local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 51 Pull requests 13 Projects 1 Releases Packages 1 Activity Actions

chore(deps): update dependency erlang to v27.3.4 #66

Merged
moritz merged 1 commit from renovate/asdf-tool-versions into main 2025-06-02 22:42:56 +02:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate commented 2025-05-29 11:00:24 +02:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
erlang patch 27.3 -> 27.3.4

Release Notes

erlang/otp (erlang)

v27.3.4: OTP 27.3.4

Compare Source

Patch Package:           OTP 27.3.4
Git Tag:                 OTP-27.3.4
Date:                    2025-05-08
Trouble Report Id:       OTP-19577, OTP-19599, OTP-19602, OTP-19605,
                         OTP-19608, OTP-19625
Seq num:                 CVE-2025-46712, ERIERL-1220, GH-9707,
                         GH-9720, PR-9696, PR-9724, PR-9753, PR-9765,
                         PR-9767
System:                  OTP
Release:                 27
Application:             erts-15.2.7, kernel-10.2.7, ssh-5.2.11,
                         xmerl-2.1.3
Predecessor:             OTP 27.3.3

Check out the git tag OTP-27.3.4, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

erts-15.2.7

The erts-15.2.7 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Fixed an emulator crash when setting an error_handler module that was not yet loaded.

    Own Id: OTP-19577
    Related Id(s): ERIERL-1220, PR-9696

  • Fixed a rare bug that could cause an emulator crash after unloading a module or erasing a persistent_term.

    Own Id: OTP-19599
    Related Id(s): PR-9724

Full runtime dependencies of erts-15.2.7

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.2.7

Note! The kernel-10.2.7 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- erts-15.2.5 (first satisfied in OTP 27.3.2)

Fixed Bugs and Malfunctions

  • With this change, disk_log will not crash when using chunk_step/3 after log size was decreased.

    Own Id: OTP-19605
    Related Id(s): GH-9720, PR-9765

  • With this change, disk_log will not run into infinite loop when using chunk/2,3 after log size was decreased.

    Own Id: OTP-19608
    Related Id(s): GH-9707, PR-9767

Full runtime dependencies of kernel-10.2.7

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0

ssh-5.2.11

The ssh-5.2.11 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Fix KEX strict implementation according to draft-miller-sshm-strict-kex-01 document.

    Own Id: OTP-19625
    Related Id(s): CVE-2025-46712

Full runtime dependencies of ssh-5.2.11

crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

xmerl-2.1.3

The xmerl-2.1.3 application can be applied independently of other applications on a full OTP 27 installation.

Improvements and New Features

  • A new option to discard whitespace before the xml tag when reading from a stream has been added to the Xmerl SAX parser.

    • {discard_ws_before_xml_document, Boolean} - Discard whitespace before xml tag instead of returning a fatal error if set to true (false is default)

    Own Id: OTP-19602
    Related Id(s): PR-9753

Full runtime dependencies of xmerl-2.1.3

erts-6.0, kernel-8.4, stdlib-2.5

Thanks to

Lý Nhật Tâm

v27.3.3: OTP 27.3.3

Compare Source

Patch Package:           OTP 27.3.3
Git Tag:                 OTP-27.3.3
Date:                    2025-04-16
Trouble Report Id:       OTP-19581, OTP-19582, OTP-19585, OTP-19592,
                         OTP-19595
Seq num:                 CVE-2025-32433, ERIERL-1219, ERIERL-1222,
                         PR-9566, PR-9679, PR-9706
System:                  OTP
Release:                 27
Application:             erts-15.2.6, kernel-10.2.6, megaco-4.7.2,
                         ssh-5.2.10, ssl-11.2.12
Predecessor:             OTP 27.3.2

Check out the git tag OTP-27.3.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

erts-15.2.6

The erts-15.2.6 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Fixed bug in call_memory tracing that could cause wildly incorrect reported memory values. Bug exists since OTP 27.1.

    Also fixed return type spec of trace:info/3.

    Own Id: OTP-19581
    Related Id(s): ERIERL-1219, PR-9706

Full runtime dependencies of erts-15.2.6

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.2.6

Note! The kernel-10.2.6 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- erts-15.2.5 (first satisfied in OTP 27.3.2)

Fixed Bugs and Malfunctions

  • Fixed bug in call_memory tracing that could cause wildly incorrect reported memory values. Bug exists since OTP 27.1.

    Also fixed return type spec of trace:info/3.

