chore(deps): update dependency erlang to v29.0.3 #169

Open
renovate wants to merge 1 commit from renovate/erlang-29.x into main
Collaborator

This PR contains the following updates:

Package Update Change
erlang patch 29.0.129.0.3

Release Notes

erlang/otp (erlang)

v29.0.3: OTP 29.0.3

Compare Source

Patch Package:           OTP 29.0.3
Git Tag:                 OTP-29.0.3
Date:                    2026-07-02
Trouble Report Id:       OTP-20173, OTP-20183, OTP-20185, OTP-20186,
                         OTP-20190, OTP-20191, OTP-20194, OTP-20196,
                         OTP-20197, OTP-20198, OTP-20199, OTP-20200,
                         OTP-20201, OTP-20206, OTP-20207, OTP-20208,
                         OTP-20215, OTP-20216, OTP-20217, OTP-20220,
                         OTP-20222, OTP-20226, OTP-20227, OTP-20230,
                         OTP-20231, OTP-20232, OTP-20233
Seq num:                 CVE-2026-53422, CVE-2026-54886,
                         CVE-2026-54887, CVE-2026-54891,
                         CVE-2026-55950, CVE-2026-55952, ERIERL-1333,
                         GH-SA-7wp4-pc27-2vj9, GH-SA-h9pw-h5w4-h976,
                         PR-11209, PR-11215, PR-11219, PR-11230,
                         PR-11239, PR-11244, PR-11247, PR-11250,
                         PR-11259, PR-11268, PR-11269, PR-11270,
                         PR-11271, PR-11281, PR-11282, PR-11283,
                         PR-11289, PR-11294, PR-11295, PR-11299,
                         PR-11302, PR-11306, PR-11307, PR-11309,
                         PR-11311
System:                  OTP
Release:                 29
Application:             common_test-1.31.1, compiler-10.0.2,
                         crypto-5.9.1, dialyzer-6.0.2, erts-17.0.3,
                         kernel-11.0.3, public_key-1.21.3, ssh-6.0.2,
                         ssl-11.7.3, stdlib-8.0.2
Predecessor:             OTP 29.0.2

Check out the git tag OTP-29.0.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

common_test-1.31.1

The common_test-1.31.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a crash in ct_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation.

    Own Id: OTP-20191
    Related Id(s): ERIERL-1333, PR-11230

Full runtime dependencies of common_test-1.31.1

compiler-10.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-11.0, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-8.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8

compiler-10.0.2

The compiler-10.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed.

    Own Id: OTP-20222
    Related Id(s): PR-11219

Full runtime dependencies of compiler-10.0.2

crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0

crypto-5.9.1

The crypto-5.9.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • crypto:compute_key/4 for eddh and crypto:generate_key/2,3 for eddh/eddsa now raise an error:{notsup, Info, Description} exception instead of returning the atom notsup when the underlying cryptolib lacks support.

    Own Id: OTP-20215
    Related Id(s): PR-11302

Full runtime dependencies of crypto-5.9.1

erts-9.0, kernel-6.0, stdlib-3.9

dialyzer-6.0.2

The dialyzer-6.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fix a bug with native record sets in erl_types.erl

    Own Id: OTP-20201

Full runtime dependencies of dialyzer-6.0.2

compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0

erts-17.0.3

The erts-17.0.3 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed an undefined behavior in the internal erts_qsort() function, which could have been the cause of a beam crash seen when updating large maps.

    Own Id: OTP-20185
    Related Id(s): PR-11215

  • Calculating bxor of the largest supported positive integer (erlang:system_info(max_integer)) and -1 would return [] instead of a raising a system_limit exception.

    Own Id: OTP-20208
    Related Id(s): PR-11269

  • Fix possible race between ets:delete/1 and terminating process with a fixation on the same table.

    Own Id: OTP-20217
    Related Id(s): PR-11283

  • A few code generation issues for the JIT on AArch64 (ARM64) have been fixed.

    For all platforms, the loader will reject some invalid BEAM files earlier.

    Own Id: OTP-20226
    Related Id(s): PR-11299

  • On 32-bit computers, the md5 BIFs would return an incorrect MD5 checksum for data of size 4GiB or more.

    Own Id: OTP-20227
    Related Id(s): PR-11289

Full runtime dependencies of erts-17.0.3

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-11.0.3

The kernel-11.0.3 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • inet:info/1 could crash when calling for a closing (port) socket.

    Own Id: OTP-20173

  • Handling of the truncation bit in inet_res has been fixed so it properly falls back to querying over TCP after a truncated UDP reply.

    This fixes a bug introduced in OTP-28.4.2 - kernel-10.6.2 making a truncated UDP answer fail to parse and never execute the fallback, instead the name resolve operation fails.

    Own Id: OTP-20199
    Related Id(s): PR-11247

Full runtime dependencies of kernel-11.0.3

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

public_key-1.21.3

The public_key-1.21.3 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding.

    Own Id: OTP-20197
    Related Id(s): PR-11239

Full runtime dependencies of public_key-1.21.3

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

ssh-6.0.2

The ssh-6.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a path-existence oracle in the SFTP server where SSH_FXP_REALPATH requests with .. components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem.

