Erlang/OTP 25.1

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:25.1

Highlights #

OTP-18153
Application(s):
crypto

Crypto is now considered to be usable with the OpenSSL 3.0 cryptolib for production code.

ENGINE and FIPS are not yet fully functional.

OTP-18172
Application(s):
crypto
Related Id(s):
ERIERL-826

*** POTENTIAL INCOMPATIBILITY ***

Changed the behaviour of the engine load/unload functions

The engine load/unload functions have got changed semantics to get a more consistent behaviour and work correct when variables are garbage collected.

The load functions now don't register the methods for the engine to replace. That will now be handled with the new functions engine_register/engine_unregister if needed.

Some functions are removed from the documentation and therefor the API, but they are left in the code for compatibility.

-- engine_load/4: is now the same as engine_load/3

-- engine_unload/2: is now the same as engine_unload/1

-- ensure_engine_loaded/3: is now the same as ensure_engine_loaded/2

-- ensure_engine_unloaded/1, ensure_engine_unloaded/2: is now the same as engine_unload/1

OTP-18241
Application(s):
ssl

A vulnerability has been discovered and corrected. It is registered as CVE-2022-37026 "Client Authentication Bypass". Corrections have been released on the supported tracks with patches 23.3.4.15, 24.3.4.2, and 25.0.2. The vulnerability might also exist in older OTP versions. We recommend that impacted users upgrade to one of these versions or later on the respective tracks. OTP 25.1 would be an even better choice. Impacted are those who are running an ssl/tls/dtls server using the ssl application either directly or indirectly via other applications. For example via inets (httpd), cowboy, etc. Note that the vulnerability only affects servers that request client certification, that is sets the option {verify, verify_peer}.

Potential Incompatibilities #

OTP-18172
Application(s):
crypto
Related Id(s):
ERIERL-826

*** HIGHLIGHT ***

Changed the behaviour of the engine load/unload functions

The engine load/unload functions have got changed semantics to get a more consistent behaviour and work correct when variables are garbage collected.

The load functions now don't register the methods for the engine to replace. That will now be handled with the new functions engine_register/engine_unregister if needed.

Some functions are removed from the documentation and therefor the API, but they are left in the code for compatibility.

-- engine_load/4: is now the same as engine_load/3

-- engine_unload/2: is now the same as engine_unload/1

-- ensure_engine_loaded/3: is now the same as ensure_engine_loaded/2

-- ensure_engine_unloaded/1, ensure_engine_unloaded/2: is now the same as engine_unload/1

OTP-18239
Application(s):
stdlib

When changing callback module in gen_statem the state_enter calls flag from the old module was used in for the first event in the new module, which could confuse the new module and cause malfunction. This bug has been corrected.

With this change some sys debug message formats have been modified, which can be a problem for debug code relying on the format.

OTP-25.1 #

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

asn1-5.0.20 #

The asn1-5.0.20 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

Full runtime dependencies of asn1-5.0.20: erts-11.0, kernel-7.0, stdlib-3.13

common_test-1.23.1 #

The common_test-1.23.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18208
Application(s):
common_test
Related Id(s):
ERIERL-852 , PR-6229

Fix cth_surefire to handle when a suite is not compiled with debug_info. This bug has been present since Erlang/OTP 25.0.

OTP-18138
Application(s):
common_test
Related Id(s):
GH-5719 , PR-6029

Common Test now preserves stack traces for throws.

Full runtime dependencies of common_test-1.23.1: compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8

compiler-8.2.1 #

The compiler-8.2.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18125
Application(s):
compiler
Related Id(s):
GH-6026

The compiler will now forbid using the empty atom '' as module name. Also forbidden are modules names containing control characters, and module names containing only spaces and soft hyphens.

OTP-18162
Application(s):
compiler
Related Id(s):
PR-6102

The bin_opt_info and recv_opt_info options would cause the compiler to crash when attempting to compile generated code without location information.

OTP-18182
Application(s):
compiler
Related Id(s):
GH-6163

In rare circumstances involving floating point operations, the compiler could terminate with an internal consistency check failure.

OTP-18183
Application(s):
compiler
Related Id(s):
GH-6169

In rare circumstances when doing arithmetic instructions on non-numbers, the compiler could crash.

OTP-18184
Application(s):
compiler
Related Id(s):
GH-6164

In rare circumstances, complex boolean expressions in nested cases could cause the compiler to crash.

