Releases: erlang/otp
OTP 29.0-rc1
Inital Release: OTP 29.0
Git Tag: OTP-29.0
Date: 2026-02-11
Trouble Report Id: OTP-16607, OTP-19611, OTP-19643, OTP-19652,
OTP-19663, OTP-19672, OTP-19695, OTP-19708,
OTP-19709, OTP-19713, OTP-19734, OTP-19744,
OTP-19747, OTP-19750, OTP-19751, OTP-19763,
OTP-19764, OTP-19766, OTP-19775, OTP-19778,
OTP-19779, OTP-19783, OTP-19784, OTP-19785,
OTP-19786, OTP-19793, OTP-19800, OTP-19801,
OTP-19807, OTP-19809, OTP-19811, OTP-19815,
OTP-19822, OTP-19826, OTP-19834, OTP-19838,
OTP-19842, OTP-19853, OTP-19858, OTP-19866,
OTP-19874, OTP-19882, OTP-19887, OTP-19898,
OTP-19903, OTP-19906, OTP-19910, OTP-19912,
OTP-19917, OTP-19918, OTP-19919, OTP-19921,
OTP-19922, OTP-19925, OTP-19927, OTP-19930,
OTP-19932, OTP-19933, OTP-19934, OTP-19935,
OTP-19936, OTP-19938, OTP-19942, OTP-19943,
OTP-19949, OTP-19954, OTP-19956, OTP-19960,
OTP-19963, OTP-19964, OTP-19965, OTP-19966,
OTP-19968
Seq num: GH-10071, GH-10125, GH-10151, GH-10260,
GH-10341, GH-10345, GH-10558, GH-10559,
GH-10560, GH-10561, GH-10609, GH-8569,
GH-8993, GH-9822, OTP-16608, OTP-19827,
PR-10013, PR-10033, PR-10078, PR-10114,
PR-10115, PR-10126, PR-10134, PR-10144,
PR-10145, PR-10161, PR-10165, PR-10166,
PR-10168, PR-10187, PR-10189, PR-10193,
PR-10195, PR-10197, PR-10202, PR-10206,
PR-10207, PR-10209, PR-10213, PR-10218,
PR-10220, PR-10223, PR-10230, PR-10234,
PR-10253, PR-10269, PR-10276, PR-10277,
PR-10281, PR-10304, PR-10338, PR-10348,
PR-10372, PR-10382, PR-10387, PR-10417,
PR-10421, PR-10422, PR-10433, PR-10449,
PR-10453, PR-10510, PR-10511, PR-10514,
PR-10519, PR-10524, PR-10532, PR-10549,
PR-10554, PR-10556, PR-10566, PR-10568,
PR-10573, PR-10579, PR-10585, PR-10598,
PR-10601, PR-10613, PR-10615, PR-10617,
PR-10626, PR-10642, PR-10646, PR-10656,
PR-7118, PR-7315, PR-9115, PR-9125, PR-9134,
PR-9153, PR-9209, PR-9223, PR-9374, PR-9475,
PR-9790, PR-9864, PR-9866, PR-9894, PR-9899,
PR-9934, PR-9984
System: OTP
Release: 29
Application: asn1-5.5, common_test-1.30, compiler-10.0,
crypto-5.9, debugger-6.1, dialyzer-6.0,
diameter-2.7, edoc-1.5, eldap-1.3,
erl_interface-5.7, erts-17.0, et-1.8,
eunit-2.11, ftp-1.3, inets-9.6,
jinterface-1.16, kernel-11.0, megaco-4.9,
mnesia-4.26, observer-2.19, odbc-2.17,
os_mon-2.12, parsetools-2.8, public_key-1.21,
reltool-1.1, runtime_tools-2.4, sasl-4.4,
snmp-5.21, ssh-5.5, ssl-11.5.2, stdlib-8.0,
syntax_tools-4.1, tftp-1.3, tools-4.2,
wx-2.6, xmerl-2.2
Predecessor: OTP
Check out the git tag OTP-29.0, and build a full OTP system including documentation.
HIGHLIGHTS
-
The JIT now generates better code for matching or creating binaries with multiple little-endian segments.
Own Id: OTP-19747
Application(s): erts
Related Id(s): [PR-10126] -
In the documentation for the [
compile] module, a section has been added with recommendations for implementors of languages running on the BEAM. Documentation has also been added for theto_abstr,to_exp, andfrom_abstroptions.The documentation for [erlc] now lists
.abstras one of the supported options.When compiling with the
to_abstroption, the resulting.abstrfile now retains any-docattributes present in the source code.Own Id: OTP-19784
Application(s): compiler, erts
Related Id(s): [PR-10230], [PR-10234] -
Native records as described in EEP-79 has been implemented.
A native record is a data structure similar to the traditional tuple-based records, except that is a true data type.
Native records are considered experimental in Erlang/OTP 29 and possibly also in Erlang/OTP 30, meaning that their behavior may change, potentially requiring updates to applications that use them.
