.4

erts-16.0, kernel-10.0, mnesia-4.12, stdlib-6.0

sasl-4.4

Fixed Bugs and Malfunctions

UNC paths are now handled on Windows.

Own Id: OTP-19949
Related Id(s): PR-10601

Improvements and New Features

Removed the undocumented dyn_erl utility.

Own Id: OTP-19933
Related Id(s): PR-10573
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of sasl-4.4

erts-15.0, kernel-6.0, stdlib-4.0, tools-2.6.14

snmp-5.20.3

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730

Full runtime dependencies of snmp-5.20.3

asn1-5.4, crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-5.0

ssh-6.0

Fixed Bugs and Malfunctions

Password-based authentication has been updated to follow current security best practices. Key-based authentication remains recommended for production systems.

Own Id: OTP-19982
Related Id(s): PR-10571
Added explicit size validation guards for pre-authentication SSH messages to improve defense-in-depth against DoS attacks. Messages now have per-field size limits based on RFC specifications:
- Transport layer messages (DISCONNECT, IGNORE, DEBUG)
- Key exchange messages (DH, ECDH, DH-GEX)
- Service request messages (SERVICE_REQUEST, SERVICE_ACCEPT, EXT_INFO)
This change enhances the existing 256KB global packet size limit with granular per-message validation. Compliant implementations are not affected.

Own Id: OTP-19995
Related Id(s): PR-10739

*** POTENTIAL INCOMPATIBILITY ***
The SFTP subsystem root option now properly rejects relative paths at daemon startup. Previously, relative paths would cause unpredictable behavior as file operations resolved relative to the Erlang VM's current working directory. The option now requires an absolute path or empty string.

Own Id: OTP-20019
Related Id(s): PR-10820

*** POTENTIAL INCOMPATIBILITY ***
Dynamic atom creation has been replaced with static lookups in ssh_transport and ssh_connection, using a dedicated OID-to-algorithm mapping function in ssh_message.

Own Id: OTP-20127
Related Id(s): PR-11078

Improvements and New Features

Using KEX strict extension names as specified in draft-ietf-sshm-strict-kex-00. Pre standard names are still supported.

Own Id: OTP-19709
Related Id(s): PR-10115
Added an alive option to detect and terminate dead SSH connections. Functionally equivalent to OpenSSH's ClientAlive*/ServerAlive* settings.

Own Id: OTP-19750
Related Id(s): PR-10372, PR-9125
ssh:stop_deamon now uses supervisor:stop for shutting down daemons. With this change, the scenario when ssh:stop_daemon is called for a non-existing process results in calling process exiting. Previously an error tuple was returned (which was not documented).

Own Id: OTP-19801
Related Id(s): PR-10253

*** POTENTIAL INCOMPATIBILITY ***
The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it.

Own Id: OTP-19965
Related Id(s): PR-10656

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***

Applications requiring shell or exec functionality must now explicitly enable:

  %% Enable Erlang shell
  ssh:daemon(Port, [{shell, {shell, start, []}} | Options])

  %% Enable Erlang term evaluation via exec
  ssh:daemon(Port, [{exec, erlang_eval} | Options])

  %% Restore complete old behavior
  ssh:daemon(Port, [{shell, {shell, start, []}},
                    {exec, erlang_eval}
                    | Options])

Own Id: OTP-19969
Related Id(s): ERIERL-1319, PR-10970, PR-11080

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***

Added SFTP resource limits section to hardening guide covering max_handles, max_path, and max_files with deployment recommendations.

Own Id: OTP-20031
Related Id(s): PR-10838
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly:
```
ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options])
```
Own Id: OTP-20078
Related Id(s): PR-10970

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***
The SSH hardening guide has been improved with a timeout overview table replacing the previous image, corrected terminology ("authenticated" instead of "authorized"), and new examples for loopback binding, public key user checking, and password lockout using ETS.

Own Id: OTP-20079
Related Id(s): PR-10970
With this change usage of zlib compression algorithm in SSH is deprecated and scheduled for removal in OTP 30.0

Own Id: OTP-20099
Related Id(s): PR-11010
Updated SSH documentation with current OTP 29 algorithm defaults, including the new mlkem768x25519-sha256 post-quantum key exchange. Fixed stale examples, typos, and improved document structure.

Own Id: OTP-20100
Related Id(s): PR-11012

Full runtime dependencies of ssh-6.0

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-8.0

ssl-11.7

Fixed Bugs and Malfunctions

Add missing clauses to ssl_handshake:extension_value/1. If an hello extension, missing a handling clause was present in a paused handshake, the handshake would fail.

Own Id: OTP-20116
Related Id(s): GH-11030, PR-11062

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration.

Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512.

The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh_dsa_sha2_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list.

All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status.

Own Id: OTP-20070
Related Id(s): PR-10949

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***
Secure renegotiation for TLS-1.2 specified in RFC 5746 from 2010 is now always used. The interoperability fallback option {secure_renegotiate,SecureRenegotiate} is no longer needed.

Own Id: OTP-20080
Related Id(s): PR-10979

*** POTENTIAL INCOMPATIBILITY ***
There is a new Hardening guide giving guidelines on how to strengthen the security for the ssl application.

Own Id: OTP-20087
Related Id(s): PR-11019

*** HIGHLIGHT ***

Full runtime dependencies of ssl-11.7

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.20.3, runtime_tools-1.15.1, stdlib-7.0

stdlib-8.0

Fixed Bugs and Malfunctions

Fixed an issue in digraph_utils:roots/1 where roots could be missed in some cases.

Own Id: OTP-19932
Related Id(s): PR-10510
beam_lib:strip/1 will now retain the Beam debug information chunk produced by the beam_debug_info option. The chunk will also be retained when combing the beam_debug_info option with the undocumented slim option.

The runtime system will no longer crash when attempting to load modules that have been compiled with beam_debug_info but lack the actual Beam debug info chunk.

Own Id: OTP-19991
Related Id(s): GH-10557, PR-10735
Fixed a crash when zstd:compress/2 was asked to compress empty data.

Own Id: OTP-20001
Related Id(s): GH-10650, PR-10653
Replaced a sleep clause in user_drv shutdown with a flush of the output buffer.

Own Id: OTP-20124
Related Id(s): PR-10808
The calendar:seconds_to_time/1 function now checks the range for each of the components of a time tuple ({Hours,Minutes,Seconds}) and fail with an exception if a component is out of range.

Own Id: OTP-20125
Related Id(s): PR-11069

Improvements and New Features

Error return values from functions in zip now also specify which file in the archive the error belongs to.

Own Id: OTP-19663
Related Id(s): PR-9899
The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
The undocumented and unsupported function lists:zf/2 is now deprecated.

Own Id: OTP-19783
Related Id(s): PR-10161
Native records as described in EEP-79 has been implemented.

A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.

Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.

Own Id: OTP-19785
Related Id(s): PR-10617

*** HIGHLIGHT ***
The new supervior:stop/1,2 functions can be used to manage the dynamic parts of a supervisor tree in an application from outside the tree but in the same application.

Own Id: OTP-19800
Related Id(s): PR-9209
Added a new constructor array:from/2.

Own Id: OTP-19815
Related Id(s): PR-10304
There are new functions for random permutation of a list: rand:shuffle/1 and rand:shuffle_s/2. They are inspired by a suggestion and discussion on ErlangForums.

Own Id: OTP-19826
Related Id(s): PR-10281

*** HIGHLIGHT ***
The undocumented functions erl_eval:extended_parse_exprs/1 and erl_eval:extended_parse_term/1 will now be faster when called with a long list of tokens. (These functions are used by qlc and the shell.)

Own Id: OTP-19838
Related Id(s): PR-10338
The unicode module now supports the Unicode 17 standard.

Own Id: OTP-19853
Related Id(s): PR-10382
Added functions to unicode for recognizing whitespaces and identifiers.

Own Id: OTP-19858
Related Id(s): PR-10387
The rand:bytes/1 and rand:bytes_s/2 functions have been optimized by implementing a new internal callback function that crypto:rand_seed_alg/1 and crypto:alg_seed_alg_s/1 have been updated to use.

A new algorithm crypto_prng1, which also takes advantage of this new internal callback, has been added to crypto:rand_seed_alg/2 and crypto:rand_seed_alg_s/2. It is much faster then the existing crypto_aes, in particular for generating bytes.

Own Id: OTP-19882
Related Id(s): PR-10453, OTP-19827
There will now be a warning when exporting variables out of a subexpression. For example:
```
case file:open(File, AllOpts = [write,{encoding,utf8}]) of
    {ok,Fd} ->
        {Fd,AllOpts}
end
```
To avoid the warning, this can be rewritten to:
```
AllOpts = [write,{encoding,utf8}],
case file:open(File, AllOpts) of
    {ok,Fd} ->
        {Fd,AllOpts}
end
```
The warning can be suppressed by giving option nowarn_export_var_subexpr to the compiler.

Own Id: OTP-19898
Related Id(s): PR-9134

*** HIGHLIGHT ***
There are new functions in the shell for returning process information.

The pi/1 function is shortcut for erlang:process_info/1. The pi/3 function takes the three numbers from a pid, constructs a pid, and calls process_info/1.

Examples:
```
1> pi(<0.90.0>).
[{current_function,{c,pinfo,1}},
{initial_call,{erlang,apply,2}},
{status,running},
...
2> pi(0, 90, 0).
[{current_function,{c,pinfo,1}},
{initial_call,{erlang,apply,2}},
{status,running},
...
```
Own Id: OTP-19903
Related Id(s): PR-10422
Tools such as the debugger, beam_lib, and xref no longer support BEAM files created before OTP 13B.

Own Id: OTP-19906
Related Id(s): PR-10519
The calendar module has been updated to use the much faster than before Neri-Schneider algorithm for Gregorian calendar calculations, and been extended to handle negative years.

Own Id: OTP-19912
Related Id(s): PR-10449
graph is a new module that is a functional equivalent of the digraph and digraph_utils modules.

Own Id: OTP-19922
Related Id(s): PR-10532

*** HIGHLIGHT ***

Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
* exception error: bad filter 2614250

In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:

1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
* 5:14: matches using '=' are not allowed in comprehension qualifiers
unless the experimental 'compr_assign' language feature is enabled.
With 'compr_assign' enabled, a match 'P = E' will behave as a
strict generator 'P <-:- [E]'."

However, this example will work as expected if the compr_assign feature is enabled when starting the runtime system:

$ erl -enable-feature compr_assign
. . .
1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0].
ok
2> fh(lists:seq(1, 10)).
[2614250]

Here is another example how compr_assign can be used:

-module(example).
-feature(compr_assign, enable).
-export([cat/1]).

cat(Files) ->
    [Char || F <- Files,
             {ok, Bin} = file:read_file(F),
             Char <- unicode:characters_to_list(Bin)].

Own Id: OTP-19927
Related Id(s): PR-9153

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***

Removed the undocumented dyn_erl utility.

Own Id: OTP-19933
Related Id(s): PR-10573
The functions erl_tar:add/3 and erl_tar:add/4 now accepts the {mode,Mode} option for setting the permission of the file.

Own Id: OTP-19934
Related Id(s): PR-10524
Added zstd:flush/2 for flushing compressed data without closing the compression context.

Own Id: OTP-19936
Related Id(s): GH-10345, PR-10511
There will now be a warning when using the catch operator, which has been deprecated for a long time.

It is recommended to instead use try...catch...end but is also possible to disable the warning by using the nowarn_deprecated_catch option.

Own Id: OTP-19938
Related Id(s): PR-10421

*** HIGHLIGHT ***
Multi-valued comprehensions according to EEP 78 has been implemented.

Example:
```
> [I, -I || I <- lists:seq(1, 5)].
[1,-1,2,-2,3,-3,4,-4,5,-5]
```
Own Id: OTP-19942
Related Id(s): PR-9374

*** HIGHLIGHT ***
There will now be a warning for matches that unify constructors, such as the following:
```
m({a,B} = {Y,Z}) -> . . .
```
Such a match can be rewritten to:
```
m({a=Y,B=Y}) -> . . .
```
The compiler option nowarn_match_alias_pats can be used to disable the warning.

Own Id: OTP-19943
Related Id(s): PR-10433

*** HIGHLIGHT ***
While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order:
- maps:keys/1
- maps:values/1
- maps:to_list/1
- maps:to_list(maps:iterator(M))
- Map comprehension: [{K,V} || K := V <- M]
Own Id: OTP-19963
Related Id(s): PR-10626

*** HIGHLIGHT ***
The array module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with term_to_binary/1 in previous releases are not compatible.

Own Id: OTP-20004
Related Id(s): PR-10578

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***
m:erl_tar will use less memory when extracting large tar entries to disk. Instead of reading each tar entry into memory, erl_tar will now stream data in chunks of 64KB. The chunk size is settable using the new {chunks,ChunkSize} option.

The new {max_size,Size} option will set a limit on the total size of extracted data to protect against filling up the disk.

Checking of symlinks has been improved. Some symlinks that were safe (such as dir/link -> ../file) used to be rejected.

Own Id: OTP-20023
Related Id(s): PR-10814, PR-10818, PR-10821

*** HIGHLIGHT ***
Added a new module called io_ansi that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications.

io_ansi uses the local terminfo database in order to be as cross-platform compatible as possible.

It also works across nodes so that if functions on a remote node call io_ansi:fwrite/1 it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use io_ansi and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly.

Own Id: OTP-20028
Related Id(s): PR-10905, PR-9940

*** HIGHLIGHT ***
Polished the documentation groups, essentially removed groups that did nothing but obscure the documentation.

Own Id: OTP-20029
Related Id(s): PR-10755
The gb_sets:from_ordset/1 and gb_trees:from_orddict/1 functions would trust their inputs. If the input contained duplicates or was not properly sorted, the resulting gb_set or gb_tree would be invalid, and any number of interesting problems could occur.

In this release, these functions will raise an exception if their input is not valid. That could mean that incorrect programs that seemed to work could now stop working altogether.

There is also a new gb_trees:from_list/1 function for directly creating a gb_tree from a list.

Own Id: OTP-20061
Related Id(s): PR-10910

*** POTENTIAL INCOMPATIBILITY ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The json module now encodes and decodes quoted strings faster. Improvements of up to 55 percent has been measured when decoding JSON data with long strings.

The string:length/1, string:slice/2, and string:slice/3 functions have been optimized. For some strings, they can be up to twice as fast.

Own Id: OTP-20072
Related Id(s): PR-10938, PR-10948

*** HIGHLIGHT ***

Full runtime dependencies of stdlib-8.0

compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax_tools-3.2.1

syntax_tools-4.1

Fixed Bugs and Malfunctions

merl:compile_and_load/1 could crash when compiling code containing comments.

merl:quote/2 would fail to handle literal UTF-8 encoded binaries.

Own Id: OTP-20077
Related Id(s): PR-10243, PR-10962

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
Multi-valued comprehensions according to EEP 78 has been implemented.

Example:
```
> [I, -I || I <- lists:seq(1, 5)].
[1,-1,2,-2,3,-3,4,-4,5,-5]
```
Own Id: OTP-19942
Related Id(s): PR-9374

*** HIGHLIGHT ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of syntax_tools-4.1

compiler-9.0, erts-16.0, kernel-10.3, stdlib-8.0

tftp-1.3

Improvements and New Features

The legacy and and or operators have been replaced with other language constructs.

Own Id: OTP-19744
Related Id(s): PR-10114, PR-10554, PR-10568, PR-10579, PR-10580, PR-10585, PR-10598, PR-10710, PR-10718, PR-10730
All use of legacy catch in the TFTP application has been rewritten.

In the process, deep return using exit/1 or throw/1 from callbacks has been changed to only work with throw/1, as customary. This was considered a misfeature.

Explicit loading of callback module or logger module has been removed, since that was against what one would expect for embedded mode.

Own Id: OTP-19996
Related Id(s): PR-10753
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of tftp-1.3

erts-6.0, kernel-6.0, stdlib-5.0

tools-4.2

Fixed Bugs and Malfunctions

Fixed "unbalanced parenthesis" issue when pressing TAB in emacs erlang shell.

Own Id: OTP-19921
Related Id(s): GH-8569, PR-10642
The minimum supported Emacs version for erlang-mode has been raised from 24.3 to 27.1. Compatibility shims for older Emacs versions have been removed.

The erlang-mode package version now tracks the Erlang/OTP release version (29.0) for consistent version numbers across package managers.

Own Id: OTP-20059
Related Id(s): PR-10892

Improvements and New Features

Tools such as the debugger, beam_lib, and xref no longer support BEAM files created before OTP 13B.