    Own Id: OTP-20183
    Related Id(s): GH-SA-h9pw-h5w4-h976, PR-11294, CVE-2026-53422

  • Fixed an infinite loop in the SFTP server triggered when receiving SSH_MSG_CHANNEL_EXTENDED_DATA on an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue.

    Own Id: OTP-20186
    Related Id(s): GH-SA-7wp4-pc27-2vj9, PR-11295, CVE-2026-54886

  • Fixed mlkem768x25519 hybrid key exchange failing intermittently with "incorrect signature" when the X25519 shared secret had a leading zero byte. The shared secret is now encoded as a fixed-width 32-byte string per the specification.

    Own Id: OTP-20196
    Related Id(s): PR-11209

  • Fixed a race condition where SSH keepalive responses could be matched to unrelated pending requests due to incorrect request queue ordering. Requests are now matched in the order they were sent.

    Own Id: OTP-20198
    Related Id(s): PR-11244

  • The SFTP server now caps the read length in SSH_FXP_READ requests to 255 KiB (matching OpenSSH's SFTP_MAX_READ_LENGTH), preventing excessive memory allocation when clients request large reads.

    Own Id: OTP-20200
    Related Id(s): PR-11259

  • Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade.

    Own Id: OTP-20206
    Related Id(s): PR-11268

Full runtime dependencies of ssh-6.0.2

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-8.0

ssl-11.7.3

Note! The ssl-11.7.3 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.

   On a full OTP 29 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.21.1 (first satisfied in OTP 29.0.1)

Fixed Bugs and Malfunctions

  • Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown.

    Own Id: OTP-20190
    Related Id(s): PR-11250

  • Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window.

    Own Id: OTP-20194
    Related Id(s): PR-11271, CVE-2026-54887

  • Guard TLS client for MITM injection of application data during "plain-text-window" during handshake.

    Own Id: OTP-20207
    Related Id(s): PR-11270, CVE-2026-54891

  • Improve error handling of TLS PSK sending ILLIGAL_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs.

    Own Id: OTP-20216
    Related Id(s): PR-11282, CVE-2026-55952

  • Fix race condition that could be used to DoS attack DTLS servers.

    Own Id: OTP-20220
    Related Id(s): PR-11306, CVE-2026-55950

  • A TLS-1.3 stateless session ticket with obfuscated_ticket_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value.

    Own Id: OTP-20230
    Related Id(s): PR-11307

  • TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4

    Own Id: OTP-20231
    Related Id(s): PR-11309

  • A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used.

    Own Id: OTP-20232
    Related Id(s): PR-11311

  • Correct spec for CRL API

    Own Id: OTP-20233
    Related Id(s): PR-11281

Full runtime dependencies of ssl-11.7.3

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, runtime_tools-1.15.1, stdlib-7.0

stdlib-8.0.2

The stdlib-8.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed.

    Own Id: OTP-20222
    Related Id(s): PR-11219

Full runtime dependencies of stdlib-8.0.2

compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax_tools-3.2.1

Thanks to

Cole Christensen, Nick Krichevsky, Stefan Grundmann

v29.0.2: OTP 29.0.2

Compare Source

Patch Package:           OTP 29.0.2
Git Tag:                 OTP-29.0.2
Date:                    2026-06-10
Trouble Report Id:       OTP-20057, OTP-20149, OTP-20150, OTP-20151,
                         OTP-20153, OTP-20154, OTP-20155, OTP-20156,
                         OTP-20160, OTP-20161, OTP-20162, OTP-20163,
                         OTP-20165, OTP-20166, OTP-20170, OTP-20172,
                         OTP-20174, OTP-20178, OTP-20181
Seq num:                 CVE-2026-48855, CVE-2026-48856,
                         CVE-2026-48858, CVE-2026-48859,
                         CVE-2026-48860, CVE-2026-49759,
                         CVE-2026-49760, GH-11104, GH-11105, GH-11152,
                         GH-SA-24cv-hwgr-37fq, GH-SA-3w6p-vwhf-wvp4,
                         GH-SA-6f4f-chj5-5g97, GH-SA-gp7x-mfv6-52cv,
                         GH-SA-m75x-4vwg-ggjh, GH-SA-pv7g-pjrq-x2fh,
                         GH-SA-xcxj-5pg2-v72j, PR-11141, PR-11145,
                         PR-11146, PR-11148, PR-11154, PR-11157,
                         PR-11168, PR-11181, PR-11186, PR-11192,
                         PR-11193, PR-11195, PR-11199, PR-11205,
                         PR-11212, PR-1234, PR-27384
System:                  OTP
Release:                 29
Application:             dialyzer-6.0.1, diameter-2.7.1,
                         erl_interface-5.8.1, erts-17.0.2, ftp-1.2.6,
                         inets-9.7.1, kernel-11.0.2, mnesia-4.26.1,
                         public_key-1.21.2, ssh-6.0.1, ssl-11.7.2,
                         stdlib-8.0.1, tools-4.2.1
Predecessor:             OTP 29.0.1

Check out the git tag OTP-29.0.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

dialyzer-6.0.1

The dialyzer-6.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fix native record bugs in Dialyzer

    Own Id: OTP-20178
    Related Id(s): PR-11199

Full runtime dependencies of dialyzer-6.0.1

compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0

diameter-2.7.1

The diameter-2.7.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed return value documentation of diameter:service_info(SvcName, statistics)

    Own Id: OTP-20150
    Related Id(s): GH-11105, PR-11146

Full runtime dependencies of diameter-2.7.1

erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0

erl_interface-5.8.1

The erl_interface-5.8.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

erts-17.0.2

The erts-17.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • A buffer overflow error when parsing SCTP ERROR or ABORT chunks has been fixed.

