Erlang/OTP 27.3.3

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:27.3.3
Erlang/OTP 27.3.3
View on github.com
Patch Package OTP 27.3.3
Git Tag OTP-27.3.3
Date 2025-04-16
Issue Id
CVE-2025-32433
ERIERL-1219
ERIERL-1222
System OTP
Release 27
Application

erts-15.2.6 #

The erts-15.2.6 application can be applied independently of other applications on a full OTP 27 installation.

OTP-19581
Related Id(s):

ERIERL-1219, PR-9706

Fixed bug in call_memory tracing that could cause wildly incorrect reported memory values. Bug exists since OTP 27.1.

Also fixed return type spec of trace:info/3.

Full runtime dependencies of erts-15.2.6

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.2.6 #

Note! The kernel-10.2.6 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- erts-15.2.5 (first satisfied in OTP 27.3.2)
OTP-19581
Related Id(s):

ERIERL-1219, PR-9706

Fixed bug in call_memory tracing that could cause wildly incorrect reported memory values. Bug exists since OTP 27.1.

Also fixed return type spec of trace:info/3.

Full runtime dependencies of kernel-10.2.6

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0

megaco-4.7.2 #

The megaco-4.7.2 application can be applied independently of other applications on a full OTP 27 installation.

OTP-19585
Related Id(s):

ERIERL-1222

Corrected type spec for type mid().

Full runtime dependencies of megaco-4.7.2

asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5

ssh-5.2.10 #

The ssh-5.2.10 application can be applied independently of other applications on a full OTP 27 installation.

OTP-19582
Related Id(s):

PR-9679

Reception of wrong Unicode does not cause unnecessary processing. US-ASCII fields are not decoded as Unicode.

OTP-19595
Related Id(s):

CVE-2025-32433

SSH daemon disconnects upon receiving connection protocol message for unauthenticated used.

Thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, Nurullah Erinola, Jörg Schwenk (Ruhr University Bochum).

Full runtime dependencies of ssh-5.2.10

crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

ssl-11.2.12 #

Note! The ssl-11.2.12 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.16.4 (first satisfied in OTP 27.1.3)
OTP-19592
Related Id(s):

PR-9566

Lower log level for user cancelation as this is not an error case. Also handle possible undecrypted close alert during TLS-1.3 handshake.

Full runtime dependencies of ssl-11.2.12

crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0

Thanks To #

Simon Cornish