Own Id: OTP-19906
Related Id(s): PR-10519
The ignore_xref attribute has been handled as a post-analysis filter by build tools such as Rebar3. In this release, xref itself does the filtering, ensuring that all tooling that calls xref for any purpose can rely on these declarations to just work.

Own Id: OTP-20032
Related Id(s): PR-10592

*** HIGHLIGHT ***
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***
The runtime system now supports generating encrypted crash dumps. See the description of --enable-encrypted-crash-dumps in Building and Installing Erlang/OTP.

Own Id: OTP-20085
Related Id(s): PR-10993

*** HIGHLIGHT ***

Full runtime dependencies of tools-4.2

compiler-8.5, crypto-5.9, erts-15.0, kernel-10.0, public_key-1.21, runtime_tools-2.1, stdlib-6.0

wx-2.6

Fixed Bugs and Malfunctions

The examples for wx are now only installed in one place (in doc/examples).

Own Id: OTP-20119
Related Id(s): ERIERL-1315, PR-11032

Improvements and New Features

Documentation about how to validate the SBOM using sigstore has been added.

Own Id: OTP-19766
Related Id(s): GH-10151, PR-10187
Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of wx-2.6

erts-12.0, kernel-8.0, stdlib-5.0

xmerl-2.2

Improvements and New Features

Added support for -unsafe attributes, which is used to mark functions as unsafe to use.

This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe.

Furthermore, xref can now be used to find calls to functions in another application that lack a -doc attribute (undocumented_function_calls), calls to functions in another application marked -doc false. (private_function_calls), as well as calls to unsafe functions (unsafe_function_calls).

Own Id: OTP-20066
Related Id(s): PR-10839

*** HIGHLIGHT ***

Full runtime dependencies of xmerl-2.2

erts-6.0, kernel-8.4, stdlib-2.5

Thanks to

Alexandre Rodrigues, Alex Mickelson, Andreas Hasselberg, Andrew Bennett, Ayanda Dube, Bentheburrito, Bernhard M. Wiedemann, Bozhidar Batsov, Claes Nästén, Daniel Gorin, Daniel Kukula, dependabot[bot], Eksperimental, Eric Meadows-Jönsson, erlang-bot-app[bot], felipe stival, Fernando Areias, Holger Weiß, Ievgen Pyrogov, Ilya Averyanov, ilya-klyuchnikov, Ilya Klyuchnikov, Jan Uhlig, Jérôme de Bretagne, João Henrique Ferreira de Freitas, Johannes Christ, Jonatan Männchen, José Valim, krishnadas, Loïc Hoguin, loscher, lud, Maria Scott, Marko Mindek, matt, Mend Renovate, Michael Daniels, Michał Muskała, Nelson Vides, Nick Vatamaniuc, Olexandr88, Paul Guyot, Paulo F. Oliveira, Paulo Tomé, Petr Sumbera, Preet, Radek Szymczyszyn, Rasmus Précenth, Richard Carlsson, Robert Ismo, Robin Morisset, Sam Weaver, Sébastien Saint-Sevin, Sergey Fedorov, siiky, Simon Cornish, spoo, Stefan Grundmann, Takeru Ohta, Vadim Yanitskiy, Vance Shipley, Wade Mealing, Wei Huang, williamthome, yagogarea, Zabrane, Zeyu Zhang, наб

`v28.5`: OTP 28.5

Compare Source

Patch Package:           OTP 28.5
Git Tag:                 OTP-28.5
Date:                    2026-04-23
Trouble Report Id:       OTP-16607, OTP-19162, OTP-19967, OTP-20038,
                         OTP-20043, OTP-20082, OTP-20094, OTP-20098,
                         OTP-20101, OTP-20106
Seq num:                 GH-10667, GH-10812, GH-10915, GH-10967,
                         OTP-16608, PR-10431, PR-10881, PR-10908,
                         PR-10924, PR-10957, PR-10976, PR-11002,
                         PR-11045
System:                  OTP
Release:                 28
Application:             erl_interface-5.7, erts-16.4, mnesia-4.25.3,
                         ssl-11.6
Predecessor:             OTP 28.4.3

Check out the git tag OTP-28.5, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

HIGHLIGHTS

There is a new "Secure Coding Guidelines" document in Design Principles describing how to write secure Erlang code.

Own Id: OTP-20043
Application(s): otp
Related Id(s): PR-10431

OTP-28.5

Improvements and New Features

There is a new "Secure Coding Guidelines" document in Design Principles describing how to write secure Erlang code.

Own Id: OTP-20043
Related Id(s): PR-10431

*** HIGHLIGHT ***

erl_interface-5.7

The erl_interface-5.7 application can be applied independently of other applications on a full OTP 28 installation.

Improvements and New Features

A new configure option --{enable,disable}-use-embedded-3pp-alternatives has been added. When enabled, configure is forced to find alternatives, to a subset, of the embedded third-party products (3pps) in the runtime system, and when disabled, configure will use all internal embedded 3pps. Currently this option affects zstd, zlib, ryu (with STL), openssl and tcl. The default is to use all built-in embedded 3pps except for zlib which by default will use zlib on the OS if available.

Requirements for alternatives:
- zstd - Static library and include files of at least version 1.5.6 needs to be available.
- zlib - Library and include files of at least version 1.2.5 needs to be available.
- ryu (with STL) - A usable C++ compiler with C++17 support.
- openssl - No requirements. Our own MD5 implementation will be used.
- tcl - The strerrorname_np() function (introduced in glibc 2.32) mapping errno integers to symbolic names needs to be available.
The argument embedded_3pps has been added to erlang:system_info/1. It returns a map with information about the use of embedded 3pps in the runtime system.

Own Id: OTP-20106
Related Id(s): PR-11045

Known Bugs and Problems

The ei API for decoding/encoding terms is not fully 64-bit compatible since terms that have a representation on the external term format larger than 2 GB cannot be handled.

Own Id: OTP-16607
Related Id(s): OTP-16608

erts-16.4

The erts-16.4 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

Fixed bug in enif_make_map_from_arrays for arrays with at least 33 keys. If duplicate keys existed, instead of failing, it would skip the duplicates. If less than 33 unique keys existed, an internally inconsistent and broken map was returned.

Own Id: OTP-20098
Related Id(s): PR-10976
Fixed an issue when supplying the args_file option to erl.exe on windows that did not handle unicode characters correctly.

Own Id: OTP-20101
Related Id(s): GH-10667

Improvements and New Features

A new configure option --{enable,disable}-use-embedded-3pp-alternatives has been added. When enabled, configure is forced to find alternatives, to a subset, of the embedded third-party products (3pps) in the runtime system, and when disabled, configure will use all internal embedded 3pps. Currently this option affects zstd, zlib, ryu (with STL), openssl and tcl. The default is to use all built-in embedded 3pps except for zlib which by default will use zlib on the OS if available.

Requirements for alternatives:
- zstd - Static library and include files of at least version 1.5.6 needs to be available.
- zlib - Library and include files of at least version 1.2.5 needs to be available.
- ryu (with STL) - A usable C++ compiler with C++17 support.
- openssl - No requirements. Our own MD5 implementation will be used.
- tcl - The strerrorname_np() function (introduced in glibc 2.32) mapping errno integers to symbolic names needs to be available.
The argument embedded_3pps has been added to erlang:system_info/1. It returns a map with information about the use of embedded 3pps in the runtime system.

Own Id: OTP-20106
Related Id(s): PR-11045

Full runtime dependencies of erts-16.4

kernel-9.0, sasl-3.3, stdlib-4.1

mnesia-4.25.3

The mnesia-4.25.3 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

Added documentation for user_properties and functions read_table_property/2, write_table_property/2, delete_table_property. Enhanced documentation for frag_properties.

Own Id: OTP-20038
Related Id(s): GH-10812, PR-10881
Fixed a bug where stacktrace was not returned from mnesia:transaction/1 when transaction aborts with an error exception.

Own Id: OTP-20094
Related Id(s): GH-10967, PR-11002

Full runtime dependencies of mnesia-4.25.3

erts-9.0, kernel-5.3, stdlib-5.0

ssl-11.6

Note! The ssl-11.6 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependencies have to be satisfied:
   -- crypto-5.8 (first satisfied in OTP 28.3)
   -- public_key-1.20.3 (first satisfied in OTP 28.4.2)

Fixed Bugs and Malfunctions

Preserve inet option order, as inet_backend option must be first option. Will make inet_backend option work for ssl independently of number of inet supplied options.

Own Id: OTP-19162
Related Id(s): PR-10908
Missing conformance check for signature algorithms in TLS-1.3 could cause selection of incompatible certificate when a server is configured with more than one possible certificate.

Own Id: OTP-20082
Related Id(s): GH-10915, PR-10924

Improvements and New Features

Avoid unnecessary memory consumption for temporary processes in a supervision tree.

Own Id: OTP-19967
Related Id(s): PR-10957

Full runtime dependencies of ssl-11.6

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.20.3, runtime_tools-1.15.1, stdlib-7.0

Thanks to

felipe stival, Hewwho, Hugo Baraúna, Nick Vatamaniuc, Viktor Söderqvist, William Yang

`v28.4.3`: OTP 28.4.3

Compare Source

Patch Package:           OTP 28.4.3
Git Tag:                 OTP-28.4.3
Date:                    2026-04-21
Trouble Report Id:       OTP-20081, OTP-20086, OTP-20104
Seq num:                 #&#8203;10968, CVE-2026-32147, PR-10985, PR-11027
System:                  OTP
Release:                 28
Application:             kernel-10.6.3, ssh-5.5.2
Predecessor:             OTP 28.4.2

Check out the git tag OTP-28.4.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

OTP-28.4.3

Fixed Bugs and Malfunctions

Fix the otp_patch_apply script to properly handle installation of documentation for OTP versions with more than one digit in version parts less significant than the major version.

Own Id: OTP-20086
Related Id(s): PR-10985

kernel-10.6.3

The kernel-10.6.3 application can be applied independently of other applications on a full OTP 28 installation.

Fixed Bugs and Malfunctions

On Windows, sockets has to be bound when using 'socket'. Therefor when using gen_tcp with inet_backend = socket, gen_tcp_socket bind even if the caller has not provided an explicit bind address. In that case it attempts to locate a "proper" address on its own. But if the connect address is the loopback address, this could lead to an attempt to bind to an external interface. So, this has now been changed so that if the connect address is the loopback address, the loopback address will also be used when binding.

Own Id: OTP-20104
Related Id(s): #10968

Full runtime dependencies of kernel-10.6.3

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0

ssh-5.5.2

Note! The ssh-5.5.2 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.

   On a full OTP 28 installation, also the following runtime
   dependency has to be satisfied:
   -- crypto-5.7 (first satisfied in OTP 28.1)

Fixed Bugs and Malfunctions

Fixed a vulnerability in the SFTP server where file attributes could be modified outside the configured root directory. When using FSETSTAT on an open file handle, the operation used the path stored in the handle without verifying it was within the root directory, allowing attribute changes to files outside the chroot boundary.

Thanks to John Downey.