    This could lead to stack corruption and VM crash, but ultimately with hard work by an attacker be refined into maybe even remote code execution.

    Own Id: OTP-20165
    Related Id(s): GH-SA-6f4f-chj5-5g97, PR-1234, CVE-2026-49759

Full runtime dependencies of erts-17.0.2

kernel-9.0, sasl-3.3, stdlib-4.1

ftp-1.2.6

The ftp-1.2.6 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • FTP client default connections that use the so called passive mode of FTP fails to properly validating the response IP of the server, hence a malicious or compromised FTP server could redirect the data connection to an arbitrary host, enabling s server-side request forgery (SSRF) and FTP bounce attacks.

    Own Id: OTP-20166
    Related Id(s): GH-SA-24cv-hwgr-37fq, PR-11186, CVE-2026-48858

Full runtime dependencies of ftp-1.2.6

erts-7.0, kernel-6.0, runtime_tools-1.15.1, ssl-10.2, stdlib-3.5

inets-9.7.1

The inets-9.7.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • The HTTP client (httpc) now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port. Previously these headers were forwarded verbatim, potentially leaking credentials to unintended targets.

    This follows the requirements of RFC 9110 §15.4.

    Own Id: OTP-20155
    Related Id(s): GH-SA-m75x-4vwg-ggjh, PR-11212, CVE-2026-48856

Full runtime dependencies of inets-9.7.1

erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0

kernel-11.0.2

The kernel-11.0.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • gen_tcp_socket accept should explicitly inherit the same options as plain gen_tcp.

    Own Id: OTP-20057

Full runtime dependencies of kernel-11.0.2

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

mnesia-4.26.1

The mnesia-4.26.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed docs of mnesia:write/3 to clarify when a transaction can terminate.

    Own Id: OTP-20149
    Related Id(s): GH-11104, PR-11145

Full runtime dependencies of mnesia-4.26.1

erts-9.0, kernel-5.3, stdlib-5.0

public_key-1.21.2

The public_key-1.21.2 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Add missing macro reference for legacy algorithms md5 and sha224. This mainly improves error handling.

    Own Id: OTP-20172
    Related Id(s): PR-11195

Full runtime dependencies of public_key-1.21.2

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

ssh-6.0.1

The ssh-6.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fixed a timing-based username enumeration vulnerability during password authentication with the user_passwords option. A dummy PBKDF2 computation is now performed for invalid usernames to match the response time of valid ones.

    Own Id: OTP-20153
    Related Id(s): GH-SA-3w6p-vwhf-wvp4, PR-11157, CVE-2026-48859

  • Fixed SSH_FXP_READLINK handler in ssh_sftpd to strip the backend root prefix from symlink targets before returning them to the client, preventing disclosure of the server's absolute filesystem path when the root option is configured.

    Own Id: OTP-20162
    Related Id(s): GH-SA-pv7g-pjrq-x2fh, PR-11192, CVE-2026-48855

  • Fixed a race condition where SSH keep-alive responses could consume pending channel open requests, causing channel setup to fail silently.

    Own Id: OTP-20181
    Related Id(s): PR-11205

Full runtime dependencies of ssh-6.0.1

crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-8.0

ssl-11.7.2

Note! The ssl-11.7.2 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.

   On a full OTP 29 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.21.1 (first satisfied in OTP 29.0.1)

Fixed Bugs and Malfunctions

  • Fix miscellanies issues that could cause unnecessary memory consumption and in some less common scenarios or configurations cause connection failures.

    Own Id: OTP-20154
    Related Id(s): PR-11148

  • Erlang distribution over TLS run with the kernel 'check_ip' flag now properly enforce connecting nodes to be on the same LAN.

    Own Id: OTP-20156
    Related Id(s): GH-SA-gp7x-mfv6-52cv, PR-11181, CVE-2026-48860

  • Enhance error message, by fixing typo of atom in new error message related to `public_key` CVE-2026-42790 solution.

    Own Id: OTP-20161
    Related Id(s): PR-11148

  • Corrected SNI handling for TLS-1.3 only server, could cause connection failures if supported signature algorithms where changed by SNI option update.

    Own Id: OTP-20174
    Related Id(s): PR-27384

Full runtime dependencies of ssl-11.7.2

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, runtime_tools-1.15.1, stdlib-7.0

stdlib-8.0.1

The stdlib-8.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Fix a bug where a tuple record operation within a native record anonymous update can crash.

    Own Id: OTP-20151
    Related Id(s): PR-11141

  • Fixed some bugs in io_lib:bformat/2 and native record printing.