OTP-18186
Application(s):
compiler

Expression similar to #{assoc:=V} = #key=>self()}, V would return the empty map instead of raising an exception.

OTP-18187
Application(s):
compiler
Related Id(s):
GH-6184

Eliminated a crash in the beam_ssa_bool pass of the compiler when compiling a complex guard expression.

OTP-18202
Application(s):
compiler
Related Id(s):
GH-6222

In rare circumstances, the compiler could crash with an internal consistency check failure.

OTP-18214
Application(s):
compiler
Related Id(s):
GH-6158

When compiling with the option inline_list_funcs, the compiler could produce a nonsensical warning.

OTP-18234
Application(s):
compiler
Related Id(s):
GH-6277

When given the no_ssa_opt option, the compiler could terminate with an internal consistency failure diagnostic when compiling map matching.

OTP-18050
Application(s):
compiler

Made warnings for existing atoms being keywords in experimental features more precise, by not warning about quoted atoms.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

Full runtime dependencies of compiler-8.2.1: crypto-5.1, erts-13.0, kernel-8.4, stdlib-4.0

crypto-5.1.2 #

The crypto-5.1.2 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18147
Application(s):
crypto
Related Id(s):
GH-6024 , PR-6056

Fix configure with --with-ssl and --disable-dynamic-ssl-lib on Windows.

OTP-18152
Application(s):
crypto

Remove all references correctly in the garbage collection if an engine handle was not explicit unloaded.

OTP-18172
Application(s):
crypto
Related Id(s):
ERIERL-826

*** HIGHLIGHT ***

*** POTENTIAL INCOMPATIBILITY ***

Changed the behaviour of the engine load/unload functions

The engine load/unload functions have got changed semantics to get a more consistent behaviour and work correct when variables are garbage collected.

The load functions now don't register the methods for the engine to replace. That will now be handled with the new functions engine_register/engine_unregister if needed.

Some functions are removed from the documentation and therefor the API, but they are left in the code for compatibility.

-- engine_load/4: is now the same as engine_load/3

-- engine_unload/2: is now the same as engine_unload/1

-- ensure_engine_loaded/3: is now the same as ensure_engine_loaded/2

-- ensure_engine_unloaded/1, ensure_engine_unloaded/2: is now the same as engine_unload/1

OTP-18200
Application(s):
crypto

Fixed a naming bug for AES-CFB and Blowfish-CFB/OFB when linked with OpenSSL 3.0 cryptolib.

OTP-18205
Application(s):
crypto, public_key
Related Id(s):
GH-6219

Sign/verify does now behave as in OTP-24 and earlier for eddsa.

OTP-18037
Application(s):
crypto

Pass elliptic curve names from crypto.erl to crypto's nif.

OTP-18133
Application(s):
crypto

The configure option --disable-deprecated-warnings is removed. It was used for some releases when the support for OpenSSL 3.0 was not completed. It is not needed in OTP 25.

OTP-18153
Application(s):
crypto

*** HIGHLIGHT ***

Crypto is now considered to be usable with the OpenSSL 3.0 cryptolib for production code.

ENGINE and FIPS are not yet fully functional.

OTP-18217
Application(s):
crypto

Do not exit if the legacy provider is missing in libcrypto 3.0.

Full runtime dependencies of crypto-5.1.2: erts-9.0, kernel-5.3, stdlib-3.9

dialyzer-5.0.2 #

The dialyzer-5.0.2 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18127
Application(s):
dialyzer
Related Id(s):
ERIERL-817

Two bugs have been fixed in Dialyzer's checking of behaviors:

When a *mandatory* callback function is present but not exported, Dialyzer would not complain about a missing callback.

When an *optional* callback function was not exported and had incompatible arguments and/or the return values were incompatible, Dialyzer would complain. This has been changed to suppress the warning, because the function might not be intended to be a callback function, for instance if a release added a new optional callback function (such as format_status/1 for the gen_server behaviour added in OTP 25).

OTP-18148
Application(s):
dialyzer
Related Id(s):
PR-6068

The no_extra_return and no_missing_return warnings can now be suppressed through -dialyzer directives in source code.