Own Id: OTP-19785
Application(s): compiler, dialyzer, erts, stdlib
Related Id(s): [PR-10617] -
The guard BIF
is_integer/3has been added. It follows the design of the original EEP-16, only changing the name fromis_betweentois_integer. This BIF takes in 3 parameters,Term,LowerBound, andUpperBound.It returns
trueifTerm,LowerBound, andUpperBoundare all integers, andLowerBound =< Term =< UpperBound; otherwise, it returns false.Example:
1> I = 42. 2> is_integer(I, 0, 100). true
Own Id: OTP-19809
Application(s): compiler, dialyzer, erts
Related Id(s): [PR-10276] -
There are new functions for random permutation of a list:
rand:shuffle/1andrand:shuffle_s/2. They are inspired by a suggestion and discussion on ErlangForums.Own Id: OTP-19826
Application(s): stdlib
Related Id(s): [PR-10281] -
In the default code path for the Erlang system, the current working directory (
.) is now in the last position instead of the first.Own Id: OTP-19842
Application(s): erts, kernel*** POTENTIAL INCOMPATIBILITY ***
-
Function application is now left associative. That means one can now write:
f(X)(Y)instead of:
(f(X))(Y)Own Id: OTP-19866
Application(s): compiler
Related Id(s): [PR-9223] -
There will now be a warning when exporting variables out of a subexpression. For example:
case file:open(File, AllOpts = [write,{encoding,utf8}]) of {ok,Fd} -> {Fd,AllOpts} endTo avoid the warning, this can be rewritten to:
AllOpts = [write,{encoding,utf8}], case file:open(File, AllOpts) of {ok,Fd} -> {Fd,AllOpts} endThe warning can be suppressed by giving option
nowarn_export_var_subexprto the compiler.Own Id: OTP-19898
Application(s): compiler, stdlib
Related Id(s): [PR-9134] -
By default, the compiler will now warn for uses of the
andandoroperators.This warning can be suppressed using the
nowarn_obsolete_bool_opcompiler option.Own Id: OTP-19918
Application(s): compiler
Related Id(s): [PR-9115] -
Before Erlang/OTP 29, attempting to bind variables in a comprehension would compile successfully but fail at runtime. Example:
1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). * exception error: bad filter 2614250In Erlang/OTP 29, attempting to bind a variable in a comprehension will fail by default:
1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. * 5:14: matches using '=' are not allowed in comprehension qualifiers unless the experimental 'compr_assign' language feature is enabled. With 'compr_assign' enabled, a match 'P = E' will behave as a strict generator 'P <-:- [E]'."However, this example will work as expected if the
compr_assignfeature is enabled when starting the runtime system:$ erl -enable-feature compr_assign . . . 1> fh(List) -> [H || E <- List, H = erlang:phash2(E), H rem 10 =:= 0]. ok 2> fh(lists:seq(1, 10)). [2614250]Here is another example how
compr_assigncan be used:-module(example). -feature(compr_assign, enable). -export([cat/1]). cat(Files) -> [Char || F <- Files, {ok, Bin} = file:read_file(F), Char <- unicode:characters_to_list(Bin)].Own Id: OTP-19927
Application(s): compiler, stdlib
Related Id(s): [PR-9153]*** POTENTIAL INCOMPATIBILITY ***
-
There will now be a warning when using the
catchoperator, which has been deprecated for a long time.It is recommended to instead use
try...catchbut is also possible to disable the warning by using thenowarn_deprecated_catchoption.Own Id: OTP-19938
Application(s): compiler, stdlib
Related Id(s): [PR-10421] -
Multi-valued comprehensions according to [EEP 78] has been implemented.
Example:
> [I, -I || I <- lists:seq(1, 5)]. [1,-1,2,-2,3,-3,4,-4,5,-5]
Own Id: OTP-19942
Application(s): compiler, debugger, stdlib, syntax_tools
Related Id(s): [PR-9374] -
There will now be a warning for matches that unify constructors, such as the following:
m({a,B} = {Y,Z}) -> . . .Such a match can be rewritten to:
m({a=Y,B=B}) -> . . .The compiler option
nowarn_match_alias_patscan be used to disable the warning.Own Id: OTP-19943
Application(s): compiler, stdlib
Related Id(s): [PR-10433] -
There is no longer a 32-bit Erlang/OTP build for Windows.
Own Id: OTP-19960
Application(s): otp -
The default key exchange algorithm is now mlkem768x25519-sha256, a hybrid quantum-resistant algorithm combining ML-KEM-768 with X25519. This provides protection against both classical and quantum computer attacks while maintaining ba...