    Own Id: OTP-20170
    Related Id(s): PR-11154

Full runtime dependencies of stdlib-8.0.1

compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax_tools-3.2.1

tools-4.2.1

The tools-4.2.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

  • Xref could crash instead of returning an appropriate error tuple when asked to open a BEAM file without debug information but with a moduledoc(false) attribute.

    Own Id: OTP-20163
    Related Id(s): GH-11152, PR-11168

Full runtime dependencies of tools-4.2.1

compiler-8.5, crypto-5.9, erts-15.0, kernel-10.0, public_key-1.21, runtime_tools-2.1, stdlib-6.0

Thanks to

John Downey, Jonatan Männchen


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [erlang](https://github.com/erlang/otp) | patch | `29.0.1` → `29.0.3` | --- ### Release Notes <details> <summary>erlang/otp (erlang)</summary> ### [`v29.0.3`](https://github.com/erlang/otp/releases/tag/OTP-29.0.3): OTP 29.0.3 [Compare Source](https://github.com/erlang/otp/compare/OTP-29.0.2...OTP-29.0.3) ``` Patch Package: OTP 29.0.3 Git Tag: OTP-29.0.3 Date: 2026-07-02 Trouble Report Id: OTP-20173, OTP-20183, OTP-20185, OTP-20186, OTP-20190, OTP-20191, OTP-20194, OTP-20196, OTP-20197, OTP-20198, OTP-20199, OTP-20200, OTP-20201, OTP-20206, OTP-20207, OTP-20208, OTP-20215, OTP-20216, OTP-20217, OTP-20220, OTP-20222, OTP-20226, OTP-20227, OTP-20230, OTP-20231, OTP-20232, OTP-20233 Seq num: CVE-2026-53422, CVE-2026-54886, CVE-2026-54887, CVE-2026-54891, CVE-2026-55950, CVE-2026-55952, ERIERL-1333, GH-SA-7wp4-pc27-2vj9, GH-SA-h9pw-h5w4-h976, PR-11209, PR-11215, PR-11219, PR-11230, PR-11239, PR-11244, PR-11247, PR-11250, PR-11259, PR-11268, PR-11269, PR-11270, PR-11271, PR-11281, PR-11282, PR-11283, PR-11289, PR-11294, PR-11295, PR-11299, PR-11302, PR-11306, PR-11307, PR-11309, PR-11311 System: OTP Release: 29 Application: common_test-1.31.1, compiler-10.0.2, crypto-5.9.1, dialyzer-6.0.2, erts-17.0.3, kernel-11.0.3, public_key-1.21.3, ssh-6.0.2, ssl-11.7.3, stdlib-8.0.2 Predecessor: OTP 29.0.2 ``` Check out the git tag OTP-29.0.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp\_patch\_apply' tool. For information on install requirements, see descriptions for each application version below. ### common\_test-1.31.1 The common\_test-1.31.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed a crash in ct\_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation. Own Id: OTP-20191\ Related Id(s): ERIERL-1333, [PR-11230] > #### Full runtime dependencies of common\_test-1.31.1 > > compiler-10.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-11.0, observer-2.1, runtime\_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-8.0, syntax\_tools-1.7, tools-3.2, xmerl-1.3.8 ### compiler-10.0.2 The compiler-10.0.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed. Own Id: OTP-20222\ Related Id(s): [PR-11219] > #### Full runtime dependencies of compiler-10.0.2 > > crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0 ### crypto-5.9.1 The crypto-5.9.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - `crypto:compute_key/4` for `eddh` and `crypto:generate_key/2,3` for `eddh`/`eddsa` now raise an `error:{notsup, Info, Description}` exception instead of returning the atom `notsup` when the underlying cryptolib lacks support. Own Id: OTP-20215\ Related Id(s): [PR-11302] > #### Full runtime dependencies of crypto-5.9.1 > > erts-9.0, kernel-6.0, stdlib-3.9 ### dialyzer-6.0.2 The dialyzer-6.0.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fix a bug with native record sets in `erl_types.erl` Own Id: OTP-20201 > #### Full runtime dependencies of dialyzer-6.0.2 > > compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax\_tools-2.0 ### erts-17.0.3 The erts-17.0.3 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed an undefined behavior in the internal `erts_qsort()` function, which could have been the cause of a beam crash seen when updating large maps. Own Id: OTP-20185\ Related Id(s): [PR-11215] - Calculating `bxor` of the largest supported positive integer (`erlang:system_info(max_integer)`) and `-1` would return `[]` instead of a raising a `system_limit` exception. Own Id: OTP-20208\ Related Id(s): [PR-11269] - Fix possible race between `ets:delete/1` and terminating process with a fixation on the same table. Own Id: OTP-20217\ Related Id(s): [PR-11283] - A few code generation issues for the JIT on AArch64 (ARM64) have been fixed. For all platforms, the loader will reject some invalid BEAM files earlier. Own Id: OTP-20226\ Related Id(s): [PR-11299] - On 32-bit computers, the `md5` BIFs would return an incorrect MD5 checksum for data of size 4GiB or more. Own