Own Id: OTP-20081
Related Id(s): PR-11027, CVE-2026-32147

Full runtime dependencies of ssh-5.5.2

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [erlang](https://github.com/erlang/otp) | major | `28.4.2` → `29.0` | --- ### Release Notes <details> <summary>erlang/otp (erlang)</summary> ### [`v29.0`](https://github.com/erlang/otp/releases/tag/OTP-29.0): OTP 29.0 [Compare Source](https://github.com/erlang/otp/compare/OTP-28.5...OTP-29.0) ``` Inital Release: OTP 29.0 Git Tag: OTP-29.0 Date: 2026-05-13 Trouble Report Id: OTP-16607, OTP-19587, OTP-19611, OTP-19643, OTP-19663, OTP-19672, OTP-19695, OTP-19708, OTP-19709, OTP-19713, OTP-19734, OTP-19744, OTP-19747, OTP-19750, OTP-19751, OTP-19763, OTP-19766, OTP-19783, OTP-19784, OTP-19785, OTP-19786, OTP-19793, OTP-19800, OTP-19801, OTP-19807, OTP-19809, OTP-19811, OTP-19815, OTP-19822, OTP-19826, OTP-19834, OTP-19838, OTP-19842, OTP-19853, OTP-19858, OTP-19866, OTP-19874, OTP-19882, OTP-19887, OTP-19898, OTP-19903, OTP-19906, OTP-19910, OTP-19912, OTP-19917, OTP-19918, OTP-19919, OTP-19921, OTP-19922, OTP-19925, OTP-19927, OTP-19932, OTP-19933, OTP-19934, OTP-19935, OTP-19936, OTP-19938, OTP-19942, OTP-19943, OTP-19949, OTP-19956, OTP-19960, OTP-19963, OTP-19964, OTP-19965, OTP-19966, OTP-19968, OTP-19969, OTP-19975, OTP-19980, OTP-19982, OTP-19991, OTP-19995, OTP-19996, OTP-19997, OTP-20001, OTP-20002, OTP-20003, OTP-20004, OTP-20010, OTP-20013, OTP-20015, OTP-20016, OTP-20017, OTP-20019, OTP-20020, OTP-20023, OTP-20025, OTP-20026, OTP-20028, OTP-20029, OTP-20030, OTP-20031, OTP-20032, OTP-20034, OTP-20035, OTP-20036, OTP-20045, OTP-20048, OTP-20054, OTP-20055, OTP-20059, OTP-20061, OTP-20066, OTP-20069, OTP-20070, OTP-20071, OTP-20072, OTP-20073, OTP-20076, OTP-20077, OTP-20078, OTP-20079, OTP-20080, OTP-20085, OTP-20087, OTP-20088, OTP-20090, OTP-20092, OTP-20095, OTP-20099, OTP-20100, OTP-20102, OTP-20103, OTP-20111, OTP-20114, OTP-20115, OTP-20116, OTP-20117, OTP-20119, OTP-20123, OTP-20124, OTP-20125, OTP-20126, OTP-20127, OTP-20128, OTP-20132, OTP-20133 Seq num: ERIERL-1314, ERIERL-1315, ERIERL-1319, GH-10071, GH-10125, GH-10151, GH-10214, GH-10260, GH-10341, GH-10342, GH-10345, GH-10557, GH-10650, GH-10807, GH-10968, GH-11030, GH-8569, GH-8841, GH-8993, GH-9822, OTP-16608, OTP-19652, OTP-19775, OTP-19779, OTP-19827, OTP-20106, PR-10013, PR-10033, PR-10078, PR-10114, PR-10115, PR-10126, PR-10134, PR-10144, PR-10145, PR-10161, PR-10166, PR-10168, PR-10187, PR-10189, PR-10193, PR-10195, PR-10197, PR-10202, PR-10207, PR-10230, PR-10234, PR-10243, PR-10253, PR-10259, PR-10269, PR-10276, PR-10277, PR-10281, PR-10304, PR-10338, PR-10346, PR-10348, PR-10372, PR-10382, PR-10387, PR-10417, PR-10421, PR-10422, PR-10426, PR-10433, PR-10449, PR-10453, PR-10478, PR-10510, PR-10511, PR-10514, PR-10519, PR-10524, PR-10532, PR-10549, PR-10554, PR-10556, PR-10564, PR-10568, PR-10571, PR-10573, PR-10578, PR-10579, PR-10580, PR-10585, PR-10592, PR-10598, PR-10601, PR-10614, PR-10615, PR-10617, PR-10619, PR-10626, PR-10642, PR-10646, PR-10647, PR-10653, PR-10656, PR-10674, PR-10710, PR-10718, PR-10730, PR-10735, PR-10739, PR-10753, PR-10754, PR-10755, PR-10770, PR-10782, PR-10783, PR-10801, PR-10804, PR-10805, PR-10808, PR-10814, PR-10817, PR-10818, PR-10819, PR-10820, PR-10821, PR-10824, PR-10830, PR-10836, PR-10838, PR-10839, PR-10870, PR-10892, PR-10894, PR-10905, PR-10910, PR-10929, PR-10938, PR-10948, PR-10949, PR-10950, PR-10951, PR-10958, PR-10962, PR-10965, PR-10969, PR-10970, PR-10979, PR-10986, PR-10993, PR-10998, PR-11000, PR-11004, PR-11010, PR-11012, PR-11019, PR-11025, PR-11031, PR-11032, PR-11047, PR-11059, PR-11062, PR-11067, PR-11069, PR-11073, PR-11078, PR-11079, PR-11080, PR-7118, PR-7315, PR-9115, PR-9125, PR-9134, PR-9153, PR-9209, PR-9223, PR-9315, PR-9374, PR-9475, PR-9712, PR-9814, PR-9864, PR-9866, PR-9894, PR-9899, PR-9934, PR-9940, PR-9984 System: OTP Release: 29 Application: asn1-5.5, common_test-1.31, compiler-10.0, crypto-5.9, debugger-7.0, dialyzer-6.0, diameter-2.7, edoc-1.5, eldap-1.3, erl_interface-5.8, erts-17.0, et-1.8, eunit-2.11, ftp-1.2.5, inets-9.7, jinterface-1.16, kernel-11.0, megaco-4.9, mnesia-4.26, observer-2.19, odbc-2.17, os_mon-2.12, parsetools-2.8, public_key-1.21, reltool-1.1, runtime_tools-2.4, sasl-4.4, snmp-5.20.3, ssh-6.0, ssl-11.7, stdlib-8.0, syntax_tools-4.1, tftp-1.3, tools-4.2, wx-2.6, xmerl-2.2 Predecessor: OTP ``` Check out the git tag OTP-29.0, and build a full OTP system including documentation. ### HIGHLIGHTS - The JIT now generates better code for matching or creating binaries with multiple little-endian segments. Own Id: OTP-19747\ Application(s): erts\ Related Id(s): [PR-10126] - In the documentation for the [`compile`] module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the `to_abstr`, `to_exp`, and `from_abstr` options. The documentation for [erlc] now lists `.abstr` as one of the supported options. When compiling with the `to_abstr` option, the resulting `.abstr` file now retains any `-doc` attributes present in the source code. Own Id: OTP-19784\ Application(s): compiler, erts\ Related Id(s): [PR-10230], [PR-10234] - Native records as described in [EEP-79] has been implemented. A native record is a data structure similar to the traditional tuple-based records, except that is a true data type. Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them. Own Id: OTP-19785\ Application(s): compiler, debugger, dialyzer, erts, stdlib\ Related Id(s): [PR-10617] - The guard BIF `is_integer/3` has been added. It follows the design of the original EEP-16, only changing the name from `is_between` to `is_integer`. This BIF takes in 3 parameters, `Term`, `LowerBound`, and `UpperBound`. It returns `true` if `Term`, `LowerBound`, and `UpperBound` are all integers, and `LowerBound =< Term =< UpperBound`; otherwise, it returns false. Example: ```erlang 1> I = 42. 2> is_integer(I, 0, 100). true ``` Own Id: OTP-19809\ Application(s): compiler, dialyzer, erts\ Related Id(s): [PR-10276] - There are new functions for random permutation of a list: `rand:shuffle/1` and `rand:shuffle_s/2`. They are inspired by a suggestion and discussion on ErlangForums. Own Id: OTP-19826\ Application(s): stdlib\ Related Id(s): [PR-10281] - In the default code path for the Erlang system, the current working directory (`.`) is now in the last position instead of the first. Own Id: OTP-19842\ Application(s): erts, kernel \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Function application is now left associative. That means one can now write: ``` f(X)(Y) ``` instead of: ``` (f(X))(Y) ``` Own Id: OTP-19866\ Application(s): compiler\ Related Id(s): [PR-9223] - The old-style type tests in guards (`integer`, `atom`, and so on) have been scheduled for removal in Erlang/OTP 30. They have been deprecated for a long time. Own Id: OTP-19887\ Application(s): otp\ Related Id(s): [PR-10417] - There will now be a warning when exporting variables out of a subexpression. For example: ``` case file:open(File, AllOpts = [write,{encoding,utf8}]) of {ok,Fd} -> {Fd,AllOpts} end ``` To avoid the warning, this can be rewritten to: ``` AllOpts = [write,{encoding,utf8}], case file:open(File, AllOpts) of {ok,Fd} -> {Fd,AllOpts} end ``` The warning can be suppressed by giving option `nowarn_export_var_subexpr` to the compiler. Own Id: OTP-19898\ Application(s): compiler, stdlib\ Related Id(s): [PR-9134] - There is a new option `warn_obsolete_bool_op` that instruct the compiler to emit warnings for the `and` and `or` operators. It is recommended to instead use the modern `andalso` and `orelse` operators, or `,` and `;` in guards. Own Id: OTP-19918\ Application(s): compiler\ Related Id(s): [PR-9115] - `graph` is a new module that is a functional equivalent of the [`digraph`] and [`digraph_utils`] modules. Own Id: OTP-19922\ Application(s): stdlib\ Related Id(s): [PR-10532] - Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). * exception error: bad filter 2614250 ``` In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. * 5:14: matches using '=' are not allowed in comprehension qualifiers unless the experimental 'compr_assign' language feature is enabled. With 'compr_assign' enabled, a match 'P = E' will behave as a strict generator 'P <-:- [E]'." ``` However, this example will work as expected if the `compr_assign` feature is enabled when starting the runtime system: ``` $ erl -enable-feature compr_assign . . . 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). [2614250] ``` Here is another example how `compr_assign` can be used: ``` -module(example). -feature(compr_assign, enable). -export([cat/1]). cat(Files) -> [Char || F <- Files, {ok, Bin} = file:read_file(F), Char <- unicode:characters_to_list(Bin)]. ``` Own Id: OTP-19927\ Application(s): compiler, stdlib\ Related Id(s): [PR-9153] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - There will now be a warning when using the `catch` operator, which has been deprecated for a long time. It is recommended to instead use `try`...`catch`...`end` but is also possible to disable the warning by using the `nowarn_deprecated_catch` option. Own Id: OTP-19938\ Application(s): compiler, stdlib\ Related Id(s): [PR-10421] - Multi-valued comprehensions according to [EEP 78] has been implemented. Example: ```erlang > [I, -I || I <- lists:seq(1, 5)]. [1,-1,2,-2,3,-3,4,-4,5,-5] ``` Own Id: OTP-19942\ Application(s): compiler, debugger, stdlib, syntax\_tools\ Related Id(s): [PR-9374] - There will now be a warning for matches that unify constructors, such as the following: ``` m({a,B} = {Y,Z}) -> . . . ``` Such a match can be rewritten to: ``` m({a=Y,B=Y}) -> . . . ``` The compiler option `nowarn_match_alias_pats` can be used to disable the warning. Own Id: OTP-19943\ Application(s): compiler, stdlib\ Related Id(s): [PR-10433] - There is no longer a 32-bit Erlang/OTP build for Windows. Own Id: OTP-19960\ Application(s): otp - While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order: - `maps:keys/1` - `maps:values/1` - `maps:to_list/1` - `maps:to_list(maps:iterator(M))` - Map comprehension: `[{K,V} || K := V <- M]` Own Id: OTP-19963\ Application(s): erts, stdlib\ Related Id(s): [PR-10626] - The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it. Own Id: OTP-19965\ Application(s): ssh\ Related Id(s): [PR-10656] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The compiler now generates more efficient code for map comprehensions with constant values that don't depend on the generator, such as the following: ``` #{K => 42} || K <- List}. #{K => X || K <- List}. #{K => {X, Y} || K <- List}. ``` Own Id: OTP-19968\ Application(s): compiler\ Related Id(s): [PR-10646] - The SSH daemon now defaults to disabled for shell and exec services, implementing the "secure by default" principle. This prevents authenticated users from executing arbitrary Erlang code unless explicitly configured. Applications requiring shell or exec functionality must now explicitly enable: ```erlang %% Enable Erlang shell ssh:daemon(Port, [{shell, {shell, start, []}} | Options]) %% Enable Erlang term evaluation via exec ssh:daemon(Port, [{exec, erlang_eval} | Options]) %% Restore complete old behavior ssh:daemon(Port, [{shell, {shell, start, []}}, {exec, erlang_eval} | Options]) ``` Own Id: OTP-19969\ Application(s): ssh\ Related Id(s): ERIERL-1319, [PR-10970], [PR-11080] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The `odbc` application is now deprecated and is planned to be removed in Erlang/OTP 30. The [`ftp`] and [`ct_ftp`] modules are now deprecated and are planned to be removed in Erlang/OTP 30. Own Id: OTP-19980\ Application(s): ftp, odbc\ Related Id(s): [PR-10804] - The `array` module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with `term_to_binary/1` in previous releases are not compatible. Own Id: OTP-20004\ Application(s): stdlib\ Related Id(s): [PR-10578] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Added support for socket functions `recvmmsg()` and `sendmmsg()`. Own Id: OTP-20015\ Application(s): erts, kernel\ Related Id(s): [PR-10564] - `m:erl_tar` will use less memory when extracting large tar entries to disk. Instead of reading each tar entry into memory, [`erl_tar`] will now stream data in chunks of 64KB. The chunk size is settable using the new `{chunks,ChunkSize}` option. The new `{max_size,Size}` option will set a limit on the total size of extracted data to protect against filling up the disk. Checking of symlinks has been improved. Some symlinks that were safe (such as `dir/link -> ../file`) used to be rejected. Own Id: OTP-20023\ Application(s): stdlib\ Related Id(s): [PR-10814], [PR-10818], [PR-10821] - Added a new module called `io_ansi` that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications. `io_ansi` uses the local terminfo database in order to be as cross-platform compatible as possible. It also works across nodes so that if functions on a remote node call `io_ansi:fwrite/1` it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use `io_ansi` and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly. Own Id: OTP-20028\ Application(s): kernel, stdlib\ Related Id(s): [PR-10905], [PR-9940] - The `ignore_xref` attribute has been handled as a post-analysis filter by build tools such as Rebar3. In this release, [`xref`] itself does the filtering, ensuring that all tooling that calls `xref` for any purpose can rely on these declarations to just work. Own Id: OTP-20032\ Application(s): tools\ Related Id(s): [PR-10592] - New in this release is `ct_doctest`, a module that allows the user to test documentation examples in Erlang module docs and documentation files. ct\_doctest allows you to: - Test code examples using shell syntax and their returns - Test code examples that should fail - Write example modules that are compiled and available in shell examples - Plugin other documentation parsing engines so that examples in, for example, `edoc`, `asciidoc`, and others can also be tested. See the documentation for more details. Own Id: OTP-20034\ Application(s): common\_test\ Related Id(s): [PR-10824], [PR-9315] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Application(s): asn1, common\_test, compiler, crypto, debugger, dialyzer, diameter, edoc, eunit, inets, kernel, megaco, mnesia, observer, odbc, os\_mon, otp, parsetools, public\_key, reltool, runtime\_tools, sasl, ssh, ssl, stdlib, syntax\_tools, tftp, tools, wx, xmerl\ Related Id(s): [PR-10839] - The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration. Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512. The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh\_dsa\_sha2\_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list. All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status. Own Id: OTP-20070\ Application(s): ssl\ Related Id(s): [PR-10949] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The [`json`] module now encodes and decodes quoted strings faster. Improvements of up to 55 percent has been measured when decoding JSON data with long strings. The `string:length/1`, `string:slice/2`, and `string:slice/3` functions have been optimized. For some strings, they can be up to twice as fast. Own Id: OTP-20072\ Application(s): stdlib\ Related Id(s): [PR-10938], [PR-10948] - The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly: ```erlang ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options]) ``` Own Id: OTP-20078\ Application(s): ssh\ Related Id(s): [PR-10970] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The runtime system now supports generating encrypted crash dumps. See the description of `--enable-encrypted-crash-dumps` in [Building and Installing Erlang/OTP]. Own Id: OTP-20085\ Application(s): crypto, erts, public\_key, tools\ Related Id(s): [PR-10993] - There is a new Hardening guide giving guidelines on how to strengthen the security for the `ssl` application. Own Id: OTP-20087\ Application(s): ssl\ Related Id(s): [PR-11019] - There is a new Hardening guide with advice for configuring Inets to be more secure. Own Id: OTP-20133\ Application(s): inets\ Related Id(s): [PR-11073] ### POTENTIAL INCOMPATIBILITIES - Fixed (`inet`) module selection when calling (`gen_tcp`) listen and connect and (`gen_udp`) open. Depending on the order of the options, the module option (`tcp_module` or `udp_module`) was sometimes ignored. Own Id: OTP-19695\ Application(s): kernel\ Related Id(s): [GH-9822], [PR-10013] - `ssh:stop_deamon` now uses `supervisor:stop` for shutting down daemons. With this change, the scenario when `ssh:stop_daemon` is called for a non-existing process results in calling process exiting. Previously an error tuple was returned (which was not documented). Own Id: OTP-19801\ Application(s): ssh\ Related Id(s): [PR-10253] - The `mnesia_registry` module has been removed. Own Id: OTP-19807\ Application(s): mnesia\ Related Id(s): [PR-7315] - In the default code path for the Erlang system, the current working directory (`.