Full runtime dependencies of dialyzer-5.0.2: compiler-8.0, erts-12.0, kernel-8.0, stdlib-3.15, syntax_tools-2.0, wx-2.0

diameter-2.2.7 #

The diameter-2.2.7 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

Full runtime dependencies of diameter-2.2.7: erts-10.0, kernel-3.2, ssl-9.0, stdlib-3.0

erl_docgen-1.4 #

The erl_docgen-1.4 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18244
Application(s):
erl_docgen

Update DTD to allow XML tag em under pre.

Full runtime dependencies of erl_docgen-1.4: edoc-1.0, erts-11.0, kernel-8.0, stdlib-3.15, xmerl-1.3.7

erts-13.1 #

Note! The erts-13.1 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependencies have to be satisfied: -- kernel-8.5 (first satisfied in OTP 25.1) -- stdlib-4.1 (first satisfied in OTP 25.1)

OTP-17934
Application(s):
erts, kernel, stdlib
Related Id(s):
PR-6007

Fixed inconsistency bugs in global due to nodeup/nodedown messages not being delivered before/after traffic over connections. Also fixed various other inconsistency bugs and deadlocks in both global_group and global.

As building blocks for these fixes, a new BIF erlang:nodes/2 has been introduced and net_kernel:monitor_nodes/2 has been extended.

The -hidden and -connect_all command line arguments did not work if multiple instances were present on the command line which has been fixed. The new kernel parameter connect_all has also been introduced in order to replace the -connect_all command line argument.

OTP-18091
Application(s):
erts, kernel
Related Id(s):
#5789

Fixed IPv6 multicast_if and membership socket options.

OTP-18093
Application(s):
erts
Related Id(s):
OTP-18104 , PR-5987

Accept funs (NEW_FUN_EXT) with incorrectly encoded size field. This is a workaround for a bug (OTP-18104) existing in OTP 23 and 24 that could cause incorrect size fields in certain cases. The emulator does not use the decoded size field, but erl_interface still does and is not helped by this workaround.

OTP-18102
Application(s):
erts, kernel
Related Id(s):
#5904

Fixed issue with inet:getifaddrs hanging on pure IPv6 Windows

OTP-18104
Application(s):
erts
Related Id(s):
OTP-18093

Fix faulty distribution encoding of terms with either

-- a fun with bit-string or export-fun in its environment when encoded toward a not yet established (pending) connection

-- or a fun with a binary/bitstring, in its environment, referring to an off-heap binary (larger than 64 bytes).

The symptom could be failed decoding on the receiving side leading to aborted connection. Fix OTP-18093 is a workaround for theses bugs that makes the VM accepts such faulty encoded funs.

The first encoding bug toward pending connection exists only in OTP 23 and 24, but the second one exists also on OTP 25.

OTP-18144
Application(s):
erts
Related Id(s):
GH-5981

Fixed emulator crash that could happen during crashdump generation of ETS tables with options ordered_set and {write_concurrency,true}.

OTP-18160
Application(s):
erts
Related Id(s):
PR-6103

Retrieval of monotonic and system clock resolution on MacOS could cause a crash and/or erroneous results.

OTP-18161
Application(s):
erts
Related Id(s):
PR-6081

Fix bug where the max allowed size of erl +hmax was lower than what was allowed by process_flag.

OTP-18201
Application(s):
erts

On computers with ARM64 (AArch64) processors, the JIT could generate incorrect code when more than 4095 bits were skipped at the tail end of a binary match.

OTP-18216
Application(s):
erts
Related Id(s):
GH-6239 , PR-6240

In rare circumstances, an is_binary/1 guard test could succeed when given a large integer.

OTP-18218
Application(s):
erts
Related Id(s):
ERIERL-855

Fix bug causing ets:info (and sometimes ets:whereis) to return 'undefined' for an existing table if a concurrent process were doing ets:insert with a long list on the same table.

OTP-18222
Application(s):
erts
Related Id(s):
GH-6242 , PR-6248

Fix writing and reading of more than 2 GB in a single read/write operation on macOS. Before this fix attempting to read/write more than 2GB would result in {error,einval}.

OTP-18243
Application(s):
erts
Related Id(s):
GH-6247 , PR-6258

Fix bug sometimes causing emulator crash at node shutdown when there are pending connections. Only seen when running duel distribution protocols, inet_drv and inet_tls_dist.

OTP-17340
Application(s):
erts
Related Id(s):
PR-6133

Yield when adjusting large process message queues due to

-- copying terms from a literal area prior to removing the literal area.