Id: OTP-20227\ Related Id(s): [PR-11289] > #### Full runtime dependencies of erts-17.0.3 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### kernel-11.0.3 The kernel-11.0.3 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - inet:info/1 could crash when calling for a closing (port) socket. Own Id: OTP-20173 - Handling of the truncation bit in `inet_res` has been fixed so it properly falls back to querying over TCP after a truncated UDP reply. This fixes a bug introduced in OTP-28.4.2 - kernel-10.6.2 making a truncated UDP answer fail to parse and never execute the fallback, instead the name resolve operation fails. Own Id: OTP-20199\ Related Id(s): [PR-11247] > #### Full runtime dependencies of kernel-11.0.3 > > crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0 ### public\_key-1.21.3 The public\_key-1.21.3 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding. Own Id: OTP-20197\ Related Id(s): [PR-11239] > #### Full runtime dependencies of public\_key-1.21.3 > > asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0 ### ssh-6.0.2 The ssh-6.0.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed a path-existence oracle in the SFTP server where `SSH_FXP_REALPATH` requests with `..` components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem. Own Id: OTP-20183\ Related Id(s): [GH-SA-h9pw-h5w4-h976], [PR-11294], [CVE-2026-53422] - Fixed an infinite loop in the SFTP server triggered when receiving `SSH_MSG_CHANNEL_EXTENDED_DATA` on an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue. Own Id: OTP-20186\ Related Id(s): [GH-SA-7wp4-pc27-2vj9], [PR-11295], [CVE-2026-54886] - Fixed mlkem768x25519 hybrid key exchange failing intermittently with "incorrect signature" when the X25519 shared secret had a leading zero byte. The shared secret is now encoded as a fixed-width 32-byte string per the specification. Own Id: OTP-20196\ Related Id(s): [PR-11209] - Fixed a race condition where SSH keepalive responses could be matched to unrelated pending requests due to incorrect request queue ordering. Requests are now matched in the order they were sent. Own Id: OTP-20198\ Related Id(s): [PR-11244] - The SFTP server now caps the read length in `SSH_FXP_READ` requests to 255 KiB (matching OpenSSH's `SFTP_MAX_READ_LENGTH`), preventing excessive memory allocation when clients request large reads. Own Id: OTP-20200\ Related Id(s): [PR-11259] - Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-\* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade. Own Id: OTP-20206\ Related Id(s): [PR-11268] > #### Full runtime dependencies of ssh-6.0.2 > > crypto-5.7, erts-14.0, kernel-10.3, public\_key-1.6.1, runtime\_tools-1.15.1, stdlib-8.0 ### ssl-11.7.3 Note! The ssl-11.7.3 application *cannot* be applied independently of other applications on an arbitrary OTP 29 installation. ``` On a full OTP 29 installation, also the following runtime dependency has to be satisfied: -- public_key-1.21.1 (first satisfied in OTP 29.0.1) ``` #### Fixed Bugs and Malfunctions - Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE\_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown. Own Id: OTP-20190\ Related Id(s): [PR-11250] - Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window. Own Id: OTP-20194\ Related Id(s): [PR-11271], [CVE-2026-54887] - Guard TLS client for MITM injection of application data during "plain-text-window" during handshake. Own Id: OTP-20207\ Related Id(s): [PR-11270], [CVE-2026-54891] - Improve error handling of TLS PSK sending ILLIGAL\_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs. Own Id: OTP-20216\ Related Id(s): [PR-11282], [CVE-2026-55952] - Fix race condition that could be used to DoS attack DTLS servers. Own Id: OTP-20220\ Related Id(s): [PR-11306], [CVE-2026-55950] - A TLS-1.3 stateless session ticket with obfuscated\_ticket\_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value. Own Id: OTP-20230\ Related Id(s): [PR-11307] - TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4 Own Id: OTP-20231\ Related Id(s): [PR-11309] - A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used. Own Id: OTP-20232\ Related Id(s): [PR-11311] - Correct spec for CRL API Own Id: OTP-20233\ Related Id(s): [PR-11281] > #### Full runtime dependencies of ssl-11.7.3 > > crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public\_key-1.21.1, runtime\_tools-1.15.1, stdlib-7.0 ### stdlib-8.0.2 The stdlib-8.0.