OTP 27.3.4.7
=== OTP-27.3.4.7 === Changed Applications: - compiler-8.6.1.3 - erts-15.2.7.5 - megaco-4.7.2.1 - mnesia-4.23.5.1 - ssl-11.2.12.5 - xmerl-2.1.3.3 Unchanged Applications: - asn1-5.3.4.2 - common_test-1.27.7 - crypto-5.5.3 - debugger-5.5.0.1 - dialyzer-5.3.1 - diameter-2.4.1.1 - edoc-1.3.2 - eldap-1.2.14.1 - erl_interface-5.5.2 - et-1.7.1 - eunit-2.9.1 - ftp-1.2.3 - inets-9.3.2.2 - jinterface-1.14.1 - kernel-10.2.7.3 - observer-2.17 - odbc-2.15 - os_mon-2.10.1 - parsetools-2.6 - public_key-1.17.1.1 - reltool-1.0.1 - runtime_tools-2.1.1 - sasl-4.2.2 - snmp-5.18.2 - ssh-5.2.11.4 - stdlib-6.2.2.2 - syntax_tools-3.2.2.2 - tftp-1.2.2 - tools-4.1.1 - wx-2.4.3.1
OTP 28.3.1
Patch Package: OTP 28.3.1
Git Tag: OTP-28.3.1
Date: 2026-01-14
Trouble Report Id: OTP-19762, OTP-19795, OTP-19890, OTP-19891,
OTP-19893, OTP-19896, OTP-19897
Seq num: ERIERL-1260, ERIERL-1268, PR-10437, PR-10458,
PR-10465, PR-10480, PR-10481, PR-10482
System: OTP
Release: 28
Application: megaco-4.8.2, mnesia-4.25.1,
public_key-1.20.1, ssl-11.5.1, xmerl-2.1.8
Predecessor: OTP 28.3
Check out the git tag OTP-28.3.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
megaco-4.8.2
The megaco-4.8.2 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
The megaco_tcp module had debug unintentionally enabled.
Own Id: OTP-19896
Full runtime dependencies of megaco-4.8.2
asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5
mnesia-4.25.1
The mnesia-4.25.1 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Fixed bug where
mnesia:del_table_copy/3could fail when deleting a node that had tables which was not active anywhere.Own Id: OTP-19890
Related Id(s): ERIERL-1268, PR-10482
Full runtime dependencies of mnesia-4.25.1
erts-9.0, kernel-5.3, stdlib-5.0
public_key-1.20.1
Note! The public_key-1.20.1 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.
On a full OTP 28 installation, also the following runtime
dependency has to be satisfied:
-- crypto-5.8 (first satisfied in OTP 28.3)
Fixed Bugs and Malfunctions
-
Add missing git ignore for SLH-DSA generates.
Own Id: OTP-19897
Related Id(s): PR-10458
Full runtime dependencies of public_key-1.20.1
asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0
ssl-11.5.1
Note! The ssl-11.5.1 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.
On a full OTP 28 installation, also the following runtime
dependencies have to be satisfied:
-- crypto-5.8 (first satisfied in OTP 28.3)
-- public_key-1.18.3 (first satisfied in OTP 28.1)
Fixed Bugs and Malfunctions
-
Correct TLS-1.3 alert handling so server will always send the alert with the encryption keys that the client is expecting, that is if for instance if client certification fails the alert will be sent using application traffic encryption keys.
Own Id: OTP-19795
Related Id(s): PR-10465 -
Correct TLS-1.3 session tickets documentation.
Own Id: OTP-19891
Related Id(s): PR-10481 -
Corrected app environment handling for session callback that was broken In OTP-23.
Own Id: OTP-19893
Related Id(s): PR-10480
Full runtime dependencies of ssl-11.5.1
crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.18.3, runtime_tools-1.15.1, stdlib-7.0
xmerl-2.1.8
The xmerl-2.1.8 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
XML regular expressions in XSD validation now handle
\sand\Scorrectly.Own Id: OTP-19762
Related Id(s): ERIERL-1260, PR-10437
Full runtime dependencies of xmerl-2.1.8
erts-6.0, kernel-8.4, stdlib-2.5
Thanks to
Maria Scott
OTP 28.3
Patch Package: OTP 28.3
Git Tag: OTP-28.3
Date: 2025-12-10
Trouble Report Id: OTP-16607, OTP-19066, OTP-19626, OTP-19717,
OTP-19738, OTP-19743, OTP-19767, OTP-19769,
OTP-19777, OTP-19787, OTP-19789, OTP-19794,
OTP-19797, OTP-19798, OTP-19802, OTP-19803,
OTP-19805, OTP-19808, OTP-19812, OTP-19814,
OTP-19819, OTP-19821, OTP-19823, OTP-19828,
OTP-19829, OTP-19833, OTP-19835, OTP-19836,
OTP-19837, OTP-19840, OTP-19841, OTP-19843,
OTP-19847, OTP-19848, OTP-19850, OTP-19852,
OTP-19854, OTP-19855, OTP-19856, OTP-19857,
OTP-19859, OTP-19862, OTP-19863, OTP-19867,
OTP-19869, OTP-19870, OTP-19872, OTP-19873,
OTP-19875, OTP-19876, OTP-19877, OTP-19878,
OTP-19879, OTP-19880, OTP-19883, OTP-19884,
OTP-19885, OTP-19888
Seq num: ERIERL-1251, GH-10254, GH-10255, GH-10280,
GH-10282, GH-10294, GH-10299, GH-10322,
GH-10330, GH-10347, GH-10367, GH-10368,
GH-10404, GH-10432, GH-8235, GH-8329,
GH-9997, OTP-16608, OTP-19814, PR-10064,
PR-10128, PR-10149, PR-10177, PR-10186,
PR-10216, PR-10231, PR-10232, PR-10236,
PR-10237, PR-10242, PR-10252, PR-10256,