-- changing the message_queue_data state from on_heap to off_heap.

The message queue adjustment work will now be interleaved with all other types of work that processes have to do, even other message queue adjustment work.

OTP-18032
Application(s):
erts, kernel

Add rudimentary debug feature (option) for the inet-driver based sockets, such as gen_tcp and gen_udp.

OTP-18107
Application(s):
erts, kernel
Related Id(s):
PR-6009

Introduced the hidden and dist_listen options to net_kernel:start/2.

Also documented the -dist_listen command line argument which was erroneously documented as a kernel parameter and not as a command line argument.

OTP-18109
Application(s):
erts

New documentation chapter "Debugging NIFs and Port Drivers" under Interoperability Tutorial.

OTP-18199
Application(s):
erts, stdlib
Related Id(s):
PR-5790

Add new API function erl_features:configurable/0

Full runtime dependencies of erts-13.1: kernel-8.5, sasl-3.3, stdlib-4.1

eunit-2.8 #

The eunit-2.8 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18181
Application(s):
eunit
Related Id(s):
ERL-97 , GH-3064 , PR-5461

With this change, Eunit can optionally not try to execute related module with "_tests" suffix. This might be used for avoiding duplicated executions when source and test modules are located in the same folder.

Full runtime dependencies of eunit-2.8: erts-9.0, kernel-5.3, stdlib-3.4

inets-8.1 #

The inets-8.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18118
Application(s):
inets

Add httpc:ssl_verify_host_options/1 to help setting default ssl options for the https client.

OTP-18178
Application(s):
inets, ssh
Related Id(s):
ERIERL-833 , ERIERL-834 , ERIERL-835

This change fixes dialyzer warnings generated for inets/httpd examples (includes needed adjustment of spec for ssh_sftp module).

OTP-18193
Application(s):
inets
Related Id(s):
GH-6122

Remove documentation of no longer supported callback.

Full runtime dependencies of inets-8.1: erts-6.0, kernel-6.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-4.0

jinterface-1.13.1 #

The jinterface-1.13.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18215
Application(s):
jinterface
Related Id(s):
PR-6154

Fix javadoc build error by adding option -encoding UTF-8.

kernel-8.5 #

Note! The kernel-8.5 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependency has to be satisfied: -- erts-13.1 (first satisfied in OTP 25.1)

OTP-17934
Application(s):
erts, kernel, stdlib
Related Id(s):
PR-6007

Fixed inconsistency bugs in global due to nodeup/nodedown messages not being delivered before/after traffic over connections. Also fixed various other inconsistency bugs and deadlocks in both global_group and global.

As building blocks for these fixes, a new BIF erlang:nodes/2 has been introduced and net_kernel:monitor_nodes/2 has been extended.

The -hidden and -connect_all command line arguments did not work if multiple instances were present on the command line which has been fixed. The new kernel parameter connect_all has also been introduced in order to replace the -connect_all command line argument.

OTP-18091
Application(s):
erts, kernel
Related Id(s):
#5789

Fixed IPv6 multicast_if and membership socket options.

OTP-18102
Application(s):
erts, kernel
Related Id(s):
#5904

Fixed issue with inet:getifaddrs hanging on pure IPv6 Windows

OTP-18115
Application(s):
kernel
Related Id(s):
PR-5939

The type specifications for inet:getopts/2 and inet:setopts/2 have been corrected regarding SCTP options.

OTP-18121
Application(s):
kernel
Related Id(s):
PR-5972

The type specifications for inet:parse_* have been tightened.

OTP-18171
Application(s):
kernel
Related Id(s):
PR-6131

Fix gen_tcp:connect/3 spec to include the inet_backend option.

OTP-18229
Application(s):
kernel
Related Id(s):
PR-6212

Fix bug where using a binary as the format when calling logger:log(Level, Format, Args) (or any other logging function) would cause a crash or incorrect logging.

OTP-18032
Application(s):
erts, kernel

Add rudimentary debug feature (option) for the inet-driver based sockets, such as gen_tcp and gen_udp.

OTP-18107
Application(s):
erts, kernel
Related Id(s):
PR-6009

Introduced the hidden and dist_listen options to net_kernel:start/2.

Also documented the -dist_listen command line argument which was erroneously documented as a kernel parameter and not as a command line argument.