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed. Own Id: OTP-20222\ Related Id(s): [PR-11219] > #### Full runtime dependencies of stdlib-8.0.2 > > compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax\_tools-3.2.1 ### Thanks to Cole Christensen, Nick Krichevsky, Stefan Grundmann [cve-2026-53422]: https://nvd.nist.gov/vuln/detail/CVE-2026-53422 [cve-2026-54886]: https://nvd.nist.gov/vuln/detail/CVE-2026-54886 [cve-2026-54887]: https://nvd.nist.gov/vuln/detail/CVE-2026-54887 [cve-2026-54891]: https://nvd.nist.gov/vuln/detail/CVE-2026-54891 [cve-2026-55950]: https://nvd.nist.gov/vuln/detail/CVE-2026-55950 [cve-2026-55952]: https://nvd.nist.gov/vuln/detail/CVE-2026-55952 [gh-sa-7wp4-pc27-2vj9]: https://github.com/erlang/otp/issues/SA-7wp4-pc27-2vj9 [gh-sa-h9pw-h5w4-h976]: https://github.com/erlang/otp/issues/SA-h9pw-h5w4-h976 [pr-11209]: https://github.com/erlang/otp/pull/11209 [pr-11215]: https://github.com/erlang/otp/pull/11215 [pr-11219]: https://github.com/erlang/otp/pull/11219 [pr-11230]: https://github.com/erlang/otp/pull/11230 [pr-11239]: https://github.com/erlang/otp/pull/11239 [pr-11244]: https://github.com/erlang/otp/pull/11244 [pr-11247]: https://github.com/erlang/otp/pull/11247 [pr-11250]: https://github.com/erlang/otp/pull/11250 [pr-11259]: https://github.com/erlang/otp/pull/11259 [pr-11268]: https://github.com/erlang/otp/pull/11268 [pr-11269]: https://github.com/erlang/otp/pull/11269 [pr-11270]: https://github.com/erlang/otp/pull/11270 [pr-11271]: https://github.com/erlang/otp/pull/11271 [pr-11281]: https://github.com/erlang/otp/pull/11281 [pr-11282]: https://github.com/erlang/otp/pull/11282 [pr-11283]: https://github.com/erlang/otp/pull/11283 [pr-11289]: https://github.com/erlang/otp/pull/11289 [pr-11294]: https://github.com/erlang/otp/pull/11294 [pr-11295]: https://github.com/erlang/otp/pull/11295 [pr-11299]: https://github.com/erlang/otp/pull/11299 [pr-11302]: https://github.com/erlang/otp/pull/11302 [pr-11306]: https://github.com/erlang/otp/pull/11306 [pr-11307]: https://github.com/erlang/otp/pull/11307 [pr-11309]: https://github.com/erlang/otp/pull/11309 [pr-11311]: https://github.com/erlang/otp/pull/11311 ### [`v29.0.2`](https://github.com/erlang/otp/releases/tag/OTP-29.0.2): OTP 29.0.2 [Compare Source](https://github.com/erlang/otp/compare/OTP-29.0.1...OTP-29.0.2) ``` Patch Package: OTP 29.0.2 Git Tag: OTP-29.0.2 Date: 2026-06-10 Trouble Report Id: OTP-20057, OTP-20149, OTP-20150, OTP-20151, OTP-20153, OTP-20154, OTP-20155, OTP-20156, OTP-20160, OTP-20161, OTP-20162, OTP-20163, OTP-20165, OTP-20166, OTP-20170, OTP-20172, OTP-20174, OTP-20178, OTP-20181 Seq num: CVE-2026-48855, CVE-2026-48856, CVE-2026-48858, CVE-2026-48859, CVE-2026-48860, CVE-2026-49759, CVE-2026-49760, GH-11104, GH-11105, GH-11152, GH-SA-24cv-hwgr-37fq, GH-SA-3w6p-vwhf-wvp4, GH-SA-6f4f-chj5-5g97, GH-SA-gp7x-mfv6-52cv, GH-SA-m75x-4vwg-ggjh, GH-SA-pv7g-pjrq-x2fh, GH-SA-xcxj-5pg2-v72j, PR-11141, PR-11145, PR-11146, PR-11148, PR-11154, PR-11157, PR-11168, PR-11181, PR-11186, PR-11192, PR-11193, PR-11195, PR-11199, PR-11205, PR-11212, PR-1234, PR-27384 System: OTP Release: 29 Application: dialyzer-6.0.1, diameter-2.7.1, erl_interface-5.8.1, erts-17.0.2, ftp-1.2.6, inets-9.7.1, kernel-11.0.2, mnesia-4.26.1, public_key-1.21.2, ssh-6.0.1, ssl-11.7.2, stdlib-8.0.1, tools-4.2.1 Predecessor: OTP 29.0.1 ``` Check out the git tag OTP-29.0.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp\_patch\_apply' tool. For information on install requirements, see descriptions for each application version below. ### dialyzer-6.0.1 The dialyzer-6.0.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fix native record bugs in Dialyzer Own Id: OTP-20178\ Related Id(s): [PR-11199] > #### Full runtime dependencies of dialyzer-6.0.1 > > compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax\_tools-2.0 ### diameter-2.7.1 The diameter-2.7.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed return value documentation of `diameter:service_info(SvcName, statistics)` Own Id: OTP-20150\ Related Id(s): [GH-11105], [PR-11146] > #### Full runtime dependencies of diameter-2.7.1 > > erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0 ### erl\_interface-5.8.1 The erl\_interface-5.8.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed stack overflow in `ei_s_print_term` for very big integer terms (> 2000 hexadecimal digits long). Own Id: OTP-20160\ Related Id(s): [GH-SA-xcxj-5pg2-v72j], [PR-11193], [CVE-2026-49760] ### erts-17.0.2 The erts-17.0.