`) is now in the last position instead of the first. Own Id: OTP-19842\ Application(s): erts, kernel \*\*\* HIGHLIGHT \*\*\* - Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). * exception error: bad filter 2614250 ``` In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. * 5:14: matches using '=' are not allowed in comprehension qualifiers unless the experimental 'compr_assign' language feature is enabled. With 'compr_assign' enabled, a match 'P = E' will behave as a strict generator 'P <-:- [E]'." ``` However, this example will work as expected if the `compr_assign` feature is enabled when starting the runtime system: ``` $ erl -enable-feature compr_assign . . . 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). [2614250] ``` Here is another example how `compr_assign` can be used: ``` -module(example). -feature(compr_assign, enable). -export([cat/1]). cat(Files) -> [Char || F <- Files, {ok, Bin} = file:read_file(F), Char <- unicode:characters_to_list(Bin)]. ``` Own Id: OTP-19927\ Application(s): compiler, stdlib\ Related Id(s): [PR-9153] \*\*\* HIGHLIGHT \*\*\* - The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it. Own Id: OTP-19965\ Application(s): ssh\ Related Id(s): [PR-10656] \*\*\* HIGHLIGHT \*\*\* - The SSH daemon now defaults to disabled for shell and exec services, implementing the "secure by default" principle. This prevents authenticated users from executing arbitrary Erlang code unless explicitly configured. Applications requiring shell or exec functionality must now explicitly enable: ```erlang %% Enable Erlang shell ssh:daemon(Port, [{shell, {shell, start, []}} | Options]) %% Enable Erlang term evaluation via exec ssh:daemon(Port, [{exec, erlang_eval} | Options]) %% Restore complete old behavior ssh:daemon(Port, [{shell, {shell, start, []}}, {exec, erlang_eval} | Options]) ``` Own Id: OTP-19969\ Application(s): ssh\ Related Id(s): ERIERL-1319, [PR-10970], [PR-11080] \*\*\* HIGHLIGHT \*\*\* - Changed `ets:update_counter/4` and `ets:update_element/4` to *always* reject default tuples smaller than the `keypos` of the table. Such keyless tuples are now rejected even if the key exists in the table and the default tuple would not be used. This is a subtle semantic change but is a nicer behavior for development and testing as it will detect faulty default tuple arguments earlier. Own Id: OTP-19975\ Application(s): erts\ Related Id(s): [PR-10674] - Added explicit size validation guards for pre-authentication SSH messages to improve defense-in-depth against DoS attacks. Messages now have per-field size limits based on RFC specifications: - Transport layer messages (DISCONNECT, IGNORE, DEBUG) - Key exchange messages (DH, ECDH, DH-GEX) - Service request messages (SERVICE\_REQUEST, SERVICE\_ACCEPT, EXT\_INFO) This change enhances the existing 256KB global packet size limit with granular per-message validation. Compliant implementations are not affected. Own Id: OTP-19995\ Application(s): ssh\ Related Id(s): [PR-10739] - The `array` module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with `term_to_binary/1` in previous releases are not compatible. Own Id: OTP-20004\ Application(s): stdlib\ Related Id(s): [PR-10578] \*\*\* HIGHLIGHT \*\*\* - The SFTP subsystem `root` option now properly rejects relative paths at daemon startup. Previously, relative paths would cause unpredictable behavior as file operations resolved relative to the Erlang VM's current working directory. The option now requires an absolute path or empty string. Own Id: OTP-20019\ Application(s): ssh\ Related Id(s): [PR-10820] - The `gb_sets:from_ordset/1` and `gb_trees:from_orddict/1` functions would trust their inputs. If the input contained duplicates or was not properly sorted, the resulting gb\_set or gb\_tree would be invalid, and any number of interesting problems could occur. In this release, these functions will raise an exception if their input is not valid. That could mean that incorrect programs that **seemed** to work could now stop working altogether. There is also a new `gb_trees:from_list/1` function for directly creating a gb\_tree from a list. Own Id: OTP-20061\ Application(s): stdlib\ Related Id(s): [PR-10910] - The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration. Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512. The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh\_dsa\_sha2\_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list. All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status. Own Id: OTP-20070\ Application(s): ssl\ Related Id(s): [PR-10949] \*\*\* HIGHLIGHT \*\*\* - The old Tcl-based implementation of `erl_errno_id()` has been replaced by our own implementation now supporting more `errno` values on modern operating systems. It also returns the string `"errno_<ERRNO_INTEGER>"` corresponding to the integer given as argument if the `errno` integer is unknown instead of as previously just return the string `"unknown"`. The result of `erl_errno_id()` is often converted into an atom and passed as an error from a driver or a NIF. Own Id: OTP-20076\ Application(s): erts\ Related Id(s): [PR-10958], [PR-10969] - The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly: ```erlang ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options]) ``` Own Id: OTP-20078\ Application(s): ssh\ Related Id(s): [PR-10970] \*\*\* HIGHLIGHT \*\*\* - Secure renegotiation for TLS-1.2 specified in RFC 5746 from 2010 is now always used. The interoperability fallback option `{secure_renegotiate,SecureRenegotiate}` is no longer needed. Own Id: OTP-20080\ Application(s): ssl\ Related Id(s): [PR-10979] - The `erlang:suspend_process/1` and `erlang:suspend_process/2` BIFs now also suspend BIF timers that will send messages to the process if the timer was created using the PID of the process as destination. Timers created using registered names are not affected. Own Id: OTP-20095\ Application(s): erts\ Related Id(s): [PR-10619], [PR-11004] - The TOS handling on socket has been significantlyupdated and improved. Socket did not properly handle set, get and recv (cmsg) of TOS. Note that the returned TOS value has been changed. It was previously an atom or an integer. Now it is a map with different interpretations of the TOS octet. See the documentation. Own Id: OTP-20102\ Application(s): erts, kernel\ Related Id(s): [GH-10968], [PR-11059] ### OTP-29.0 #### Fixed Bugs and Malfunctions - The `start_erl` script will now work on embedded systems. Own Id: OTP-20111\ Related Id(s): [GH-10342], [PR-10346] #### Improvements and New Features - Vendor dependencies and OpenVEX statements in the `otp` repository is now scanned for vulnerabilities. It is verified that OTP security issues reported at Github exist in the published [OpenVEX] statements, and issues are automatically opened in the `otp` repository if vendor vulnerabilities are detected. Own Id: OTP-19763\ Related Id(s): [PR-10145], [PR-10166], [PR-10168], [PR-10189], [PR-10193], [PR-10195], [PR-10197], [PR-10202], OTP-19652, OTP-19775, OTP-19779 - Documentation about how to validate the SBOM using sigstore has been added. Own Id: OTP-19766\ Related Id(s): [GH-10151], [PR-10187] - The old-style type tests in guards (`integer`, `atom`, and so on) have been scheduled for removal in Erlang/OTP 30. They have been deprecated for a long time. Own Id: OTP-19887\ Related Id(s): [PR-10417] \*\*\* HIGHLIGHT \*\*\* - Removed the undocumented `dyn_erl` utility. Own Id: OTP-19933\ Related Id(s): [PR-10573] - There is no longer a 32-bit Erlang/OTP build for Windows. Own Id: OTP-19960\ \*\*\* HIGHLIGHT \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The [Upcoming Potential Incompatibilities] page has been updated to note that in Erlang/OTP 30, `erlang:fun_info(Fun, pid)` will no longer retrieve a pid, but will raise a `badarg` exception. Own Id: OTP-20092\ Related Id(s): [PR-10998] - Add security improvements to GitHub Actions workflows based on findings from `zizmor`, a GitHub Actions security linter. Own Id: OTP-20103\ Related Id(s): [PR-11000] - Improve mermaid diagram rending in documentation. Own Id: OTP-20132\ Related Id(s): [PR-11047] ### asn1-5.5 #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of asn1-5.5 > > erts-14.0, kernel-9.0, stdlib-5.0 ### common\_test-1.31 #### Fixed Bugs and Malfunctions - Improved support for QuickCheck when writing property tests. Own Id: OTP-20010\ Related Id(s): [PR-10783] #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - `'EXIT'` messages are now formatted in the same way as `badmatch` errors. Own Id: OTP-19910\ Related Id(s): [PR-10277] - Error notifications now contain the name of the source file in which the error occurred. Own Id: OTP-19925\ Related Id(s): [GH-10260], [PR-10269] - New in this release is `ct_doctest`, a module that allows the user to test documentation examples in Erlang module docs and documentation files. ct\_doctest allows you to: - Test code examples using shell syntax and their returns - Test code examples that should fail - Write example modules that are compiled and available in shell examples - Plugin other documentation parsing engines so that examples in, for example, `edoc`, `asciidoc`, and others can also be tested. See the documentation for more details. Own Id: OTP-20034\ Related Id(s): [PR-10824], [PR-9315] \*\*\* HIGHLIGHT \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of common\_test-1.31 > > compiler-10.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-11.0, observer-2.1, runtime\_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-8.0, syntax\_tools-1.7, tools-3.2, xmerl-1.3.8 ### compiler-10.0 #### Fixed Bugs and Malfunctions - For a function such as the following: ``` bar(S0) -> S1 = setelement(8, S0, a), S2 = setelement(7, S1, b), setelement(5, S2, c). ``` the compiler would keep all of the calls to `setelement/3` and emit extra unnecessary `set_tuple_element` instructions. This has been corrected so that the compiler will never emit code that uses the `set_tuple_element` instruction. In a future release, support for the `set_tuple_element` will be removed from the runtime system. Own Id: OTP-19751\ Related Id(s): [GH-10125], [PR-10144] - `beam_lib:strip/1` will now retain the Beam debug information chunk produced by the `beam_debug_info` option. The chunk will also be retained when combing the `beam_debug_info` option with the undocumented `slim` option. The runtime system will no longer crash when attempting to load modules that have been compiled with `beam_debug_info` but lack the actual Beam debug info chunk. Own Id: OTP-19991\ Related Id(s): [GH-10557], [PR-10735] #### Improvements and New Features - In comprehensions, a generator that builds a list with a single element will now be optimized to avoid building and matching the list. Example: ``` [H || E <- List, H <- [erlang:phash2(E)], H rem 10 =:= 0] ``` Own Id: OTP-19672\ Related Id(s): [PR-9934] - In the documentation for the [`compile`] module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the `to_abstr`, `to_exp`, and `from_abstr` options. The documentation for [erlc] now lists `.abstr` as one of the supported options. When compiling with the `to_abstr` option, the resulting `.abstr` file now retains any `-doc` attributes present in the source code. Own Id: OTP-19784\ Related Id(s): [PR-10230], [PR-10234] \*\*\* HIGHLIGHT \*\*\* - Native records as described in [EEP-79] has been implemented. A native record is a data structure similar to the traditional tuple-based records, except that is a true data type. Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them. Own Id: OTP-19785\ Related Id(s): [PR-10617] \*\*\* HIGHLIGHT \*\*\* - The guard BIF `is_integer/3` has been added. It follows the design of the original EEP-16, only changing the name from `is_between` to `is_integer`. This BIF takes in 3 parameters, `Term`, `LowerBound`, and `UpperBound`. It returns `true` if `Term`, `LowerBound`, and `UpperBound` are all integers, and `LowerBound =< Term =< UpperBound`; otherwise, it returns false. Example: ```erlang 1> I = 42. 2> is_integer(I, 0, 100). true ``` Own Id: OTP-19809\ Related Id(s): [PR-10276] \*\*\* HIGHLIGHT \*\*\* - Function application is now left associative. That means one can now write: ``` f(X)(Y) ``` instead of: ``` (f(X))(Y) ``` Own Id: OTP-19866\ Related Id(s): [PR-9223] \*\*\* HIGHLIGHT \*\*\* - There will now be a warning when exporting variables out of a subexpression. For example: ``` case file:open(File, AllOpts = [write,{encoding,utf8}]) of {ok,Fd} -> {Fd,AllOpts} end ``` To avoid the warning, this can be rewritten to: ``` AllOpts = [write,{encoding,utf8}], case file:open(File, AllOpts) of {ok,Fd} -> {Fd,AllOpts} end ``` The warning can be suppressed by giving option `nowarn_export_var_subexpr` to the compiler. Own Id: OTP-19898\ Related Id(s): [PR-9134] \*\*\* HIGHLIGHT \*\*\* - There is a new option `warn_obsolete_bool_op` that instruct the compiler to emit warnings for the `and` and `or` operators. It is recommended to instead use the modern `andalso` and `orelse` operators, or `,` and `;` in guards. Own Id: OTP-19918\ Related Id(s): [PR-9115] \*\*\* HIGHLIGHT \*\*\* - Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). * exception error: bad filter 2614250 ``` In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. * 5:14: matches using '=' are not allowed in comprehension qualifiers unless the experimental 'compr_assign' language feature is enabled. With 'compr_assign' enabled, a match 'P = E' will behave as a strict generator 'P <-:- [E]'." ``` However, this example will work as expected if the `compr_assign` feature is enabled when starting the runtime system: ``` $ erl -enable-feature compr_assign . . . 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). [2614250] ``` Here is another example how `compr_assign` can be used: ``` -module(example). -feature(compr_assign, enable). -export([cat/1]). cat(Files) -> [Char || F <- Files, {ok, Bin} = file:read_file(F), Char <- unicode:characters_to_list(Bin)]. ``` Own Id: OTP-19927\ Related Id(s): [PR-9153] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - There will now be a warning when using the `catch` operator, which has been deprecated for a long time. It is recommended to instead use `try`...`catch`...`end` but is also possible to disable the warning by using the `nowarn_deprecated_catch` option. Own Id: OTP-19938\ Related Id(s): [PR-10421] \*\*\* HIGHLIGHT \*\*\* - Multi-valued comprehensions according to [EEP 78] has been implemented. Example: ```erlang > [I, -I || I <- lists:seq(1, 5)]. [1,-1,2,-2,3,-3,4,-4,5,-5] ``` Own Id: OTP-19942\ Related Id(s): [PR-9374] \*\*\* HIGHLIGHT \*\*\* - There will now be a warning for matches that unify constructors, such as the following: ``` m({a,B} = {Y,Z}) -> . . . ``` Such a match can be rewritten to: ``` m({a=Y,B=Y}) -> . . . ``` The compiler option `nowarn_match_alias_pats` can be used to disable the warning. Own Id: OTP-19943\ Related Id(s): [PR-10433] \*\*\* HIGHLIGHT \*\*\* - The compiler now generates more efficient code for map comprehensions with constant values that don't depend on the generator, such as the following: ``` #{K => 42} || K <- List}. #{K => X || K <- List}. #{K => {X, Y} || K <- List}. ``` Own Id: OTP-19968\ Related Id(s): [PR-10646] \*\*\* HIGHLIGHT \*\*\* - Compilation times of modules with a huge number of calls to `element/2` has been improved. Own Id: OTP-20020\ Related Id(s): [GH-10807], [PR-10819] - The format of the debug information stored by the `beam_debug_info` option (used by the [edb debugger]) has been updated to more easily extendible and to contain more information about call targets. (See the linked PR for more details.) Own Id: OTP-20048\ Related Id(s): [PR-9814] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of compiler-10.0 > > crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0 ### crypto-5.9 #### Fixed Bugs and Malfunctions - Fixed `crypto:hash_equals/2` and FIPS when crypto is statically linked to the beam (with `--enable-static-nifs` and `--disable-dynamic-ssl-lib`). Own Id: OTP-20025\ Related Id(s): [PR-10817] #### Improvements and New Features - The `rand:bytes/1` and `rand:bytes_s/2` functions have been optimized by implementing a new internal callback function that `crypto:rand_seed_alg/1` and `crypto:alg_seed_alg_s/1` have been updated to use. A new algorithm `crypto_prng1`, which also takes advantage of this new internal callback, has been added to `crypto:rand_seed_alg/2` and `crypto:rand_seed_alg_s/2`. It is much faster then the existing `crypto_aes`, in particular for generating bytes. Own Id: OTP-19882\ Related Id(s): [PR-10453], OTP-19827 - In interactive mode, application `crypto` is automatically loaded when the [`crypto`] module is loaded. This will ensure that the correct value of configuration parameter `fips_mode` is used to initialize OpenSSL if module `crypto` is called/loaded before the application `crypto` has been loaded. In embedded mode, module `crypto` will fail to load if the application has not been loaded. Own Id: OTP-20035\ Related Id(s): [PR-10830] - OpenSSL engine support has been removed on Windows. Own Id: OTP-20036\ Related Id(s): [PR-10836] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The runtime system now supports generating encrypted crash dumps. See the description of `--enable-encrypted-crash-dumps` in [Building and Installing Erlang/OTP]. Own Id: OTP-20085\ Related Id(s): [PR-10993] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of crypto-5.9 > > erts-9.0, kernel-6.0, stdlib-3.9 ### debugger-7.0 #### Improvements and New Features - Native records as described in [EEP-79] has been implemented. A native record is a data structure similar to the traditional tuple-based records, except that is a true data type. Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them. Own Id: OTP-19785\ Related Id(s): [PR-10617] \*\*\* HIGHLIGHT \*\*\* - Tools such as the debugger, [`beam_lib`], and [`xref`] no longer support BEAM files created before OTP 13B. Own Id: OTP-19906\ Related Id(s): [PR-10519] - Multi-valued comprehensions according to [EEP 78] has been implemented. Example: ```erlang > [I, -I || I <- lists:seq(1, 5)]. [1,-1,2,-2,3,-3,4,-4,5,-5] ``` Own Id: OTP-19942\ Related Id(s): [PR-9374] \*\*\* HIGHLIGHT \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of debugger-7.0 > > compiler-8.0, erts-15.0, kernel-10.0, stdlib-7.0, wx-2.0 ### dialyzer-6.0 #### Improvements and New Features - Native records as described in [EEP-79] has been implemented. A native record is a data structure similar to the traditional tuple-based records, except that is a true data type. Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them. Own Id: OTP-19785\ Related Id(s): [PR-10617] \*\*\* HIGHLIGHT \*\*\* - The guard BIF `is_integer/3` has been added. It follows the design of the original EEP-16, only changing the name from `is_between` to `is_integer`. This BIF takes in 3 parameters, `Term`, `LowerBound`, and `UpperBound`. It returns `true` if `Term`, `LowerBound`, and `UpperBound` are all integers, and `LowerBound =< Term =< UpperBound`; otherwise, it returns false. Example: ```erlang 1> I = 42. 2> is_integer(I, 0, 100). true ``` Own Id: OTP-19809\ Related Id(s): [PR-10276] \*\*\* HIGHLIGHT \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of dialyzer-6.0 > > compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax\_tools-2.0 ### diameter-2.7 #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of diameter-2.7 > > erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0 ### edoc-1.5 #### Improvements and New Features - Changed behavior of EDoc so that when a module defines a private type and a private function spec uses it, that type no longer gets included in the EDoc chunk. Own Id: OTP-20030\ Related Id(s): [PR-10770] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of edoc-1.5 > > erts-11.0, inets-5.10, kernel-7.0, stdlib-4.0, syntax\_tools-2.0, xmerl-1.3.7 ### eldap-1.3 #### Improvements and New Features - Only minor internal changes. Own Id: OTP-19964 > #### Full runtime dependencies of eldap-1.3 > > asn1-3.0, erts-6.0, kernel-3.0, ssl-5.3.4, stdlib-3.4 ### erl\_interface-5.8 #### Improvements and New Features - Improved name consistency of EPMD protocol messages in documentation and code. Renamed `PORT_PLEASE2_REQ` to `PORT2_REQ` and added prefix `EPMD_`. Own Id: OTP-19734\ Related Id(s): [GH-10071], [PR-10078] - Replaced embedded OpenSSL MD5 implementation. Own Id: OTP-20045\ Related Id(s): [PR-10870] #### Known Bugs and Problems - The `ei` API for decoding/encoding terms is not fully 64-bit compatible since terms that have a representation on the external term format larger than 2 GB cannot be handled. Own Id: OTP-16607\ Related Id(s): OTP-16608 ### erts-17.0 #### Fixed Bugs and Malfunctions - For a function such as the following: ``` bar(S0) -> S1 = setelement(8, S0, a), S2 = setelement(7, S1, b), setelement(5, S2, c). ``` the compiler would keep all of the calls to `setelement/3` and emit extra unnecessary `set_tuple_element` instructions. This has been corrected so that the compiler will never emit code that uses the `set_tuple_element` instruction. In a future release, support for the `set_tuple_element` will be removed from the runtime system. Own Id: OTP-19751\ Related Id(s): [GH-10125], [PR-10144] - Improved the handling of the logging directory for the start script on Unix-like systems, so that it no longer crashes when `$ROOTDIR/log` is not writable. Own Id: OTP-19874\ Related Id(s): [GH-10341], [PR-10348] - The `-nocookie` option for `erl` is now documented. Own Id: OTP-19935\ Related Id(s): [PR-10549] - `beam_lib:strip/1` will now retain the Beam debug information chunk produced by the `beam_debug_info` option. The chunk will also be retained when combing the `beam_debug_info` option with the undocumented `slim` option. The runtime system will no longer crash when attempting to load modules that have been compiled with `beam_debug_info` but lack the actual Beam debug info chunk. Own Id: OTP-19991\ Related Id(s): [GH-10557], [PR-10735] - Fixed potential symbol clashing on MacOS by passing `RTLD_LOCAL` to `dlopen`. This will make symbols to not be resolvable between subsequently loaded NIF/drivers, which is the default behavior on Linux and BSD. Own Id: OTP-20026\ Related Id(s): [PR-10805] - The `configure` script used to call `isfinite()` with argument `0`. That could fail on some platforms. This has been changed to call `isfinite()` with `1.0` instead. Own Id: OTP-20088\ Related Id(s): [PR-10965] - The TOS handling on socket has been significantlyupdated and improved. Socket did not properly handle set, get and recv (cmsg) of TOS. Note that the returned TOS value has been changed. It was previously an atom or an integer. Now it is a map with different interpretations of the TOS octet. See the documentation. Own Id: OTP-20102\ Related Id(s): [GH-10968], [PR-11059] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Fixed `erlang:md5_init` to always return the same deterministic context binary. Only an issue in OTP 28.5 when OTP was built with `--disable-builtin-openssl` or `--enable-use-embedded-3pp-alternatives`. Own Id: OTP-20123 - Added explicit configure test for C++ function `std::to_chars` if options `--disable-builtin-ryu` or `--enable-use-embedded-3pp-alternatives` is used. Own Id: OTP-20126\ Related Id(s): [PR-11067] #### Improvements and New Features - The exported name space of the `beam` executable has been cleaned to only expose symbols of documented interfaces like NIF and driver APIs. This will avoid accidental name clashes with, for example, our statically linked variants of PCRE2 and ZSTD. NIFs and drivers that abuse undocumented internal interfaces will fail to load due to this change. Own Id: OTP-19643\ Related Id(s): [PR-9864] - Improved name consistency of EPMD protocol messages in documentation and code. Renamed `PORT_PLEASE2_REQ` to `PORT2_REQ` and added prefix `EPMD_`. Own Id: OTP-19734\ Related Id(s): [GH-10071], [PR-10078] - The JIT now generates better code for matching or creating binaries with multiple little-endian segments. Own Id: OTP-19747\ Related Id(s): [PR-10126] \*\*\* HIGHLIGHT \*\*\* - In the documentation for the [`compile`] module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for the `to_abstr`, `to_exp`, and `from_abstr` options. The documentation for [erlc] now lists `.abstr` as one of the supported options. When compiling with the `to_abstr` option, the resulting `.abstr` file now retains any `-doc` attributes present in the source code. Own Id: OTP-19784\ Related Id(s): [PR-10230], [PR-10234] \*\*\* HIGHLIGHT \*\*\* - Native records as described in [EEP-79] has been implemented. A native record is a data structure similar to the traditional tuple-based records, except that is a true data type. Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them. Own Id: OTP-19785\ Related Id(s): [PR-10617] \*\*\* HIGHLIGHT \*\*\* - Task stealing between schedulers has been further optimized. Own Id: OTP-19793\ Related Id(s): [PR-9984] - The guard BIF `is_integer/3` has been added. It follows the design of the original EEP-16, only changing the name from `is_between` to `is_integer`. This BIF takes in 3 parameters, `Term`, `LowerBound`, and `UpperBound`. It returns `true` if `Term`, `LowerBound`, and `UpperBound` are all integers, and `LowerBound =< Term =< UpperBound`; otherwise, it returns false. Example: ```erlang 1> I = 42. 2> is_integer(I, 0, 100). true ``` Own Id: OTP-19809\ Related Id(s): [PR-10276] \*\*\* HIGHLIGHT \*\*\* - Calls to `trace:info(_, {M,F,A}, Item)`, with `Item` as `call_time`, `call_memory`, or `all`, will no longer block all scheduler threads from running. Own Id: OTP-19811\ Related Id(s): [PR-10207] - Full support for SCTP in [`socket`]. Not (yet) supported for FreeBSD. Own Id: OTP-19834 - In the default code path for the Erlang system, the current working directory (`.`) is now in the last position instead of the first. Own Id: OTP-19842\ \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Tools such as the debugger, [`beam_lib`], and [`xref`] no longer support BEAM files created before OTP 13B. Own Id: OTP-19906\ Related Id(s): [PR-10519] - Optimized ETS named table lookup scalability by replacing read locks with lockless atomic operations. Own Id: OTP-19919\ Related Id(s): [PR-7118] - Removed the undocumented `dyn_erl` utility. Own Id: OTP-19933\ Related Id(s): [PR-10573] - Added `zstd:flush/2` for flushing compressed data without closing the compression context. Own Id: OTP-19936\ Related Id(s): [GH-10345], [PR-10511] - While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order: - `maps:keys/1` - `maps:values/1` - `maps:to_list/1` - `maps:to_list(maps:iterator(M))` - Map comprehension: `[{K,V} || K := V <- M]` Own Id: OTP-19963\ Related Id(s): [PR-10626] \*\*\* HIGHLIGHT \*\*\* - Improved the performance of code loading. Own Id: OTP-19966\ Related Id(s): [PR-10615] - Changed `ets:update_counter/4` and `ets:update_element/4` to *always* reject default tuples smaller than the `keypos` of the table. Such keyless tuples are now rejected even if the key exists in the table and the default tuple would not be used. This is a subtle semantic change but is a nicer behavior for development and testing as it will detect faulty default tuple arguments earlier. Own Id: OTP-19975\ Related Id(s): [PR-10674] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Improved compatibility with systems that lack certain shell utilities. Own Id: OTP-20002\ Related Id(s): [PR-10647] - It was previously not possible to check on the socket nif load result. A successful load was self-evident, but a failure was only visible from the fact that most [`socket`] functions failed with `notsup`. This has now been improved such that the (socket nif) load result is visible in the info map (from `socket:info/0`). Own Id: OTP-20003 - The default for the `configure` option [`--{enable,disable}-use-embedded-3pp-alternatives` ][`--{enable,disable}-use-embedded-3pp-alternatives`] has changed and the subset of embedded third-party products (*3pps*) affected by it has also changed. Currently this option affects `zstd`, `zlib`, `ryu` (with `STL`). By default `zstd` and `zlib` available on the OS will be used if they fulfill the requirements. The builtin `ryu` (with `STL`) will be used by default. The 3pps `openssl` and `tcl` that previously were present have been replaced by our own implementations. Requirements for the affected 3pps alternatives are still the same as before: - `zstd` - Static library and include files of at least version 1.5.6 needs to be available. - `zlib` - Library and include files of at least version 1.2.5 needs to be available. - `ryu` (with `STL`) - A usable C++ compiler with C++17 library support. Own Id: OTP-20013\ Related Id(s): [PR-10894], [PR-10986], OTP-20106 - Added support for socket functions `recvmmsg()` and `sendmmsg()`. Own Id: OTP-20015\ Related Id(s): [PR-10564] \*\*\* HIGHLIGHT \*\*\* - There is a new NIF function `enif_term_size()`. Own Id: OTP-20016\ Related Id(s): [PR-10782] - Call trace match specs can use `[Arg1, Arg2 | '_']` syntax to match functions with at least N number of arguments. Own Id: OTP-20017\ Related Id(s): [PR-10754] - Replaced embedded OpenSSL MD5 implementation. Own Id: OTP-20045\ Related Id(s): [PR-10870] - The format of the debug information stored by the `beam_debug_info` option (used by the [edb debugger]) has been updated to more easily extendible and to contain more information about call targets. (See the linked PR for more details.) Own Id: OTP-20048\ Related Id(s): [PR-9814] - There are new functions `erlang:exit_signal/2,3` replacing the old `erlang:exit/2,3`. The primary purpose is better naming to distinguish between exit *exceptions* and exit *signals*. The new `exit_signal` functions will also avoid a historical quirk when a process sends an exit signal to itself with reason `normal`. The old `erlang:exit/2,3` will work as before, but it is recommended to use the new `exit:signal/2,3` functions for new or modified code. Deprecation of `erlang:exit/2,3` with a compiler warning is planned for OTP 30. Own Id: OTP-20069\ Related Id(s): [PR-10801] - The old Tcl-based implementation of `erl_errno_id()` has been replaced by our own implementation now supporting more `errno` values on modern operating systems. It also returns the string `"errno_<ERRNO_INTEGER>"` corresponding to the integer given as argument if the `errno` integer is unknown instead of as previously just return the string `"unknown"`. The result of `erl_errno_id()` is often converted into an atom and passed as an error from a driver or a NIF. Own Id: OTP-20076\ Related Id(s): [PR-10958], [PR-10969] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The runtime system now supports generating encrypted crash dumps. See the description of `--enable-encrypted-crash-dumps` in [Building and Installing Erlang/OTP]. Own Id: OTP-20085\ Related Id(s): [PR-10993] \*\*\* HIGHLIGHT \*\*\* - When implementing an [alternate distribution] implementors can now use an alternate [*handshake complete* fun of arity 4] if needed. Own Id: OTP-20090\ Related Id(s): [PR-10478] - The `erlang:suspend_process/1` and `erlang:suspend_process/2` BIFs now also suspend BIF timers that will send messages to the process if the timer was created using the PID of the process as destination. Timers created using registered names are not affected. Own Id: OTP-20095\ Related Id(s): [PR-10619], [PR-11004] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Added support for socket option SO\_TIMESTAMPNS (not available on all platforms). Own Id: OTP-20115\ Related Id(s): [PR-10929] > #### Full runtime dependencies of erts-17.0 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### et-1.8 #### Improvements and New Features - Only minor internal changes. Own Id: OTP-19964 > #### Full runtime dependencies of et-1.8 > > erts-9.0, kernel-5.3, runtime\_tools-1.10, stdlib-3.4, wx-1.2 ### eunit-2.11 #### Improvements and New Features - Added `randomDelay` macro. Own Id: OTP-19997\ Related Id(s): [PR-10614] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of eunit-2.11 > > erts-9.0, kernel-11.0, stdlib-6.0 ### ftp-1.2.5 #### Fixed Bugs and Malfunctions - The `odbc` application is now deprecated and is planned to be removed in Erlang/OTP 30. The [`ftp`] and [`ct_ftp`] modules are now deprecated and are planned to be removed in Erlang/OTP 30. Own Id: OTP-19980\ Related Id(s): [PR-10804] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of ftp-1.2.5 > > erts-7.0, kernel-6.0, runtime\_tools-1.15.1, ssl-10.2, stdlib-3.5 ### inets-9.7 #### Fixed Bugs and Malfunctions - A call to httpd:reload\_config/2 now validates the new configuration before removing the old one, leaving the server running in case of faulty config, instead of putting it in an unrecoverable state. Own Id: OTP-20128\ Related Id(s): ERIERL-1314, [PR-11079] #### Improvements and New Features - A new option `max_connections_open` has been added to the [`httpc`] HTTP client profile configuration. It limits the maximum number of concurrent HTTP handler processes that can be open simultaneously. When the limit is reached, new requests are queued internally and started automatically as existing handlers complete. This prevents bandwidth exhaustion in high-load scenarios where too many parallel connections cause remote servers to close sockets before transfers finish (the socket\_closed\_remotely error). The option can be set via `httpc:set_options([{max_connections_open, 10}], Profile).