OTP-18163
Application(s):
kernel
Related Id(s):
PR-6058 , PR-6275

Scope and group monitoring have been introduced in pg. For more information see the documentation of pg:monitor_scope(), pg:monitor(), and pg:demonitor().

OTP-18232
Application(s):
kernel
Related Id(s):
OTP-17843 , PR-6264

A new function global:disconnect/0 has been introduced with which one can cleanly disconnect a node from all other nodes in a cluster of global nodes.

Full runtime dependencies of kernel-8.5: crypto-5.0, erts-13.1, sasl-3.0, stdlib-4.0

megaco-4.4.1 #

The megaco-4.4.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18179
Application(s):
megaco
Related Id(s):
ERIERL-836

Fixed various dialyzer related issues in the examples and the application proper.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

Full runtime dependencies of megaco-4.4.1: asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5

observer-2.13 #

The observer-2.13 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18151
Application(s):
observer
Related Id(s):
PR-6063

Fixed units in gui.

Full runtime dependencies of observer-2.13: erts-11.0, et-1.5, kernel-8.1, runtime_tools-1.19, stdlib-3.13, wx-1.2

parsetools-2.4.1 #

The parsetools-2.4.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

Full runtime dependencies of parsetools-2.4.1: erts-6.0, kernel-3.0, stdlib-3.4

public_key-1.13.1 #

The public_key-1.13.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18154
Application(s):
public_key
Related Id(s):
PR-6002

Support more Linux distributions in cacerts_load/0.

OTP-18189
Application(s):
public_key
Related Id(s):
ERIERL-829

Correct asn1 typenames available in type pki_asn1_type()

OTP-18205
Application(s):
crypto, public_key
Related Id(s):
GH-6219

Sign/verify does now behave as in OTP-24 and earlier for eddsa.

Full runtime dependencies of public_key-1.13.1: asn1-3.0, crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5

snmp-5.13.1 #

The snmp-5.13.1 application can be applied independently of other applications on a full OTP 25 installation.

OTP-17115
Application(s):
snmp
Related Id(s):
ERIERL-456

Improved the get-bulk response max size calculation. Its now possible to configure 'empty pdu size', see appendix c for more info.

OTP-18180
Application(s):
snmp
Related Id(s):
ERIERL-837

Fix various example dialyzer issues

Full runtime dependencies of snmp-5.13.1: crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5

ssh-4.15 #

The ssh-4.15 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18220
Application(s):
ssh
Related Id(s):
ERIERL-661 , ERIERL-666

Handling rare race condition at channel close.

OTP-18134
Application(s):
ssh
Related Id(s):
GH-6021

New ssh option no_auth_needed to skip the ssh authentication. Use with caution!

OTP-18178
Application(s):
inets, ssh
Related Id(s):
ERIERL-833 , ERIERL-834 , ERIERL-835

This change fixes dialyzer warnings generated for inets/httpd examples (includes needed adjustment of spec for ssh_sftp module).

OTP-18196
Application(s):
ssh

The new function ssh:daemon_replace_options/2 makes it possible to change the Options in a running SSH server.

Established connections are not affected, only those created after the call to this new function.

OTP-18207
Application(s):
ssh
Related Id(s):
PR-6231

Add a timeout as option max_initial_idle_time. It closes a connection that does not allocate a channel within the timeout time.

For more information about timeouts, see the Timeouts section in the User's Guide Hardening chapter.

Full runtime dependencies of ssh-4.15: crypto-5.0, erts-11.0, kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15

ssl-10.8.4 #

Note! The ssl-10.8.4 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependency has to be satisfied: -- stdlib-4.1 (first satisfied in OTP 25.1)

OTP-18044
Application(s):
ssl

Reject unexpected application data in all relevant places for all TLS versions. Also, handle TLS-1.3 middlebox compatibility with more care. This will make malicious connections fail early and further, mitigate possible DoS attacks, that would be caught by the handshake timeout.

Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for alerting us of the issues in our implementation.

OTP-18099
Application(s):
ssl
Related Id(s):
PR-6287

With this change, value of cacertfile option will be adjusted before loading certs from the file. Adjustments include converting relative paths to absolute and converting symlinks to actual file path.

Thanks to Marcus Johansson

OTP-18191
Application(s):
ssl
Related Id(s):
GH-6105

In TLS-1.3, if chain certs are missing (so server auth domain adherence can not be determined) send peer cert and hope the server is able to recreate a chain in its auth domain.