PR-10257, PR-10262, PR-10268, PR-10275,
PR-10283, PR-10288, PR-10307, PR-10308,
PR-10309, PR-10314, PR-10315, PR-10317,
PR-10321, PR-10323, PR-10326, PR-10333,
PR-10335, PR-10344, PR-10349, PR-10353,
PR-10362, PR-10364, PR-10369, PR-10374,
PR-10379, PR-10383, PR-10388, PR-10390,
PR-10391, PR-10394, PR-10398, PR-10405,
PR-10406, PR-10410, PR-10428, PR-10435,
PR-10439, PR-10452, PR-8309, PR-9983
System: OTP
Release: 28
Application: common_test-1.29.1, compiler-9.0.4,
crypto-5.8, diameter-2.6,
erl_interface-5.6.2, erts-16.2, eunit-2.10.1,
inets-9.5, kernel-10.5, mnesia-4.25,
os_mon-2.11.2, public_key-1.20, snmp-5.20,
ssh-5.4, ssl-11.5, stdlib-7.2, wx-2.5.3
Predecessor: OTP 28.2
Check out the git tag OTP-28.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
HIGHLIGHTS
-
Add support for MLKEM hybrid algorithms x25519mlkem768, secp384r1mlkem1024, secp256r1mlkem768 in TLS-1.3
Own Id: OTP-19767
Application(s): ssl
Related Id(s): [PR-10262] -
Support for the socket options TCP_KEEPCNT, TCP_KEEPIDLE, and TCP_KEEPINTVL have been implemented for
gen_tcp, as well as TCP_USER_TIMEOUT for bothgen_tcpandsocket.Own Id: OTP-19857
Application(s): erts, kernel
Related Id(s): [PR-10390], OTP-19814 -
Add support in public_key and ssl for post quantum algorithm SLH-DSA.
Own Id: OTP-19867
Application(s): public_key, ssl
Related Id(s): [PR-10398] -
Publish OpenVEX statements in https://erlang.org/download/vex/
OpenVEX statements contain the same information as the OTP advisories, with the addition of vendor CVEs for which Erlang/OTP is not affected. This is important to silence vulnerability scanners that may claim Erlang/OTP to be vulnerable to vendor dependency projects, e.g.,
openssl.OpenVEX statements will be published in https://erlang.org/download/vex/ where there will be an OTP file per release, e.g., https://erlang.org/download/vex/otp-28.openvex.json.
Erlang/OTP publishes OpenVEX statements for all supported releases, that is, as of today, OTP-26, OTP-27, and OTP-28.
The source SBOM tooling (oss-review-toolkit) has been updated to produce source SBOM in SPDX v2.3 format, and the source SBOM now links OpenVEX statements to a security external reference. This means that by simply analyzing the source SBOM, everyone can further read the location of the OpenVEX statements and further process them.
Own Id: OTP-19878
Application(s): otp
Related Id(s): [PR-10428], [PR-10452]
POTENTIAL INCOMPATIBILITIES
-
Adjustment in ssh_file module allowing inclusion of Erlang/OTP license in test files containing keys.
Own Id: OTP-19743
Application(s): ssh
Related Id(s): [PR-10177]
OTP-28.3
Fixed Bugs and Malfunctions
-
Broken sidebar application index, for all OTP applications, are restored.
Own Id: OTP-19877
Related Id(s): ERIERL-1251, [PR-10410]
Improvements and New Features
-
Updated the vendor dependencies SHA to improve the accuracy of the source SBOM with
purlpointing to the exact vendor commit that Erlang/OTP builds upon.Own Id: OTP-19777
Related Id(s): [PR-10216] -
OpenVEX statements has been added to rule out false positives on vendor dependencies: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
Own Id: OTP-19802
Related Id(s): [GH-10254], [GH-10255], [PR-10256] -
The
mnesia_registrymodule will be removed in Erlang/OTP 29.Own Id: OTP-19808
Related Id(s): [PR-10275] -
Publish OpenVEX statements in https://erlang.org/download/vex/
OpenVEX statements contain the same information as the OTP advisories, with the addition of vendor CVEs for which Erlang/OTP is not affected. This is important to silence vulnerability scanners that may claim Erlang/OTP to be vulnerable to vendor dependency projects, e.g.,
openssl.OpenVEX statements will be published in https://erlang.org/download/vex/ where there will be an OTP file per release, e.g., https://erlang.org/download/vex/otp-28.openvex.json.
Erlang/OTP publishes OpenVEX statements for all supported releases, that is, as of today, OTP-26, OTP-27, and OTP-28.
The source SBOM tooling (oss-review-toolkit) has been updated to produce source SBOM in SPDX v2.3 format, and the source SBOM now links OpenVEX statements to a security external reference. This means that by simply analyzing the source SBOM, everyone can further read the location of the OpenVEX statements and further process them.
Own Id: OTP-19878
Related Id(s): [PR-10428], [PR-10452]*** HIGHLIGHT ***
common_test-1.29.1
The common_test-1.29.1 application can be applied independently of other applications on a full OTP 28 installation.