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - A buffer overflow error when parsing SCTP ERROR or ABORT chunks has been fixed. This could lead to stack corruption and VM crash, but ultimately with hard work by an attacker be refined into maybe even remote code execution. Own Id: OTP-20165\ Related Id(s): [GH-SA-6f4f-chj5-5g97], [PR-1234], [CVE-2026-49759] > #### Full runtime dependencies of erts-17.0.2 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### ftp-1.2.6 The ftp-1.2.6 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - FTP client default connections that use the so called passive mode of FTP fails to properly validating the response IP of the server, hence a malicious or compromised FTP server could redirect the data connection to an arbitrary host, enabling s server-side request forgery (SSRF) and FTP bounce attacks. Own Id: OTP-20166\ Related Id(s): [GH-SA-24cv-hwgr-37fq], [PR-11186], [CVE-2026-48858] > #### Full runtime dependencies of ftp-1.2.6 > > erts-7.0, kernel-6.0, runtime\_tools-1.15.1, ssl-10.2, stdlib-3.5 ### inets-9.7.1 The inets-9.7.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - The HTTP client (httpc) now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port. Previously these headers were forwarded verbatim, potentially leaking credentials to unintended targets. This follows the requirements of RFC 9110 §15.4. Own Id: OTP-20155\ Related Id(s): [GH-SA-m75x-4vwg-ggjh], [PR-11212], [CVE-2026-48856] > #### Full runtime dependencies of inets-9.7.1 > > erts-14.0, kernel-9.0, mnesia-4.12, public\_key-1.13, runtime\_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0 ### kernel-11.0.2 The kernel-11.0.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - gen\_tcp\_socket accept should explicitly inherit the same options as plain gen\_tcp. Own Id: OTP-20057 > #### Full runtime dependencies of kernel-11.0.2 > > crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0 ### mnesia-4.26.1 The mnesia-4.26.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed docs of `mnesia:write/3` to clarify when a transaction can terminate. Own Id: OTP-20149\ Related Id(s): [GH-11104], [PR-11145] > #### Full runtime dependencies of mnesia-4.26.1 > > erts-9.0, kernel-5.3, stdlib-5.0 ### public\_key-1.21.2 The public\_key-1.21.2 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Add missing macro reference for legacy algorithms md5 and sha224. This mainly improves error handling. Own Id: OTP-20172\ Related Id(s): [PR-11195] > #### Full runtime dependencies of public\_key-1.21.2 > > asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0 ### ssh-6.0.1 The ssh-6.0.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed a timing-based username enumeration vulnerability during password authentication with the user\_passwords option. A dummy PBKDF2 computation is now performed for invalid usernames to match the response time of valid ones. Own Id: OTP-20153\ Related Id(s): [GH-SA-3w6p-vwhf-wvp4], [PR-11157], [CVE-2026-48859] - Fixed SSH\_FXP\_READLINK handler in ssh\_sftpd to strip the backend root prefix from symlink targets before returning them to the client, preventing disclosure of the server's absolute filesystem path when the root option is configured. Own Id: OTP-20162\ Related Id(s): [GH-SA-pv7g-pjrq-x2fh], [PR-11192], [CVE-2026-48855] - Fixed a race condition where SSH keep-alive responses could consume pending channel open requests, causing channel setup to fail silently. Own Id: OTP-20181\ Related Id(s): [PR-11205] > #### Full runtime dependencies of ssh-6.0.1 > > crypto-5.7, erts-14.0, kernel-10.3, public\_key-1.6.1, runtime\_tools-1.15.1, stdlib-8.0 ### ssl-11.7.2 Note! The ssl-11.7.2 application *cannot* be applied independently of other applications on an arbitrary OTP 29 installation. ``` On a full OTP 29 installation, also the following runtime dependency has to be satisfied: -- public_key-1.21.1 (first satisfied in OTP 29.0.1) ``` #### Fixed Bugs and Malfunctions - Fix miscellanies issues that could cause unnecessary memory consumption and in some less common scenarios or configurations cause connection failures. Own Id: OTP-20154\ Related Id(s): [PR-11148] - Erlang distribution over TLS run with the kernel 'check\_ip' flag now properly enforce connecting nodes to be on the same LAN. Own Id: OTP-20156\ Related Id(s): [GH-SA-gp7x-mfv6-52cv], [PR-11181], [CVE-2026-48860] - Enhance error message, by fixing typo of atom in new error message related to \`public\_key\` CVE-2026-42790 solution. Own Id: OTP-20161\ Related Id(s): [PR-11148] - Corrected SNI handling for TLS-1.3 only server, could cause connection failures if supported signature algorithms where changed by SNI option update. Own Id: OTP-20174\ Related Id(s): [PR-27384] > #### Full runtime dependencies of ssl-11.7.2 > > crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public\_key-1.21.1, runtime\_tools-1.15.1, stdlib-7.0 ### stdlib-8.0.1 The stdlib-8.0.