` The default value is `infinity` (unlimited), preserving backward compatibility. The value must be a positive integer or `infinity` and must be greater than or equal to `max_sessions`. Own Id: OTP-19587\ Related Id(s): [GH-8841], [PR-9712] - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The `mod_cgi` and `mod_actions` modules are now deprecated and are scheduled to be removed in OTP 30. Own Id: OTP-20071\ Related Id(s): [PR-10950] - There is a new Hardening guide with advice for configuring Inets to be more secure. Own Id: OTP-20133\ Related Id(s): [PR-11073] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of inets-9.7 > > erts-14.0, kernel-9.0, mnesia-4.12, public\_key-1.13, runtime\_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0 ### jinterface-1.16 #### Improvements and New Features - The `jinterface` build now honors `SOURCE_DATE_EPOCH` for deterministic build of `OtpErlang.jar`. Own Id: OTP-19956\ Related Id(s): [PR-10556] - Removed prebuilt java files from source tar file to avoid issues with different version of the java runtime. Own Id: OTP-20073\ Related Id(s): [PR-10951] ### kernel-11.0 #### Fixed Bugs and Malfunctions - Fixed (`inet`) module selection when calling (`gen_tcp`) listen and connect and (`gen_udp`) open. Depending on the order of the options, the module option (`tcp_module` or `udp_module`) was sometimes ignored. Own Id: OTP-19695\ Related Id(s): [GH-9822], [PR-10013] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The TCP/UDP compatibility layer has been fixed so that `inet_backend = socket` now supports socket options `reuseport` and `reuseport_lb` for `gen_tcp` and `gen_udp`. Own Id: OTP-19917\ Related Id(s): [PR-10514] - Some errors in config files for the application controller would result in very cryptic crashes. Error handling has been improved to ensure that the file name and line number of the offending token are now printed. Own Id: OTP-20054\ Related Id(s): [GH-10214], [PR-10259] - The TOS handling on socket has been significantlyupdated and improved. Socket did not properly handle set, get and recv (cmsg) of TOS. Note that the returned TOS value has been changed. It was previously an atom or an integer. Now it is a map with different interpretations of the TOS octet. See the documentation. Own Id: OTP-20102\ Related Id(s): [GH-10968], [PR-11059] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Replaced a sleep clause in user\_drv shutdown with a flush of the output buffer. Own Id: OTP-20124\ Related Id(s): [PR-10808] #### Improvements and New Features - Added an option to set the `erl_boot_server` listen port. Own Id: OTP-19708\ Related Id(s): [PR-9894] - The memory footprint of some supervisors has been reduced by purging obsoleted data when the supervisor is transitioning to and from hibernation. Own Id: OTP-19713\ Related Id(s): [PR-9866] - Improved name consistency of EPMD protocol messages in documentation and code. Renamed `PORT_PLEASE2_REQ` to `PORT2_REQ` and added prefix `EPMD_`. Own Id: OTP-19734\ Related Id(s): [GH-10071], [PR-10078] - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - Refactored a `kernel_load_completed` clause in the `init` module for conciseness. Own Id: OTP-19786\ Related Id(s): [PR-10134] - Full support for SCTP in [`socket`]. Not (yet) supported for FreeBSD. Own Id: OTP-19834 - In the default code path for the Erlang system, the current working directory (`.`) is now in the last position instead of the first. Own Id: OTP-19842\ \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - It was previously not possible to check on the socket nif load result. A successful load was self-evident, but a failure was only visible from the fact that most [`socket`] functions failed with `notsup`. This has now been improved such that the (socket nif) load result is visible in the info map (from `socket:info/0`). Own Id: OTP-20003 - Added support for socket functions `recvmmsg()` and `sendmmsg()`. Own Id: OTP-20015\ Related Id(s): [PR-10564] \*\*\* HIGHLIGHT \*\*\* - Added a new module called `io_ansi` that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications. `io_ansi` uses the local terminfo database in order to be as cross-platform compatible as possible. It also works across nodes so that if functions on a remote node call `io_ansi:fwrite/1` it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use `io_ansi` and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly. Own Id: OTP-20028\ Related Id(s): [PR-10905], [PR-9940] \*\*\* HIGHLIGHT \*\*\* - Polished the documentation groups, essentially removed groups that did nothing but obscure the documentation. Own Id: OTP-20029\ Related Id(s): [PR-10755] - Added a new behavior, `data_publisher`, for building eventually consistent, replicated data stores across distributed nodes. This is a generalization of the `pg` module. Own Id: OTP-20055\ Related Id(s): [PR-10426] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - When implementing an [alternate distribution] implementors can now use an alternate [*handshake complete* fun of arity 4] if needed. Own Id: OTP-20090\ Related Id(s): [PR-10478] - Added support for socket option SO\_TIMESTAMPNS (not available on all platforms). Own Id: OTP-20115\ Related Id(s): [PR-10929] - Added a flag `log_missed_net_ticks = true | false` that controls whether a warning is logged for each missed sub-tick on a distribution connection. A sub-tick is missed when no data has been received from a connected node during one tick interval. A warning is emitted on every subsequent missed sub-tick until the node is declared down after `net_tickintensity` consecutive missed sub-ticks, at which point a final timeout warning is always logged regardless of this setting. Defaults to `false`. Own Id: OTP-20117\ Related Id(s): [PR-11031] > #### Full runtime dependencies of kernel-11.0 > > crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0 ### megaco-4.9 #### Fixed Bugs and Malfunctions - Running Dialyzer on Windows in an Erlang repo, causes Dialyzer warnings for the megaco\_flex\_scanner module. This is because the flex scanner is not built on Windows. These warnings are now suppressed. Own Id: OTP-20114\ Related Id(s): [PR-11025] #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of megaco-4.9 > > asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime\_tools-1.8.14, stdlib-2.5 ### mnesia-4.26 #### Improvements and New Features - `mnesia` now has new functions `select_reverse/1-6` supporting iteration over tables in reverse order. Own Id: OTP-19611\ Related Id(s): [GH-8993], [PR-9475] - The `mnesia_registry` module has been removed. Own Id: OTP-19807\ Related Id(s): [PR-7315] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of mnesia-4.26 > > erts-9.0, kernel-5.3, stdlib-5.0 ### observer-2.19 #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of observer-2.19 > > erts-15.0, et-1.5, kernel-10.0, runtime\_tools-2.1, stdlib-5.0, wx-2.3 ### odbc-2.17 #### Fixed Bugs and Malfunctions - The `odbc` application is now deprecated and is planned to be removed in Erlang/OTP 30. The [`ftp`] and [`ct_ftp`] modules are now deprecated and are planned to be removed in Erlang/OTP 30. Own Id: OTP-19980\ Related Id(s): [PR-10804] \*\*\* HIGHLIGHT \*\*\* #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of odbc-2.17 > > erts-6.0, kernel-3.0, stdlib-2.0 ### os\_mon-2.12 #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of os\_mon-2.12 > > erts-14.0, kernel-9.0, sasl-4.2.1, stdlib-5.0 ### parsetools-2.8 #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of parsetools-2.8 > > erts-6.0, kernel-3.0, stdlib-3.4 ### public\_key-1.21 #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - Added an option for relaxed encoding of certificates to allow some values to be empty. This may be used by other applications for interoperability reasons. This option is not used by the `ssl` application. Own Id: OTP-19822\ Related Id(s): [PR-10033] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The runtime system now supports generating encrypted crash dumps. See the description of `--enable-encrypted-crash-dumps` in [Building and Installing Erlang/OTP]. Own Id: OTP-20085\ Related Id(s): [PR-10993] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of public\_key-1.21 > > asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0 ### reltool-1.1 #### Improvements and New Features - Removed the undocumented `dyn_erl` utility. Own Id: OTP-19933\ Related Id(s): [PR-10573] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of reltool-1.1 > > erts-15.0, kernel-9.0, sasl-4.2.1, stdlib-5.0, tools-2.6.14, wx-2.3 ### runtime\_tools-2.4 #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of runtime\_tools-2.4 > > erts-16.0, kernel-10.0, mnesia-4.12, stdlib-6.0 ### sasl-4.4 #### Fixed Bugs and Malfunctions - UNC paths are now handled on Windows. Own Id: OTP-19949\ Related Id(s): [PR-10601] #### Improvements and New Features - Removed the undocumented `dyn_erl` utility. Own Id: OTP-19933\ Related Id(s): [PR-10573] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of sasl-4.4 > > erts-15.0, kernel-6.0, stdlib-4.0, tools-2.6.14 ### snmp-5.20.3 #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] > #### Full runtime dependencies of snmp-5.20.3 > > asn1-5.4, crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime\_tools-1.8.14, stdlib-5.0 ### ssh-6.0 #### Fixed Bugs and Malfunctions - Password-based authentication has been updated to follow current security best practices. Key-based authentication remains recommended for production systems. Own Id: OTP-19982\ Related Id(s): [PR-10571] - Added explicit size validation guards for pre-authentication SSH messages to improve defense-in-depth against DoS attacks. Messages now have per-field size limits based on RFC specifications: - Transport layer messages (DISCONNECT, IGNORE, DEBUG) - Key exchange messages (DH, ECDH, DH-GEX) - Service request messages (SERVICE\_REQUEST, SERVICE\_ACCEPT, EXT\_INFO) This change enhances the existing 256KB global packet size limit with granular per-message validation. Compliant implementations are not affected. Own Id: OTP-19995\ Related Id(s): [PR-10739] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The SFTP subsystem `root` option now properly rejects relative paths at daemon startup. Previously, relative paths would cause unpredictable behavior as file operations resolved relative to the Erlang VM's current working directory. The option now requires an absolute path or empty string. Own Id: OTP-20019\ Related Id(s): [PR-10820] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Dynamic atom creation has been replaced with static lookups in `ssh_transport` and `ssh_connection`, using a dedicated OID-to-algorithm mapping function in `ssh_message`. Own Id: OTP-20127\ Related Id(s): [PR-11078] #### Improvements and New Features - Using KEX strict extension names as specified in draft-ietf-sshm-strict-kex-00. Pre standard names are still supported. Own Id: OTP-19709\ Related Id(s): [PR-10115] - Added an `alive` option to detect and terminate dead SSH connections. Functionally equivalent to OpenSSH's ClientAlive\*/ServerAlive\* settings. Own Id: OTP-19750\ Related Id(s): [PR-10372], [PR-9125] - `ssh:stop_deamon` now uses `supervisor:stop` for shutting down daemons. With this change, the scenario when `ssh:stop_daemon` is called for a non-existing process results in calling process exiting. Previously an error tuple was returned (which was not documented). Own Id: OTP-19801\ Related Id(s): [PR-10253] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining backward compatibility through automatic fallback to other algorithms when peers don't support it. Own Id: OTP-19965\ Related Id(s): [PR-10656] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The SSH daemon now defaults to disabled for shell and exec services, implementing the "secure by default" principle. This prevents authenticated users from executing arbitrary Erlang code unless explicitly configured. Applications requiring shell or exec functionality must now explicitly enable: ```erlang %% Enable Erlang shell ssh:daemon(Port, [{shell, {shell, start, []}} | Options]) %% Enable Erlang term evaluation via exec ssh:daemon(Port, [{exec, erlang_eval} | Options]) %% Restore complete old behavior ssh:daemon(Port, [{shell, {shell, start, []}}, {exec, erlang_eval} | Options]) ``` Own Id: OTP-19969\ Related Id(s): ERIERL-1319, [PR-10970], [PR-11080] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Added SFTP resource limits section to hardening guide covering `max_handles`, `max_path`, and `max_files` with deployment recommendations. Own Id: OTP-20031\ Related Id(s): [PR-10838] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The SFTP subsystem is no longer enabled by default when starting an SSH daemon. To enable it, add the subsystems option explicitly: ```erlang ssh:daemon(Port, [{subsystems, [ssh_sftpd:subsystem_spec([])]} | Options]) ``` Own Id: OTP-20078\ Related Id(s): [PR-10970] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - The SSH hardening guide has been improved with a timeout overview table replacing the previous image, corrected terminology ("authenticated" instead of "authorized"), and new examples for loopback binding, public key user checking, and password lockout using ETS. Own Id: OTP-20079\ Related Id(s): [PR-10970] - With this change usage of `zlib` compression algorithm in SSH is deprecated and scheduled for removal in OTP 30.0 Own Id: OTP-20099\ Related Id(s): [PR-11010] - Updated SSH documentation with current OTP 29 algorithm defaults, including the new mlkem768x25519-sha256 post-quantum key exchange. Fixed stale examples, typos, and improved document structure. Own Id: OTP-20100\ Related Id(s): [PR-11012] > #### Full runtime dependencies of ssh-6.0 > > crypto-5.7, erts-14.0, kernel-10.3, public\_key-1.6.1, runtime\_tools-1.15.1, stdlib-8.0 ### ssl-11.7 #### Fixed Bugs and Malfunctions - Add missing clauses to ssl\_handshake:extension\_value/1. If an hello extension, missing a handling clause was present in a paused handshake, the handshake would fail. Own Id: OTP-20116\ Related Id(s): [GH-11030], [PR-11062] #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The post-quantum hybrid algorithm x25519mlkem768 is now the most preferred key exchange group in the default configuration. Post-quantum hybrid algorithms secp384r1mlkem1024 and secp256r1mlkem768 are supported but have to be configured. The same goes for the plain post-quantum algorithms mlkem1024, mlkem768, and mlkem512. The most preferred signature algorithms is now post-quantum algorithms ML-DSA followed by the fastest SLH-DSA (slh\_dsa\_sha2\_256f) algorithm, if such a certificate is available in the configuration. Other SLH-DSA variants are also supported but are added to the end of the preferred list. All these algorithms were available in OTP-28.4 but none of them were preferred and some of them changed default status. Own Id: OTP-20070\ Related Id(s): [PR-10949] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Secure renegotiation for TLS-1.2 specified in RFC 5746 from 2010 is now always used. The interoperability fallback option `{secure_renegotiate,SecureRenegotiate}` is no longer needed. Own Id: OTP-20080\ Related Id(s): [PR-10979] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - There is a new Hardening guide giving guidelines on how to strengthen the security for the `ssl` application. Own Id: OTP-20087\ Related Id(s): [PR-11019] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of ssl-11.7 > > crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public\_key-1.20.3, runtime\_tools-1.15.1, stdlib-7.0 ### stdlib-8.0 #### Fixed Bugs and Malfunctions - Fixed an issue in `digraph_utils:roots/1` where roots could be missed in some cases. Own Id: OTP-19932\ Related Id(s): [PR-10510] - `beam_lib:strip/1` will now retain the Beam debug information chunk produced by the `beam_debug_info` option. The chunk will also be retained when combing the `beam_debug_info` option with the undocumented `slim` option. The runtime system will no longer crash when attempting to load modules that have been compiled with `beam_debug_info` but lack the actual Beam debug info chunk. Own Id: OTP-19991\ Related Id(s): [GH-10557], [PR-10735] - Fixed a crash when `zstd:compress/2` was asked to compress empty data. Own Id: OTP-20001\ Related Id(s): [GH-10650], [PR-10653] - Replaced a sleep clause in user\_drv shutdown with a flush of the output buffer. Own Id: OTP-20124\ Related Id(s): [PR-10808] - The `calendar:seconds_to_time/1` function now checks the range for each of the components of a time tuple (`{Hours,Minutes,Seconds}`) and fail with an exception if a component is out of range. Own Id: OTP-20125\ Related Id(s): [PR-11069] #### Improvements and New Features - Error return values from functions in [`zip`] now also specify which file in the archive the error belongs to. Own Id: OTP-19663\ Related Id(s): [PR-9899] - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - The undocumented and unsupported function `lists:zf/2` is now deprecated. Own Id: OTP-19783\ Related Id(s): [PR-10161] - Native records as described in [EEP-79] has been implemented. A native record is a data structure similar to the traditional tuple-based records, except that is a true data type. Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them. Own Id: OTP-19785\ Related Id(s): [PR-10617] \*\*\* HIGHLIGHT \*\*\* - The new `supervior:stop/1,2` functions can be used to manage the dynamic parts of a supervisor tree in an application from outside the tree but in the same application. Own Id: OTP-19800\ Related Id(s): [PR-9209] - Added a new constructor `array:from/2`. Own Id: OTP-19815\ Related Id(s): [PR-10304] - There are new functions for random permutation of a list: `rand:shuffle/1` and `rand:shuffle_s/2`. They are inspired by a suggestion and discussion on ErlangForums. Own Id: OTP-19826\ Related Id(s): [PR-10281] \*\*\* HIGHLIGHT \*\*\* - The undocumented functions `erl_eval:extended_parse_exprs/1` and `erl_eval:extended_parse_term/1` will now be faster when called with a long list of tokens. (These functions are used by [`qlc`] and the shell.) Own Id: OTP-19838\ Related Id(s): [PR-10338] - The [`unicode`] module now supports the Unicode 17 standard. Own Id: OTP-19853\ Related Id(s): [PR-10382] - Added functions to [`unicode`] for recognizing whitespaces and identifiers. Own Id: OTP-19858\ Related Id(s): [PR-10387] - The `rand:bytes/1` and `rand:bytes_s/2` functions have been optimized by implementing a new internal callback function that `crypto:rand_seed_alg/1` and `crypto:alg_seed_alg_s/1` have been updated to use. A new algorithm `crypto_prng1`, which also takes advantage of this new internal callback, has been added to `crypto:rand_seed_alg/2` and `crypto:rand_seed_alg_s/2`. It is much faster then the existing `crypto_aes`, in particular for generating bytes. Own Id: OTP-19882\ Related Id(s): [PR-10453], OTP-19827 - There will now be a warning when exporting variables out of a subexpression. For example: ``` case file:open(File, AllOpts = [write,{encoding,utf8}]) of {ok,Fd} -> {Fd,AllOpts} end ``` To avoid the warning, this can be rewritten to: ``` AllOpts = [write,{encoding,utf8}], case file:open(File, AllOpts) of {ok,Fd} -> {Fd,AllOpts} end ``` The warning can be suppressed by giving option `nowarn_export_var_subexpr` to the compiler. Own Id: OTP-19898\ Related Id(s): [PR-9134] \*\*\* HIGHLIGHT \*\*\* - There are new functions in the shell for returning process information. The `pi/1` function is shortcut for `erlang:process_info/1`. The `pi/3` function takes the three numbers from a pid, constructs a pid, and calls `process_info/1`. Examples: ``` 1> pi(<0.90.0>). [{current_function,{c,pinfo,1}}, {initial_call,{erlang,apply,2}}, {status,running}, ... 2> pi(0, 90, 0). [{current_function,{c,pinfo,1}}, {initial_call,{erlang,apply,2}}, {status,running}, ... ``` Own Id: OTP-19903\ Related Id(s): [PR-10422] - Tools such as the debugger, [`beam_lib`], and [`xref`] no longer support BEAM files created before OTP 13B. Own Id: OTP-19906\ Related Id(s): [PR-10519] - The [`calendar`] module has been updated to use the much faster than before Neri-Schneider algorithm for Gregorian calendar calculations, and been extended to handle negative years. Own Id: OTP-19912\ Related Id(s): [PR-10449] - `graph` is a new module that is a functional equivalent of the [`digraph`] and [`digraph_utils`] modules. Own Id: OTP-19922\ Related Id(s): [PR-10532] \*\*\* HIGHLIGHT \*\*\* - Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). * exception error: bad filter 2614250 ``` In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default: ``` 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. * 5:14: matches using '=' are not allowed in comprehension qualifiers unless the experimental 'compr_assign' language feature is enabled. With 'compr_assign' enabled, a match 'P = E' will behave as a strict generator 'P <-:- [E]'." ``` However, this example will work as expected if the `compr_assign` feature is enabled when starting the runtime system: ``` $ erl -enable-feature compr_assign . . . 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). [2614250] ``` Here is another example how `compr_assign` can be used: ``` -module(example). -feature(compr_assign, enable). -export([cat/1]). cat(Files) -> [Char || F <- Files, {ok, Bin} = file:read_file(F), Char <- unicode:characters_to_list(Bin)]. ``` Own Id: OTP-19927\ Related Id(s): [PR-9153] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Removed the undocumented `dyn_erl` utility. Own Id: OTP-19933\ Related Id(s): [PR-10573] - The functions `erl_tar:add/3` and `erl_tar:add/4` now accepts the `{mode,Mode}` option for setting the permission of the file. Own Id: OTP-19934\ Related Id(s): [PR-10524] - Added `zstd:flush/2` for flushing compressed data without closing the compression context. Own Id: OTP-19936\ Related Id(s): [GH-10345], [PR-10511] - There will now be a warning when using the `catch` operator, which has been deprecated for a long time. It is recommended to instead use `try`...`catch`...`end` but is also possible to disable the warning by using the `nowarn_deprecated_catch` option. Own Id: OTP-19938\ Related Id(s): [PR-10421] \*\*\* HIGHLIGHT \*\*\* - Multi-valued comprehensions according to [EEP 78] has been implemented. Example: ```erlang > [I, -I || I <- lists:seq(1, 5)]. [1,-1,2,-2,3,-3,4,-4,5,-5] ``` Own Id: OTP-19942\ Related Id(s): [PR-9374] \*\*\* HIGHLIGHT \*\*\* - There will now be a warning for matches that unify constructors, such as the following: ``` m({a,B} = {Y,Z}) -> . . . ``` Such a match can be rewritten to: ``` m({a=Y,B=Y}) -> . . . ``` The compiler option `nowarn_match_alias_pats` can be used to disable the warning. Own Id: OTP-19943\ Related Id(s): [PR-10433] \*\*\* HIGHLIGHT \*\*\* - While the iteration order for maps is undefined, it is now guaranteed that all ways of iterating over maps provides the elements in the same order. That is, all of the following ways of iterating will produce the elements in the same order: - `maps:keys/1` - `maps:values/1` - `maps:to_list/1` - `maps:to_list(maps:iterator(M))` - Map comprehension: `[{K,V} || K := V <- M]` Own Id: OTP-19963\ Related Id(s): [PR-10626] \*\*\* HIGHLIGHT \*\*\* - The `array` module have been extended with several new functions. The internal representation have been changed to allow the new functionality and optimizations. Arrays serialized with `term_to_binary/1` in previous releases are not compatible. Own Id: OTP-20004\ Related Id(s): [PR-10578] \*\*\* HIGHLIGHT \*\*\* \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - `m:erl_tar` will use less memory when extracting large tar entries to disk. Instead of reading each tar entry into memory, [`erl_tar`] will now stream data in chunks of 64KB. The chunk size is settable using the new `{chunks,ChunkSize}` option. The new `{max_size,Size}` option will set a limit on the total size of extracted data to protect against filling up the disk. Checking of symlinks has been improved. Some symlinks that were safe (such as `dir/link -> ../file`) used to be rejected. Own Id: OTP-20023\ Related Id(s): [PR-10814], [PR-10818], [PR-10821] \*\*\* HIGHLIGHT \*\*\* - Added a new module called `io_ansi` that allows the user to emit Virtual Terminal Sequences (a.k.a. ANSI sequences) to the terminal in order to add colors/styling to text or create fully-fledged terminal applications. `io_ansi` uses the local terminfo database in order to be as cross-platform compatible as possible. It also works across nodes so that if functions on a remote node call `io_ansi:fwrite/1` it will use the destination terminal's terminfo database to determine which sequences to emit. In practice, this means that you can call functions in a remote shell session that use `io_ansi` and it will properly detect the terminal sequences the target terminal can handle and will print using them correctly. Own Id: OTP-20028\ Related Id(s): [PR-10905], [PR-9940] \*\*\* HIGHLIGHT \*\*\* - Polished the documentation groups, essentially removed groups that did nothing but obscure the documentation. Own Id: OTP-20029\ Related Id(s): [PR-10755] - The `gb_sets:from_ordset/1` and `gb_trees:from_orddict/1` functions would trust their inputs. If the input contained duplicates or was not properly sorted, the resulting gb\_set or gb\_tree would be invalid, and any number of interesting problems could occur. In this release, these functions will raise an exception if their input is not valid. That could mean that incorrect programs that **seemed** to work could now stop working altogether. There is also a new `gb_trees:from_list/1` function for directly creating a gb\_tree from a list. Own Id: OTP-20061\ Related Id(s): [PR-10910] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The [`json`] module now encodes and decodes quoted strings faster. Improvements of up to 55 percent has been measured when decoding JSON data with long strings. The `string:length/1`, `string:slice/2`, and `string:slice/3` functions have been optimized. For some strings, they can be up to twice as fast. Own Id: OTP-20072\ Related Id(s): [PR-10938], [PR-10948] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of stdlib-8.0 > > compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax\_tools-3.2.1 ### syntax\_tools-4.1 #### Fixed Bugs and Malfunctions - `merl:compile_and_load/1` could crash when compiling code containing comments. `merl:quote/2` would fail to handle literal UTF-8 encoded binaries. Own Id: OTP-20077\ Related Id(s): [PR-10243], [PR-10962] #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - Multi-valued comprehensions according to [EEP 78] has been implemented. Example: ```erlang > [I, -I || I <- lists:seq(1, 5)]. [1,-1,2,-2,3,-3,4,-4,5,-5] ``` Own Id: OTP-19942\ Related Id(s): [PR-9374] \*\*\* HIGHLIGHT \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of syntax\_tools-4.1 > > compiler-9.0, erts-16.0, kernel-10.3, stdlib-8.0 ### tftp-1.3 #### Improvements and New Features - The legacy `and` and `or` operators have been replaced with other language constructs. Own Id: OTP-19744\ Related Id(s): [PR-10114], [PR-10554], [PR-10568], [PR-10579], [PR-10580], [PR-10585], [PR-10598], [PR-10710], [PR-10718], [PR-10730] - All use of legacy `catch` in the TFTP application has been rewritten. In the process, deep return using `exit/1` or `throw/1` from callbacks has been changed to only work with `throw/1`, as customary. This was considered a misfeature. Explicit loading of callback module or logger module has been removed, since that was against what one would expect for embedded mode. Own Id: OTP-19996\ Related Id(s): [PR-10753] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of tftp-1.3 > > erts-6.0, kernel-6.0, stdlib-5.0 ### tools-4.2 #### Fixed Bugs and Malfunctions - Fixed "unbalanced parenthesis" issue when pressing TAB in emacs erlang shell. Own Id: OTP-19921\ Related Id(s): [GH-8569], [PR-10642] - The minimum supported Emacs version for `erlang-mode` has been raised from 24.3 to 27.1. Compatibility shims for older Emacs versions have been removed. The `erlang-mode` package version now tracks the Erlang/OTP release version (29.0) for consistent version numbers across package managers. Own Id: OTP-20059\ Related Id(s): [PR-10892] #### Improvements and New Features - Tools such as the debugger, [`beam_lib`], and [`xref`] no longer support BEAM files created before OTP 13B. Own Id: OTP-19906\ Related Id(s): [PR-10519] - The `ignore_xref` attribute has been handled as a post-analysis filter by build tools such as Rebar3. In this release, [`xref`] itself does the filtering, ensuring that all tooling that calls `xref` for any purpose can rely on these declarations to just work. Own Id: OTP-20032\ Related Id(s): [PR-10592] \*\*\* HIGHLIGHT \*\*\* - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* - The runtime system now supports generating encrypted crash dumps. See the description of `--enable-encrypted-crash-dumps` in [Building and Installing Erlang/OTP]. Own Id: OTP-20085\ Related Id(s): [PR-10993] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of tools-4.2 > > compiler-8.5, crypto-5.9, erts-15.0, kernel-10.0, public\_key-1.21, runtime\_tools-2.1, stdlib-6.0 ### wx-2.6 #### Fixed Bugs and Malfunctions - The examples for `wx` are now only installed in one place (in `doc/examples`). Own Id: OTP-20119\ Related Id(s): ERIERL-1315, [PR-11032] #### Improvements and New Features - Documentation about how to validate the SBOM using sigstore has been added. Own Id: OTP-19766\ Related Id(s): [GH-10151], [PR-10187] - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of wx-2.6 > > erts-12.0, kernel-8.0, stdlib-5.0 ### xmerl-2.2 #### Improvements and New Features - Added support for `-unsafe` attributes, which is used to mark functions as unsafe to use. This is similar to but separate from deprecation, and the compiler will by default now generate warnings for calls to functions in Erlang/OTP that are known to be always unsafe. Furthermore, [`xref`] can now be used to find calls to functions in another application that lack a `-doc` attribute (`undocumented_function_calls`), calls to functions in another application marked `-doc false.` (`private_function_calls`), as well as calls to unsafe functions (`unsafe_function_calls`). Own Id: OTP-20066\ Related Id(s): [PR-10839] \*\*\* HIGHLIGHT \*\*\* > #### Full runtime dependencies of xmerl-2.2 > > erts-6.0, kernel-8.4, stdlib-2.5 ### Thanks to Alexandre Rodrigues, Alex Mickelson, Andreas Hasselberg, Andrew Bennett, Ayanda Dube, Bentheburrito, Bernhard M. Wiedemann, Bozhidar Batsov, Claes Nästén, Daniel Gorin, Daniel Kukula, dependabot\[bot], Eksperimental, Eric Meadows-Jönsson, erlang-bot-app\[bot], felipe stival, Fernando Areias, Holger Weiß, Ievgen Pyrogov, Ilya Averyanov, ilya-klyuchnikov, Ilya Klyuchnikov, Jan Uhlig, Jérôme de Bretagne, João Henrique Ferreira de Freitas, Johannes Christ, Jonatan Männchen, José Valim, krishnadas, Loïc Hoguin, loscher, lud, Maria Scott, Marko Mindek, matt, Mend Renovate, Michael Daniels, Michał Muskała, Nelson Vides, Nick Vatamaniuc, Olexandr88, Paul Guyot, Paulo F. Oliveira, Paulo Tomé, Petr Sumbera, Preet, Radek Szymczyszyn, Rasmus Précenth, Richard Carlsson, Robert Ismo, Robin Morisset, Sam Weaver, Sébastien Saint-Sevin, Sergey Fedorov, siiky, Simon Cornish, spoo, Stefan Grundmann, Takeru Ohta, Vadim Yanitskiy, Vance Shipley, Wade Mealing, Wei Huang, williamthome, yagogarea, Zabrane, Zeyu Zhang, наб [*handshake complete* fun of arity 4]: https://erlang.org/doc/apps/erts/alt_dist.html#hs_data_f_handshake_complete [alternate distribution]: https://erlang.org/doc/apps/erts/alt_dist.html [building and installing erlang/otp]: https://www.erlang.org/doc/system/install.html [edb debugger]: https://github.com/WhatsApp/edb [eep 78]: https://www.erlang.org/eeps/eep-0078 [eep-79]: https://www.erlang.org/eeps/eep-0079 [erlc]: https://erlang.org/doc/apps/erts/erlc_cmd.html [gh-10071]: https://github.com/erlang/otp/issues/10071 [gh-10125]: https://github.com/erlang/otp/issues/10125 [gh-10151]: https://github.com/erlang/otp/issues/10151 [gh-10214]: https://github.com/erlang/otp/issues/10214 [gh-10260]: https://github.com/erlang/otp/issues/10260 [gh-10341]: https://github.com/erlang/otp/issues/10341 [gh-10342]: https://github.com/erlang/otp/issues/10342 [gh-10345]: https://github.com/erlang/otp/issues/10345 [gh-10557]: https://github.com/erlang/otp/issues/10557 [gh-10650]: https://github.com/erlang/otp/issues/10650 [gh-10807]: https://github.com/erlang/otp/issues/10807 [gh-10968]: https://github.com/erlang/otp/issues/10968 [gh-11030]: https://github.com/erlang/otp/issues/11030 [gh-8569]: https://github.com/erlang/otp/issues/8569 [gh-8841]: https://github.com/erlang/otp/issues/8841 [gh-8993]: https://github.com/erlang/otp/issues/8993 [gh-9822]: https://github.com/erlang/otp/issues/9822 [openvex]: https://openssf.org/projects/openvex/ [pr-10013]: https://github.com/erlang/otp/pull/10013 [pr-10033]: https://github.com/erlang/otp/pull/10033 [pr-10078]: https://github.com/erlang/otp/pull/10078 [pr-10114]: https://github.com/erlang/otp/pull/10114 [pr-10115]: https://github.com/erlang/otp/pull/10115 [pr-10126]: https://github.com/erlang/otp/pull/10126 [pr-10134]: https://github.com/erlang/otp/pull/10134 [pr-10144]: https://github.com/erlang/otp/pull/10144 [pr-10145]: https://github.com/erlang/otp/pull/10145 [pr-10161]: https://github.com/erlang/otp/pull/10161 [pr-10166]: https://github.com/erlang/otp/pull/10166 [pr-10168]: https://github.com/erlang/otp/pull/10168 [pr-10187]: https://github.com/erlang/otp/pull/10187 [pr-10189]: https://github.com/erlang/otp/pull/10189 [pr-10193]: https://github.com/erlang/otp/pull/10193 [pr-10195]: https://github.com/erlang/otp/pull/10195 [pr-10197]: https://github.com/erlang/otp/pull/10197 [pr-10202]: https://github.com/erlang/otp/pull/10202 [pr-10207]: https://github.com/erlang/otp/pull/10207 [pr-10230]: https://github.com/erlang/otp/pull/10230 [pr-10234]: https://github.com/erlang/otp/pull/10234 [pr-10243]: https://github.com/erlang/otp/pull/10243 [pr-10253]: https://github.com/erlang/otp/pull/10253 [pr-10259]: https://github.com/erlang/otp/pull/10259 [pr-10269]: https://github.com/erlang/otp/pull/10269 [pr-10276]: https://github.com/erlang/otp/pull/10276 [pr-10277]: https://github.com/erlang/otp/pull/10277 [pr-10281]: https://github.com/erlang/otp/pull/10281 [pr-10304]: https://github.com/erlang/otp/pull/10304 [pr-10338]: https://github.com/erlang/otp/pull/10338 [pr-10346]: https://github.com/erlang/otp/pull/10346 [pr-10348]: https://github.com/erlang/otp/pull/10348 [pr-10372]: https://github.com/erlang/otp/pull/10372 [pr-10382]: https://github.com/erlang/otp/pull/10382 [pr-10387]: https://github.com/erlang/otp/pull/10387 [pr-10417]: https://github.com/erlang/otp/pull/10417 [pr-10421]: https://github.com/erlang/otp/pull/10421 [pr-10422]: https://github.com/erlang/otp/pull/10422 [pr-10426]: https://github.com/erlang/otp/pull/10426 [pr-10433]: https://github.com/erlang/otp/pull/10433 [pr-10449]: https://github.com/erlang/otp/pull/10449 [pr-10453]: https://github.com/erlang/otp/pull/10453 [pr-10478]: https://github.com/erlang/otp/pull/10478 [pr-10510]: https://github.com/erlang/otp/pull/10510 [pr-10511]: https://github.com/erlang/otp/pull/10511 [pr-10514]: https://github.com/erlang/otp/pull/10514 [pr-10519]: https://github.com/erlang/otp/pull/10519 [pr-10524]: https://github.com/erlang/otp/pull/10524 [pr-10532]: https://github.com/erlang/otp/pull/10532 [pr-10549]: https://github.com/erlang/otp/pull/10549 [pr-10554]: https://github.com/erlang/otp/pull/10554 [pr-10556]: https://github.com/erlang/otp/pull/10556 [pr-10564]: https://github.com/erlang/otp/pull/10564 [pr-10568]: https://github.com/erlang/otp/pull/10568 [pr-10571]: https://github.com/erlang/otp/pull/10571 [pr-10573]: https://github.com/erlang/otp/pull/10573 [pr-10578]: https://github.com/erlang/otp/pull/10578 [pr-10579]: https://github.com/erlang/otp/pull/10579 [pr-10580]: https://github.com/erlang/otp/pull/10580 [pr-10585]: https://github.com/erlang/otp/pull/10585 [pr-10592]: https://github.com/erlang/otp/pull/10592 [pr-10598]: https://github.com/erlang/otp/pull/10598 [pr-10601]: https://github.com/erlang/otp/pull/10601 [pr-10614]: https://github.com/erlang/otp/pull/10614 [pr-10615]: https://github.com/erlang/otp/pull/10615 [pr-10617]: https://github.com/erlang/otp/pull/10617 [pr-10619]: https://github.com/erlang/otp/pull/10619 [pr-10626]: https://github.com/erlang/otp/pull/10626 [pr-10642]: https://github.com/erlang/otp/pull/10642 [pr-10646]: https://github.com/erlang/otp/pull/10646 [pr-10647]: https://github.com/erlang/otp/pull/10647 [pr-10653]: https://github.com/erlang/otp/pull/10653 [pr-10656]: https://github.com/erlang/otp/pull/10656 [pr-10674]: https://github.com/erlang/otp/pull/10674 [pr-10710]: https://github.com/erlang/otp/pull/10710 [pr-10718]: https://github.com/erlang/otp/pull/10718 [pr-10730]: https://github.com/erlang/otp/pull/10730 [pr-10735]: https://github.com/erlang/otp/pull/10735 [pr-10739]: https://github.com/erlang/otp/pull/10739 [pr-10753]: https://github.com/erlang/otp/pull/10753 [pr-10754]: https://github.com/erlang/otp/pull/10754 [pr-10755]: https://github.com/erlang/otp/pull/10755 [pr-10770]: https://github.com/erlang/otp/pull/10770 [pr-10782]: https://github.com/erlang/otp/pull/10782 [pr-10783]: https://github.com/erlang/otp/pull/10783 [pr-10801]: https://github.com/erlang/otp/pull/10801 [pr-10804]: https://github.com/erlang/otp/pull/10804 [pr-10805]: https://github.com/erlang/otp/pull/10805 [pr-10808]: https://github.com/erlang/otp/pull/10808 [pr-10814]: https://github.com/erlang/otp/pull/10814 [pr-10817]: https://github.com/erlang/otp/pull/10817 [pr-10818]: https://github.com/erlang/otp/pull/10818 [pr-10819]: https://github.com/erlang/otp/pull/10819 [pr-10820]: https://github.com/erlang/otp/pull/10820 [pr-10821]: https://github.com/erlang/otp/pull/10821 [pr-10824]: https://github.com/erlang/otp/pull/10824 [pr-10830]: https://github.com/erlang/otp/pull/10830 [pr-10836]: https://github.com/erlang/otp/pull/10836 [pr-10838]: https://github.com/erlang/otp/pull/10838 [pr-10839]: https://github.com/erlang/otp/pull/10839 [pr-10870]: https://github.com/erlang/otp/pull/10870 [pr-10892]: https://github.com/erlang/otp/pull/10892 [pr-10894]: https://github.com/erlang/otp/pull/10894 [pr-10905]: https://github.com/erlang/otp/pull/10905 [pr-10910]: https://github.com/erlang/otp/pull/10910 [pr-10929]: https://github.com/erlang/otp/pull/10929 [pr-10938]: https://github.com/erlang/otp/pull/10938 [pr-10948]: https://github.com/erlang/otp/pull/10948 [pr-10949]: https://github.com/erlang/otp/pull/10949 [pr-10950]: https://github.com/erlang/otp/pull/10950 [pr-10951]: https://github.com/erlang/otp/pull/10951 [pr-10958]: https://github.com/erlang/otp/pull/10958 [pr-10962]: https://github.com/erlang/otp/pull/10962 [pr-10965]: https://github.com/erlang/otp/pull/10965 [pr-10969]: https://github.com/erlang/otp/pull/10969 [pr-10970]: https://github.com/erlang/otp/pull/10970 [pr-10979]: https://github.com/erlang/otp/pull/10979 [pr-10986]: https://github.com/erlang/otp/pull/10986 [pr-10993]: https://github.com/erlang/otp/pull/10993 [pr-10998]: https://github.com/erlang/otp/pull/10998 [pr-11000]: https://github.com/erlang/otp/pull/11000 [pr-11004]: https://github.com/erlang/otp/pull/11004 [pr-11010]: https://github.com/erlang/otp/pull/11010 [pr-11012]: https://github.com/erlang/otp/pull/11012 [pr-11019]: https://github.com/erlang/otp/pull/11019 [pr-11025]: https://github.com/erlang/otp/pull/11025 [pr-11031]: https://github.com/erlang/otp/pull/11031 [pr-11032]: https://github.com/erlang/otp/pull/11032 [pr-11047]: https://github.com/erlang/otp/pull/11047 [pr-11059]: https://github.com/erlang/otp/pull/11059 [pr-11062]: https://github.com/erlang/otp/pull/11062 [pr-11067]: https://github.com/erlang/otp/pull/11067 [pr-11069]: https://github.com/erlang/otp/pull/11069 [pr-11073]: https://github.com/erlang/otp/pull/11073 [pr-11078]: https://github.com/erlang/otp/pull/11078 [pr-11079]: https://github.com/erlang/otp/pull/11079 [pr-11080]: https://github.com/erlang/otp/pull/11080 [pr-7118]: https://github.com/erlang/otp/pull/7118 [pr-7315]: https://github.com/erlang/otp/pull/7315 [pr-9115]: https://github.com/erlang/otp/pull/9115 [pr-9125]: https://github.com/erlang/otp/pull/9125 [pr-9134]: https://github.com/erlang/otp/pull/9134 [pr-9153]: https://github.com/erlang/otp/pull/9153 [pr-9209]: https://github.com/erlang/otp/pull/9209 [pr-9223]: https://github.com/erlang/otp/pull/9223 [pr-9315]: https://github.com/erlang/otp/pull/9315 [pr-9374]: https://github.com/erlang/otp/pull/9374 [pr-9475]: https://github.com/erlang/otp/pull/9475 [pr-9712]: https://github.com/erlang/otp/pull/9712 [pr-9814]: https://github.com/erlang/otp/pull/9814 [pr-9864]: https://github.com/erlang/otp/pull/9864 [pr-9866]: https://github.com/erlang/otp/pull/9866 [pr-9894]: https://github.com/erlang/otp/pull/9894 [pr-9899]: https://github.com/erlang/otp/pull/9899 [pr-9934]: https://github.com/erlang/otp/pull/9934 [pr-9940]: https://github.com/erlang/otp/pull/9940 [pr-9984]: https://github.com/erlang/otp/pull/9984 [upcoming potential incompatibilities]: https://www.erlang.org/doc/upcoming_incompatibilities.html [`--{enable,disable}-use-embedded-3pp-alternatives`]: https://erlang.org/doc/system/install.html#advanced-configuration-and-build-of-erlang-otp_configuring [`beam_lib`]: https://erlang.org/doc/man/beam_lib [`calendar`]: https://erlang.org/doc/man/calendar [`compile`]: https://erlang.org/doc/man/compile [`crypto`]: https://erlang.org/doc/man/crypto [`ct_ftp`]: https://erlang.org/doc/man/ct_ftp [`digraph_utils`]: https://erlang.org/doc/man/digraph_utils [`digraph`]: https://erlang.org/doc/man/digraph [`erl_tar`]: https://erlang.org/doc/man/erl_tar [`ftp`]: https://erlang.org/doc/man/ftp [`httpc`]: https://erlang.org/doc/man/httpc [`json`]: https://erlang.org/doc/man/json [`qlc`]: https://erlang.org/doc/man/qlc [`socket`]: https://erlang.org/doc/man/socket [`unicode`]: https://erlang.org/doc/man/unicode [`xref`]: https://erlang.org/doc/man/xref [`zip`]: https://erlang.org/doc/man/zip ### [`v28.5`](https://github.com/erlang/otp/releases/tag/OTP-28.5): OTP 28.5 [Compare Source](https://github.com/erlang/otp/compare/OTP-28.4.3...OTP-28.5) ``` Patch Package: OTP 28.5 Git Tag: OTP-28.5 Date: 2026-04-23 Trouble Report Id: OTP-16607, OTP-19162, OTP-19967, OTP-20038, OTP-20043, OTP-20082, OTP-20094, OTP-20098, OTP-20101, OTP-20106 Seq num: GH-10667, GH-10812, GH-10915, GH-10967, OTP-16608, PR-10431, PR-10881, PR-10908, PR-10924, PR-10957, PR-10976, PR-11002, PR-11045 System: OTP Release: 28 Application: erl_interface-5.7, erts-16.4, mnesia-4.25.3, ssl-11.6 Predecessor: OTP 28.4.3 ``` Check out the git tag OTP-28.5, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp\_patch\_apply' tool. For information on install requirements, see descriptions for each application version below. ### HIGHLIGHTS - There is a new "Secure Coding Guidelines" document in [Design Principles] describing how to write secure Erlang code. Own Id: OTP-20043\ Application(s): otp\ Related Id(s): [PR-10431] ### OTP-28.5 #### Improvements and New Features - There is a new "Secure Coding Guidelines" document in [Design Principles] describing how to write secure Erlang code. Own Id: OTP-20043\ Related Id(s): [PR-10431] \*\*\* HIGHLIGHT \*\*\* ### erl\_interface-5.7 The erl\_interface-5.7 application can be applied independently of other applications on a full OTP 28 installation. #### Improvements and New Features - A new `configure` option [`--{enable,disable}-use-embedded-3pp-alternatives` ][`--{enable,disable}-use-embedded-3pp-alternatives`] has been added. When *enabled*, `configure` is forced to find alternatives, to a subset, of the embedded third-party products (*3pps*) in the runtime system, and when *disabled*, `configure` will use all internal embedded 3pps. Currently this option affects `zstd`, `zlib`, `ryu` (with `STL`), `openssl` and `tcl`. The default is to use all built-in embedded 3pps except for `zlib` which by default will use `zlib` on the OS if available. Requirements for alternatives: - `zstd` - Static library and include files of at least version 1.5.6 needs to be available. - `zlib` - Library and include files of at least version 1.2.5 needs to be available. - `ryu` (with `STL`) - A usable C++ compiler with C++17 support. - `openssl` - No requirements. Our own MD5 implementation will be used. - `tcl` - The `strerrorname_np()` function (introduced in glibc 2.32) mapping errno integers to symbolic names needs to be available. The argument [`embedded_3pps`] has been added to `erlang:system_info/1`. It returns a map with information about the use of embedded 3pps in the runtime system. Own Id: OTP-20106\ Related Id(s): [PR-11045] #### Known Bugs and Problems - The `ei` API for decoding/encoding terms is not fully 64-bit compatible since terms that have a representation on the external term format larger than 2 GB cannot be handled. Own Id: OTP-16607\ Related Id(s): OTP-16608 ### erts-16.4 The erts-16.4 application can be applied independently of other applications on a full OTP 28 installation. #### Fixed Bugs and Malfunctions - Fixed bug in `enif_make_map_from_arrays` for arrays with at least 33 keys. If duplicate keys existed, instead of failing, it would skip the duplicates. If less than 33 unique keys existed, an internally inconsistent and broken map was returned. Own Id: OTP-20098\ Related Id(s): [PR-10976] - Fixed an issue when supplying the args\_file option to erl.exe on windows that did not handle unicode characters correctly. Own Id: OTP-20101\ Related Id(s): [GH-10667] #### Improvements and New Features - A new `configure` option [`--{enable,disable}-use-embedded-3pp-alternatives` ][`--{enable,disable}-use-embedded-3pp-alternatives`] has been added. When *enabled*, `configure` is forced to find alternatives, to a subset, of the embedded third-party products (*3pps*) in the runtime system, and when *disabled*, `configure` will use all internal embedded 3pps. Currently this option affects `zstd`, `zlib`, `ryu` (with `STL`), `openssl` and `tcl`. The default is to use all built-in embedded 3pps except for `zlib` which by default will use `zlib` on the OS if available. Requirements for alternatives: - `zstd` - Static library and include files of at least version 1.5.6 needs to be available. - `zlib` - Library and include files of at least version 1.2.5 needs to be available. - `ryu` (with `STL`) - A usable C++ compiler with C++17 support. - `openssl` - No requirements. Our own MD5 implementation will be used. - `tcl` - The `strerrorname_np()` function (introduced in glibc 2.32) mapping errno integers to symbolic names needs to be available. The argument [`embedded_3pps`] has been added to `erlang:system_info/1`. It returns a map with information about the use of embedded 3pps in the runtime system. Own Id: OTP-20106\ Related Id(s): [PR-11045] > #### Full runtime dependencies of erts-16.4 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### mnesia-4.25.3 The mnesia-4.25.3 application can be applied independently of other applications on a full OTP 28 installation. #### Fixed Bugs and Malfunctions - Added documentation for `user_properties` and functions `read_table_property/2`, `write_table_property/2`, `delete_table_property`. Enhanced documentation for `frag_properties`. Own Id: OTP-20038\ Related Id(s): [GH-10812], [PR-10881] - Fixed a bug where stacktrace was not returned from `mnesia:transaction/1` when transaction aborts with an error exception. Own Id: OTP-20094\ Related Id(s): [GH-10967], [PR-11002] > #### Full runtime dependencies of mnesia-4.25.3 > > erts-9.0, kernel-5.3, stdlib-5.0 ### ssl-11.6 Note! The ssl-11.6 application *cannot* be applied independently of other applications on an arbitrary OTP 28 installation. ``` On a full OTP 28 installation, also the following runtime dependencies have to be satisfied: -- crypto-5.8 (first satisfied in OTP 28.3) -- public_key-1.20.3 (first satisfied in OTP 28.4.2) ``` #### Fixed Bugs and Malfunctions - Preserve inet option order, as inet\_backend option must be first option. Will make inet\_backend option work for ssl independently of number of inet supplied options. Own Id: OTP-19162\ Related Id(s): [PR-10908] - Missing conformance check for signature algorithms in TLS-1.3 could cause selection of incompatible certificate when a server is configured with more than one possible certificate. Own Id: OTP-20082\ Related Id(s): [GH-10915], [PR-10924] #### Improvements and New Features - Avoid unnecessary memory consumption for temporary processes in a supervision tree. Own Id: OTP-19967\ Related Id(s): [PR-10957] > #### Full runtime dependencies of ssl-11.6 > > crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public\_key-1.20.3, runtime\_tools-1.15.1, stdlib-7.0 ### Thanks to felipe stival, Hewwho, Hugo Baraúna, Nick Vatamaniuc, Viktor Söderqvist, William Yang [design principles]: https://www.erlang.org/doc/system/design_principles.html [gh-10667]: https://github.com/erlang/otp/issues/10667 [gh-10812]: https://github.com/erlang/otp/issues/10812 [gh-10915]: https://github.com/erlang/otp/issues/10915 [gh-10967]: https://github.com/erlang/otp/issues/10967 [pr-10431]: https://github.com/erlang/otp/pull/10431 [pr-10881]: https://github.com/erlang/otp/pull/10881 [pr-10908]: https://github.com/erlang/otp/pull/10908 [pr-10924]: https://github.com/erlang/otp/pull/10924 [pr-10957]: https://github.com/erlang/otp/pull/10957 [pr-10976]: https://github.com/erlang/otp/pull/10976 [pr-11002]: https://github.com/erlang/otp/pull/11002 [pr-11045]: https://github.com/erlang/otp/pull/11045 [`--{enable,disable}-use-embedded-3pp-alternatives`]: https://erlang.org/doc/system/install.html#advanced-configuration-and-build-of-erlang-otp_configuring [`embedded_3pps`]: https://erlang.org/doc/man/erlang#system_info_embedded_3pps ### [`v28.4.3`](https://github.com/erlang/otp/releases/tag/OTP-28.4.3): OTP 28.4.3 [Compare Source](https://github.com/erlang/otp/compare/OTP-28.4.2...OTP-28.4.3) ``` Patch Package: OTP 28.4.3 Git Tag: OTP-28.4.3 Date: 2026-04-21 Trouble Report Id: OTP-20081, OTP-20086, OTP-20104 Seq num: #10968, CVE-2026-32147, PR-10985, PR-11027 System: OTP Release: 28 Application: kernel-10.6.3, ssh-5.5.2 Predecessor: OTP 28.4.2 ``` Check out the git tag OTP-28.4.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp\_patch\_apply' tool. For information on install requirements, see descriptions for each application version below. ### OTP-28.4.3 #### Fixed Bugs and Malfunctions - Fix the `otp_patch_apply` script to properly handle installation of documentation for OTP versions with more than one digit in version parts less significant than the major version. Own Id: OTP-20086\ Related Id(s): [PR-10985] ### kernel-10.6.3 The kernel-10.6.3 application can be applied independently of other applications on a full OTP 28 installation. #### Fixed Bugs and Malfunctions - On Windows, sockets has to be bound when using 'socket'. Therefor when using gen\_tcp with inet\_backend = socket, gen\_tcp\_socket bind even if the caller has not provided an explicit bind address. In that case it attempts to locate a "proper" address on its own. But if the connect address is the loopback address, this could lead to an attempt to bind to an external interface. So, this has now been changed so that if the connect address is the loopback address, the loopback address will also be used when binding. Own Id: OTP-20104\ Related Id(s): [#10968] > #### Full runtime dependencies of kernel-10.6.3 > > crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0 ### ssh-5.5.2 Note! The ssh-5.5.2 application *cannot* be applied independently of other applications on an arbitrary OTP 28 installation. ``` On a full OTP 28 installation, also the following runtime dependency has to be satisfied: -- crypto-5.7 (first satisfied in OTP 28.1) ``` #### Fixed Bugs and Malfunctions - Fixed a vulnerability in the SFTP server where file attributes could be modified outside the configured root directory. When using FSETSTAT on an open file handle, the operation used the path stored in the handle without verifying it was within the root directory, allowing attribute changes to files outside the chroot boundary. Thanks to John Downey. Own Id: OTP-20081\ Related Id(s): [PR-11027], [CVE-2026-32147] > #### Full runtime dependencies of ssh-5.5.2 > > crypto-5.7, erts-14.0, kernel-10.3, public\_key-1.6.1, runtime\_tools-1.15.1, stdlib-5.0, stdlib-6.0 [#10968]: https://github.com/erlang/otp/issues/10968 [cve-2026-32147]: https://nvd.nist.gov/vuln/detail/CVE-2026-32147 [pr-10985]: https://github.com/erlang/otp/pull/10985 [pr-11027]: https://github.com/erlang/otp/pull/11027 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate added 1 commit

2026-05-13 12:00:19 +02:00

Update dependency erlang to v29 6b06a5f037