Improvements and New Features
-
Updated the vendor dependencies SHA to improve the accuracy of the source SBOM with
purlpointing to the exact vendor commit that Erlang/OTP builds upon.Own Id: OTP-19777
Related Id(s): [PR-10216]
Full runtime dependencies of common_test-1.29.1
compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
compiler-9.0.4
The compiler-9.0.4 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
For some function heads or
caseexpressions with a huge number of clauses, the compiler could spend an inordinate amount of time compiling the code.Own Id: OTP-19797
Related Id(s): [PR-10252] -
Passing a type for a fun as a macro argument would result in a "badly formed argument" error message from the compiler. Example:
-module(test). -define(FOO(X), X). -type foo() :: ?FOO(fun(() -> ok)).Compiling this module would result in the following error message:
test.erl:3:17: badly formed argument for macro 'FOO' % 5| -type foo() :: ?FOO(fun(() -> ok)). %Own Id: OTP-19821
Related Id(s): [GH-10280], [PR-10309] -
In certain edge cases, the compiler could emit code that would do an unsafe destructive update of a tuple. This has been corrected.
Own Id: OTP-19879
Related Id(s): [GH-10367], [PR-10435]
Improvements and New Features
-
The compiler option
beam_debug_stackcombined withbeam_debug_infowill attempt to make as many variables as possible visible in the debugger. The option has no effect if given withoutbeam_debug_info.Own Id: OTP-19854
Related Id(s): [PR-10374]
Full runtime dependencies of compiler-9.0.4
crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0
crypto-5.8
The crypto-5.8 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
The deprecated function
crypto:rand_uniform/2has gotten a new replacement functioncrypto:strong_rand_range/1. When implementing this the documentation ofcryptoandrandhas been rewritten a bit and improved.Own Id: OTP-19841
Related Id(s): [PR-10344]
Improvements and New Features
-
You can now build OTP with OpenSSL 3.5 or later on windows.
Own Id: OTP-19848
-
Added SLH-DSA algorithms for sign/verify. Twelve variants supported in total; all combinations of SHAKE or SHA2 hashing, with 128, 192 or 256 bits, and fast(
f) or small(s).Own Id: OTP-19856
Related Id(s): [PR-10268] -
Made
crypto:generate_key(dh, [P, G, MaxPrivateKeyBitLength])accept values ofMaxPrivateKeyBitLengthto be equal or larger than the bit length ofP. If so, the maximum bit length is adjusted down toP's bit length minus one.Own Id: OTP-19872
Related Id(s): [PR-10394]
Full runtime dependencies of crypto-5.8
erts-9.0, k...
OTP 28.2
Patch Package: OTP 28.2
Git Tag: OTP-28.2
Date: 2025-11-24
Trouble Report Id: OTP-19813, OTP-19817, OTP-19818, OTP-19825,
OTP-19830, OTP-19832, OTP-19839, OTP-19845,
OTP-19846, OTP-19861, OTP-19865
Seq num: ERIERL-1251, ERIERL-1273, GH-10119, GH-10354,
PR-10284, PR-10290, PR-10296, PR-10339,
PR-10350, PR-10358, PR-10359, PR-10386,
PR-10396
System: OTP
Release: 28
Application: compiler-9.0.3, erts-16.1.2, kernel-10.4.2,
public_key-1.19, ssh-5.3.4, ssl-11.4.2,
syntax_tools-4.0.2
Predecessor: OTP 28.1.1
Check out the git tag OTP-28.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
compiler-9.0.3
The compiler-9.0.3 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Fixed broken type inference for lists:mapfoldl/r.
Full runtime dependencies of compiler-9.0.3
crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0
erts-16.1.2
The erts-16.1.2 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Fixed a JIT bug that could miscompile equality tests on empty bitstrings.
Own Id: OTP-19846
Related Id(s): PR-10359 -
The documentation building code produced warnings during the build, if none of the applications were skipped. The warnings were resolved.
Own Id: OTP-19865
Related Id(s): ERIERL-1251, PR-10396
Full runtime dependencies of erts-16.1.2
kernel-9.0, sasl-3.3, stdlib-4.1
kernel-10.4.2
The kernel-10.4.2 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Fixed a race condition when registering the standard error process.
Own Id: OTP-19832
Related Id(s): PR-10290
Full runtime dependencies of kernel-10.4.2
crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0
public_key-1.19
Note! The public_key-1.19 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.
On a full OTP 28 installation, also the following runtime
dependency has to be satisfied:
-- crypto-5.7 (first satisfied in OTP 28.1)
Improvements and New Features
-
Added support for the Public-Key Infrastructure Certificate Management Protocol (PKICMP) ASN.1 specification.
Own Id: OTP-19861
Related Id(s): PR-10386
Full runtime dependencies of public_key-1.19
asn1-5.0, crypto-5.7, erts-13.0, kernel-8.0, stdlib-4.0
ssh-5.3.4
The ssh-5.3.4 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
With this change user space buffers are used to limit ssh hello message size instead of kernel buffers
Own Id: OTP-19839
Related Id(s): ERIERL-1273, PR-10350
Full runtime dependencies of ssh-5.3.4
crypto-5.0, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0
ssl-11.4.2
Note! The ssl-11.4.2 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.
On a full OTP 28 installation, also the following runtime
dependencies have to be satisfied:
-- crypto-5.7 (first satisfied in OTP 28.1)
-- public_key-1.18.3 (first satisfied in OTP 28.1)
Fixed Bugs and Malfunctions
-
Graceful error handling added in negative test scenario.