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fix a bug where a tuple record operation within a native record anonymous update can crash. Own Id: OTP-20151\ Related Id(s): [PR-11141] - Fixed some bugs in `io_lib:bformat/2` and native record printing. Own Id: OTP-20170\ Related Id(s): [PR-11154] > #### Full runtime dependencies of stdlib-8.0.1 > > compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, syntax\_tools-3.2.1 ### tools-4.2.1 The tools-4.2.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Xref could crash instead of returning an appropriate error tuple when asked to open a BEAM file without debug information but with a `moduledoc(false)` attribute. Own Id: OTP-20163\ Related Id(s): [GH-11152], [PR-11168] > #### Full runtime dependencies of tools-4.2.1 > > compiler-8.5, crypto-5.9, erts-15.0, kernel-10.0, public\_key-1.21, runtime\_tools-2.1, stdlib-6.0 ### Thanks to John Downey, Jonatan Männchen [cve-2026-48855]: https://nvd.nist.gov/vuln/detail/CVE-2026-48855 [cve-2026-48856]: https://nvd.nist.gov/vuln/detail/CVE-2026-48856 [cve-2026-48858]: https://nvd.nist.gov/vuln/detail/CVE-2026-48858 [cve-2026-48859]: https://nvd.nist.gov/vuln/detail/CVE-2026-48859 [cve-2026-48860]: https://nvd.nist.gov/vuln/detail/CVE-2026-48860 [cve-2026-49759]: https://nvd.nist.gov/vuln/detail/CVE-2026-49759 [cve-2026-49760]: https://nvd.nist.gov/vuln/detail/CVE-2026-49760 [gh-11104]: https://github.com/erlang/otp/issues/11104 [gh-11105]: https://github.com/erlang/otp/issues/11105 [gh-11152]: https://github.com/erlang/otp/issues/11152 [gh-sa-24cv-hwgr-37fq]: https://github.com/erlang/otp/issues/SA-24cv-hwgr-37fq [gh-sa-3w6p-vwhf-wvp4]: https://github.com/erlang/otp/issues/SA-3w6p-vwhf-wvp4 [gh-sa-6f4f-chj5-5g97]: https://github.com/erlang/otp/issues/SA-6f4f-chj5-5g97 [gh-sa-gp7x-mfv6-52cv]: https://github.com/erlang/otp/issues/SA-gp7x-mfv6-52cv [gh-sa-m75x-4vwg-ggjh]: https://github.com/erlang/otp/issues/SA-m75x-4vwg-ggjh [gh-sa-pv7g-pjrq-x2fh]: https://github.com/erlang/otp/issues/SA-pv7g-pjrq-x2fh [gh-sa-xcxj-5pg2-v72j]: https://github.com/erlang/otp/issues/SA-xcxj-5pg2-v72j [pr-11141]: https://github.com/erlang/otp/pull/11141 [pr-11145]: https://github.com/erlang/otp/pull/11145 [pr-11146]: https://github.com/erlang/otp/pull/11146 [pr-11148]: https://github.com/erlang/otp/pull/11148 [pr-11154]: https://github.com/erlang/otp/pull/11154 [pr-11157]: https://github.com/erlang/otp/pull/11157 [pr-11168]: https://github.com/erlang/otp/pull/11168 [pr-11181]: https://github.com/erlang/otp/pull/11181 [pr-11186]: https://github.com/erlang/otp/pull/11186 [pr-11192]: https://github.com/erlang/otp/pull/11192 [pr-11193]: https://github.com/erlang/otp/pull/11193 [pr-11195]: https://github.com/erlang/otp/pull/11195 [pr-11199]: https://github.com/erlang/otp/pull/11199 [pr-11205]: https://github.com/erlang/otp/pull/11205 [pr-11212]: https://github.com/erlang/otp/pull/11212 [pr-1234]: https://github.com/erlang/otp/pull/1234 [pr-27384]: https://github.com/erlang/otp/pull/27384 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate changed title from Update dependency erlang to v29.0.2 to chore(deps): update dependency erlang to v29.0.2 2026-06-11 09:00:12 +02:00
renovate changed title from chore(deps): update dependency erlang to v29.0.2 to Update dependency erlang to v29.0.2 2026-06-11 15:00:12 +02:00
renovate changed title from Update dependency erlang to v29.0.2 to chore(deps): update dependency erlang to v29.0.2 2026-06-13 00:00:11 +02:00
renovate changed title from chore(deps): update dependency erlang to v29.0.2 to Update dependency erlang to v29.0.2 2026-06-15 15:00:11 +02:00
renovate changed title from Update dependency erlang to v29.0.2 to chore(deps): update dependency erlang to v29.0.2 2026-06-18 09:00:11 +02:00
renovate changed title from chore(deps): update dependency erlang to v29.0.2 to Update dependency erlang to v29.0.2 2026-06-23 12:00:10 +02:00
renovate changed title from Update dependency erlang to v29.0.2 to chore(deps): update dependency erlang to v29.0.2 2026-06-29 00:00:13 +02:00
renovate changed title from chore(deps): update dependency erlang to v29.0.2 to chore(deps): update dependency erlang to v29.0.3 2026-07-02 18:00:21 +02:00
renovate force-pushed renovate/erlang-29.x from 799d966c53 to 20c2036189 2026-07-02 18:00:22 +02:00 Compare
renovate force-pushed renovate/erlang-29.x from 20c2036189 to e6ef7e2b4b 2026-07-04 21:19:46 +02:00 Compare
renovate force-pushed renovate/erlang-29.x from e6ef7e2b4b to 29c7ef2253 2026-07-06 07:40:01 +02:00 Compare
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/erlang-29.x:renovate/erlang-29.x
git switch renovate/erlang-29.x
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
inhji/hajur!169
No description provided.