OTP-18195
Application(s):
ssl

Make sure periodical refresh of CA certificate files repopulates cache properly.

OTP-18203
Application(s):
ssl
Related Id(s):
PR-5996

Correct internal CRL cache functions to use internal format consistently.

OTP-18219
Application(s):
ssl
Related Id(s):
GH-6241 , PR-6249

Incorrect handling of client middlebox negotiation for TLS-1.3 could result in that a TLS-1.3 server would not use middlebox mode although the client was expecting it too and failing the negotiation with unexpected message.

OTP-18233
Application(s):
ssl
Related Id(s):
GH-6244 , PR-6270

If the "User" process, the process starting the TLS connection, gets killed in the middle of spawning the dynamic connection tree make sure we do not leave any processes behind.

OTP-18241
Application(s):
ssl

*** HIGHLIGHT ***

A vulnerability has been discovered and corrected. It is registered as CVE-2022-37026 "Client Authentication Bypass". Corrections have been released on the supported tracks with patches 23.3.4.15, 24.3.4.2, and 25.0.2. The vulnerability might also exist in older OTP versions. We recommend that impacted users upgrade to one of these versions or later on the respective tracks. OTP 25.1 would be an even better choice. Impacted are those who are running an ssl/tls/dtls server using the ssl application either directly or indirectly via other applications. For example via inets (httpd), cowboy, etc. Note that the vulnerability only affects servers that request client certification, that is sets the option {verify, verify_peer}.

Full runtime dependencies of ssl-10.8.4: crypto-5.0, erts-10.0, inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1, stdlib-4.1

stdlib-4.1 #

Note! The stdlib-4.1 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependency has to be satisfied: -- erts-13.1 (first satisfied in OTP 25.1)

OTP-17934
Application(s):
erts, kernel, stdlib
Related Id(s):
PR-6007

Fixed inconsistency bugs in global due to nodeup/nodedown messages not being delivered before/after traffic over connections. Also fixed various other inconsistency bugs and deadlocks in both global_group and global.

As building blocks for these fixes, a new BIF erlang:nodes/2 has been introduced and net_kernel:monitor_nodes/2 has been extended.

The -hidden and -connect_all command line arguments did not work if multiple instances were present on the command line which has been fixed. The new kernel parameter connect_all has also been introduced in order to replace the -connect_all command line argument.

OTP-18139
Application(s):
stdlib
Related Id(s):
PR-6060

Fix the public_key:ssh* functions to be listed under the correct release in the Removed Functionality User's Guide.

OTP-18142
Application(s):
stdlib
Related Id(s):
PR-6078

The type spec for format_status/1 in gen_statem, gen_server and gen_event has been corrected to state that the return value is of the same type as the argument (instead of the same value as the argument).

OTP-18146
Application(s):
stdlib
Related Id(s):
PR-5983

If the timer server child spec was already present in kernel_sup but it was not started, the timer server would fail to start with an {error, already_present} error instead of restarting the server.

OTP-18239
Application(s):
stdlib

*** POTENTIAL INCOMPATIBILITY ***

When changing callback module in gen_statem the state_enter calls flag from the old module was used in for the first event in the new module, which could confuse the new module and cause malfunction. This bug has been corrected.

With this change some sys debug message formats have been modified, which can be a problem for debug code relying on the format.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

OTP-18166
Application(s):
stdlib
Related Id(s):
PR-6108

The rfc339_to_system_time/1,2 functions now allows the minutes part to be omitted from the time zone.

OTP-18194
Application(s):
stdlib
Related Id(s):
PR-6199

The receive statement in gen_event has been optimized to not use selective receive (which was never needed, and could cause severe performance degradation under heavy load).

OTP-18199
Application(s):
erts, stdlib
Related Id(s):
PR-5790

Add new API function erl_features:configurable/0

Full runtime dependencies of stdlib-4.1: compiler-5.0, crypto-4.5, erts-13.1, kernel-8.4, sasl-3.0

xmerl-1.3.30 #

The xmerl-1.3.30 application can be applied independently of other applications on a full OTP 25 installation.

OTP-18165
Application(s):
asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl
Related Id(s):
PR-5965

There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications.

Full runtime dependencies of xmerl-1.3.30: erts-6.0, kernel-3.0, stdlib-2.5