Own Id: OTP-19813
Related Id(s): PR-10284 -
Handle duplicate change_cipher_spec message with an unexpected message alert instead of failing later in corrupted state.
Own Id: OTP-19818
Related Id(s): PR-10296 -
Make sure TLS-1.3 protocol spec is followed, that is psk-hello extension is guaranteed to be included as the last extension in the list of client hello extensions and internal hello message truncation in handshake history is handled correctly, the previous handling could cause interoperability issues.
Own Id: OTP-19825
Related Id(s): PR-10296 -
If two certificate massages are sent to the server generate an unexpected message alert for the second one.
Own Id: OTP-19830
Related Id(s): PR-10339
Full runtime dependencies of ssl-11.4.2
crypto-5.7, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.18.3, runtime_tools-1.15.1, stdlib-7.0
syntax_tools-4.0.2
The syntax_tools-4.0.2 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Annotate map comprehensions and generators
Own Id: OTP-19817
Related Id(s): GH-10119
Full runtime dependencies of syntax_tools-4.0.2
compiler-9.0, erts-16.0, kernel-10.3, stdlib-7.0
Thanks to
Dmytro Lytovchenko, Nelson Vides
OTP 27.3.4.6
Patch Package: OTP 27.3.4.6
Git Tag: OTP-27.3.4.6
Date: 2025-11-14
Trouble Report Id: OTP-19814, OTP-19843
Seq num: PR-10353
System: OTP
Release: 27
Application: erts-15.2.7.4, kernel-10.2.7.3, wx-2.4.3.1
Predecessor: OTP 27.3.4.5
Check out the git tag OTP-27.3.4.6, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
erts-15.2.7.4
The erts-15.2.7.4 application can be applied independently of other applications on a full OTP 27 installation.
Improvements and New Features
-
Option(s) to create
gen_tcpandsocketsockets with protocol IPPROTO_MPTCP has been implemented.See functions
gen_tcp:listen/2,gen_tcp:connect/4and the typesocket:protocol/0.Own Id: OTP-19814
Full runtime dependencies of erts-15.2.7.4
kernel-9.0, sasl-3.3, stdlib-4.1
kernel-10.2.7.3
Note! The kernel-10.2.7.3 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- erts-15.2.5 (first satisfied in OTP 27.3.2)
Improvements and New Features
-
Option(s) to create
gen_tcpandsocketsockets with protocol IPPROTO_MPTCP has been implemented.See functions
gen_tcp:listen/2,gen_tcp:connect/4and the typesocket:protocol/0.Own Id: OTP-19814
Full runtime dependencies of kernel-10.2.7.3
crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0
wx-2.4.3.1
The wx-2.4.3.1 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Fixed reading out of array bounds and potential memory leaks.
Own Id: OTP-19843
Related Id(s): PR-10353
Full runtime dependencies of wx-2.4.3.1
erts-12.0, kernel-8.0, stdlib-5.0
OTP 27.3.4.5
Patch Package: OTP 27.3.4.5
Git Tag: OTP-27.3.4.5
Date: 2025-11-07
Trouble Report Id: OTP-19828, OTP-19835, OTP-19839
Seq num: ERIERL-1273, PR-10242, PR-10333, PR-10350
System: OTP
Release: 27
Application: inets-9.3.2.2, ssh-5.2.11.4, ssl-11.2.12.4
Predecessor: OTP 27.3.4.4
Check out the git tag OTP-27.3.4.5, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
inets-9.3.2.2
The inets-9.3.2.2 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Fixed uri_string:uri_string() to string() type specs inside httpc.erl module.
Own Id: OTP-19835
Related Id(s): PR-10242
Full runtime dependencies of inets-9.3.2.2
erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-6.0
ssh-5.2.11.4
The ssh-5.2.11.4 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
With this change user space buffers are used to limit ssh hello message size instead of kernel buffers
Own Id: OTP-19839
Related Id(s): ERIERL-1273, PR-10350
Full runtime dependencies of ssh-5.2.11.4
crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0
ssl-11.2.12.4
Note! The ssl-11.2.12.4 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.16.4 (first satisfied in OTP 27.1.3)
Fixed Bugs and Malfunctions
-
Correct documentation for fail_if_no_peer_cert option.
Own Id: OTP-19828
Related Id(s): PR-10333
Full runtime dependencies of ssl-11.2.12.4
crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0
Thanks to
Marcelino Alberdi Pereira
OTP 26.2.5.16
Patch Package: OTP 26.2.5.16
Git Tag: OTP-26.2.5.16
Date: 2025-11-07
Trouble Report Id: OTP-19790, OTP-19791, OTP-19799, OTP-19803,
OTP-19806, OTP-19817, OTP-19825, OTP-19828,
OTP-19835, OTP-19839
Seq num: ERIERL-1273, GH-10119, PR-10241, PR-10242,
PR-10245, PR-10257, PR-10274, PR-10296,
PR-10333, PR-10350, PR-9970
System: OTP
Release: 26
Application: erts-14.2.5.12, inets-9.1.0.4, ssh-5.1.4.13,
ssl-11.1.4.10, syntax_tools-3.1.0.1
Predecessor: OTP 26.2.5.15
Check out the git tag OTP-26.2.5.16, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- erts-14.2.5.12 --------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.5.12 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19790 Application(s): erts
Related Id(s): PR-9970
Fixed the erl documentation of the default timewarp
mode used.
OTP-19799 Application(s): erts
Related Id(s): PR-10241
The erlang:suspend_process() BIFs failed to suspend
processes currently executing on dirty schedulers.
OTP-19803 Application(s): erts
Related Id(s): PR-10257
When multiple processes called the same fun whose
defining module was not loaded, a badfun exception
could sometimes occur in one of the calling processes.
This would only happen with the JIT runtime system.
Full runtime dependencies of erts-14.2.5.12: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- inets-9.1.0.4 ---------------------------------------------------
---------------------------------------------------------------------
The inets-9.1.0.4 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19835 Application(s): inets
Related Id(s): PR-10242
Fixed uri_string:uri_string() to string() type specs
inside httpc.erl module.
Full runtime dependencies of inets-9.1.0.4: erts-14.0, kernel-9.0,
mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0,
stdlib-5.0, stdlib-5.0
---------------------------------------------------------------------
--- ssh-5.1.4.13 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.4.13 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19839 Application(s): ssh
Related Id(s): ERIERL-1273, PR-10350
With this change user space buffers are used to limit
ssh hello message size instead of kernel buffers
Full runtime dependencies of ssh-5.1.4.13: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
--- ssl-11.1.4.10 ---------------------------------------------------
---------------------------------------------------------------------
The ssl-11.1.4.10 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19791 Application(s): ssl
Related Id(s): PR-10245
Assert that hello extensions are unique and send an
illegal parameter alert if they are not.
OTP-19806 Application(s): ssl
Related Id(s): PR-10274
Avoid sending an internal message to the user process
in conjunction with handling a key update.
OTP-19825 Application(s): ssl
Related Id(s): PR-10296
Make sure TLS-1.3 protocol spec is followed, that is
psk-hello extension is guaranteed to be included as the
last extension in the list of client hello extensions
and internal hello message truncation in handshake
history is handled correctly, the previous handling
could cause interoperability issues.
OTP-19828 Application(s): ssl
Related Id(s): PR-10333
Correct documentation for fail_if_no_peer_cert option.
Full runtime dependencies of ssl-11.1.4.10: crypto-5.0, erts-14.0,
inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-4.1
---------------------------------------------------------------------
--- syntax_tools-3.1.0.1 --------------------------------------------
---------------------------------------------------------------------
The syntax_tools-3.1.0.1 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19817 Application(s): syntax_tools
Related Id(s): GH-10119
Annotate map comprehensions and generators
Full runtime dependencies of syntax_tools-3.1.0.1: compiler-7.0,
erts-9.0, kernel-5.0, stdlib-4.0
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
Daniel Gorin, Marcelino Alberdi Pereira
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
OTP 27.3.4.4
Patch Package: OTP 27.3.4.4
Git Tag: OTP-27.3.4.4
Date: 2025-10-28
Trouble Report Id: OTP-19768, OTP-19774, OTP-19790, OTP-19791,
OTP-19792, OTP-19799, OTP-19803, OTP-19806,
OTP-19813, OTP-19817, OTP-19818, OTP-19825
Seq num: ERERL-1261, GH-10119, GH-10150, GH-10191,
PR-10182, PR-10201, PR-10241, PR-10245,
PR-10249, PR-10257, PR-10274, PR-10284,
PR-10296, PR-9970
System: OTP
Release: 27
Application: diameter-2.4.1.1, erts-15.2.7.3,
ssl-11.2.12.3, syntax_tools-3.2.2.2,
xmerl-2.1.3.2
Predecessor: OTP 27.3.4.3
Check out the git tag OTP-27.3.4.4, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
diameter-2.4.1.1
The diameter-2.4.1.1 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Added documentation about 'proxy' and 'resend' options in diameter:handle_request/3
Full runtime dependencies of diameter-2.4.1.1
erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0
erts-15.2.7.3
The erts-15.2.7.3 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Fixed the
erldocumentation of the default timewarp mode used.Own Id: OTP-19790
Related Id(s): PR-9970 -
The
erlang:suspend_process()BIFs failed to suspend processes currently executing on dirty schedulers.Own Id: OTP-19799
Related Id(s): PR-10241 -
When multiple processes called the same fun whose defining module was not loaded, a
badfunexception could sometimes occur in one of the calling processes. This would only happen with the JIT runtime system.Own Id: OTP-19803
Related Id(s): PR-10257
Full runtime dependencies of erts-15.2.7.3
kernel-9.0, sasl-3.3, stdlib-4.1
ssl-11.2.12.3
Note! The ssl-11.2.12.3 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.16.4 (first satisfied in OTP 27.1.3)
Fixed Bugs and Malfunctions
-
Fixed so that sending of application data will adhere to max_fragment_length. This was broken in OTP-27 release by an optimization.
-
Assert that hello extensions are unique and send an illegal parameter alert if they are not.
Own Id: OTP-19791
Related Id(s): PR-10245 -
Avoid sending an internal message to the user process in conjunction with handling a key update.
Own Id: OTP-19806
Related Id(s): PR-10274 -
Graceful error handling added in negative test scenario.
Own Id: OTP-19813
Related Id(s): PR-10284 -
Handle duplicate change_cipher_spec message with an unexpected message alert instead of failing later in corrupted state.
Own Id: OTP-19818
Related Id(s): PR-10296 -
Make sure TLS-1.3 protocol spec is followed, that is psk-hello extension is guaranteed to be included as the last extension in the list of client hello extensions and internal hello message truncation in handshake history is handled correctly, the previous handling could cause interoperability issues.
Own Id: OTP-19825
Related Id(s): PR-10296
Full runtime dependencies of ssl-11.2.12.3
crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0
syntax_tools-3.2.2.2
The syntax_tools-3.2.2.2 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
Annotate map comprehensions and generators
Own Id: OTP-19817
Related Id(s): GH-10119
Full runtime dependencies of syntax_tools-3.2.2.2
compiler-7.0, erts-9.0, kernel-5.0, stdlib-4.0
xmerl-2.1.3.2
The xmerl-2.1.3.2 application can be applied independently of other applications on a full OTP 27 installation.
Fixed Bugs and Malfunctions
-
The XSD validation failed due to not handling the optional text blocks correctly in an XSD complex type with attribute
mixed=true.Own Id: OTP-19792
Related Id(s): PR-10249, ERERL-1261
Full runtime dependencies of xmerl-2.1.3.2
erts-6.0, kernel-8.4, stdlib-2.5
Thanks to
Daniel Gorin, Jean-Philippe Jodoin
OTP 28.1.1
Patch Package: OTP 28.1.1
Git Tag: OTP-28.1.1
Date: 2025-10-20
Trouble Report Id: OTP-19768, OTP-19771, OTP-19774, OTP-19780,
OTP-19790, OTP-19791, OTP-19792, OTP-19796,
OTP-19799, OTP-19806
Seq num: ERERL-1261, ERIERL-1251, ERIERL-1264,
GH-10150, GH-10191, GH-10212, GH-10217,
PR-10182, PR-10194, PR-10201, PR-10221,
PR-10241, PR-10245, PR-10248, PR-10249,
PR-10274, PR-9970
System: OTP
Release: 28
Application: diameter-2.5.2, erts-16.1.1, kernel-10.4.1,
ssl-11.4.1, xmerl-2.1.7
Predecessor: OTP 28.1
Check out the git tag OTP-28.1.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.
OTP-28.1.1
Improvements and New Features
-
When building OTP, some applications may be skipped due to lacking dependencies, or due to user choice. Such skipped applications are excluded from the docs build step and a placeholder page is displayed in their stead.
Own Id: OTP-19771
Related Id(s): ERIERL-1251, PR-10194
diameter-2.5.2
The diameter-2.5.2 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Added documentation about 'proxy' and 'resend' options in diameter:handle_request/3
Full runtime dependencies of diameter-2.5.2
erts-10.0, kernel-3.2, ssl-9.0, stdlib-5.0
erts-16.1.1
The erts-16.1.1 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
Fixed the
erldocumentation of the default timewarp mode used.Own Id: OTP-19790
Related Id(s): PR-9970 -
The
erlang:suspend_process()BIFs failed to suspend processes currently executing on dirty schedulers.Own Id: OTP-19799
Related Id(s): PR-10241
Full runtime dependencies of erts-16.1.1
kernel-9.0, sasl-3.3, stdlib-4.1
kernel-10.4.1
The kernel-10.4.1 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
With this change group.erl will not crash when receiving unknown message.
Own Id: OTP-19796
Related Id(s): ERIERL-1264, PR-10248
Full runtime dependencies of kernel-10.4.1
crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0
ssl-11.4.1
Note! The ssl-11.4.1 application cannot be applied independently of other applications on an arbitrary OTP 28 installation.
On a full OTP 28 installation, also the following runtime
dependencies have to be satisfied:
-- crypto-5.7 (first satisfied in OTP 28.1)
-- public_key-1.18.3 (first satisfied in OTP 28.1)
Fixed Bugs and Malfunctions
-
Fixed so that sending of application data will adhere to max_fragment_length. This was broken in OTP-27 release by an optimization.
-
PR-10046 put to hard requirements on key file content. Make sure same file can be used as keyfile and certfile
Own Id: OTP-19780
Related Id(s): GH-10212, GH-10217, PR-10221 -
Assert that hello extensions are unique and send an illegal parameter alert if they are not.
Own Id: OTP-19791
Related Id(s): PR-10245 -
Avoid sending an internal message to the user process in conjunction with handling a key update.
Own Id: OTP-19806
Related Id(s): PR-10274
Full runtime dependencies of ssl-11.4.1
crypto-5.7, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.18.3, runtime_tools-1.15.1, stdlib-7.0
xmerl-2.1.7
The xmerl-2.1.7 application can be applied independently of other applications on a full OTP 28 installation.
Fixed Bugs and Malfunctions
-
The XSD validation failed due to not handling the optional text blocks correctly in an XSD complex type with attribute
mixed=true.Own Id: OTP-19792
Related Id(s): PR-10249, ERERL-1261
Full runtime dependencies of xmerl-2.1.7
erts-6.0, kernel-8.4, stdlib-2.5
Thanks to
Daniel Gorin, Dmytro Lytovchenko, Jean-Philippe Jodoin