    Own Id: OTP-19581
    Related Id(s): ERIERL-1219, PR-9706

Full runtime dependencies of kernel-10.2.6

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0

megaco-4.7.2

The megaco-4.7.2 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Corrected type spec for type mid().

    Own Id: OTP-19585
    Related Id(s): ERIERL-1222

Full runtime dependencies of megaco-4.7.2

asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5

ssh-5.2.10

The ssh-5.2.10 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Reception of wrong Unicode does not cause unnecessary processing. US-ASCII fields are not decoded as Unicode.

    Own Id: OTP-19582
    Related Id(s): PR-9679

  • SSH daemon disconnects upon receiving connection protocol message for unauthenticated used.

    Thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, Nurullah Erinola, Jörg Schwenk (Ruhr University Bochum).

    Own Id: OTP-19595
    Related Id(s): CVE-2025-32433

Full runtime dependencies of ssh-5.2.10

crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

ssl-11.2.12

Note! The ssl-11.2.12 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.16.4 (first satisfied in OTP 27.1.3)

Improvements and New Features

  • Lower log level for user cancelation as this is not an error case. Also handle possible undecrypted close alert during TLS-1.3 handshake.

    Own Id: OTP-19592
    Related Id(s): PR-9566

Full runtime dependencies of ssl-11.2.12

crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0

Thanks to

Simon Cornish

v27.3.2: OTP 27.3.2

Compare Source

Patch Package:           OTP 27.3.2
Git Tag:                 OTP-27.3.2
Date:                    2025-04-04
Trouble Report Id:       OTP-19482, OTP-19560, OTP-19561, OTP-19562,
                         OTP-19563, OTP-19564, OTP-19565, OTP-19567,
                         OTP-19568, OTP-19569, OTP-19571
Seq num:                 ERIERL-1207, ERIERL-1208, ERIERL-1210,
                         ERIERL-1211, ERIERL-1212, ERIERL-1214,
                         ERIERL-1216, GH-9541, PR-9650, PR-9658,
                         PR-9661, PR-9676
System:                  OTP
Release:                 27
Application:             asn1-5.3.4, compiler-8.6.1, erts-15.2.5,
                         kernel-10.2.5, megaco-4.7.1, snmp-5.18.2,
                         ssl-11.2.11, xmerl-2.1.2
Predecessor:             OTP 27.3.1

Check out the git tag OTP-27.3.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

asn1-5.3.4

The asn1-5.3.4 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Negative REAL numbers greater than -1 would be incorrectly encoded (the minus sign would be lost).

    Own Id: OTP-19567
    Related Id(s): ERIERL-1214, PR-9658

Full runtime dependencies of asn1-5.3.4

erts-14.0, kernel-9.0, stdlib-5.0

compiler-8.6.1

The compiler-8.6.1 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Fix the compiler crash when the inner-most tuple in a nested tuple with 3 layers is updated.

    Own Id: OTP-19561
    Related Id(s): ERIERL-1208, ERIERL-1210, PR-9650

Full runtime dependencies of compiler-8.6.1

crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0

erts-15.2.5

The erts-15.2.5 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • On Windows, using socket:sendv, a large IOV (size > MAX), the tail was not sent.

    Own Id: OTP-19482

  • Uplift pcre 8.44 to pcre 8.45

    Own Id: OTP-19565

Full runtime dependencies of erts-15.2.5

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.2.5

Note! The kernel-10.2.5 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- erts-15.2.5 (first satisfied in OTP 27.3.2)

Fixed Bugs and Malfunctions

  • On Windows, using socket:sendv, a large IOV (size > MAX), the tail was not sent.

    Own Id: OTP-19482

  • gen_tcp connect with a sockaddr with loopback address failed.

    Own Id: OTP-19560
    Related Id(s): GH-9541

  • Remove debug printouts from gen_tcp_socket

    Own Id: OTP-19564

Full runtime dependencies of kernel-10.2.5

crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0

megaco-4.7.1

The megaco-4.7.1 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Correct type spec for ActionReply

    Own Id: OTP-19563
    Related Id(s): ERIERL-1216

Full runtime dependencies of megaco-4.7.1

asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5

snmp-5.18.2

The snmp-5.18.2 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • When manager receives an v3 inform (request) it used engine-id and full address (including port number) to check if engine was known. This did not work if agent used ephemeral ports for notifications. Has now been changed to only use (context) engine-id and address (without port).

    Own Id: OTP-19562
    Related Id(s): ERIERL-1207

  • Fixed snmp_generic (dialyzer) spec for function table_func.

    Own Id: OTP-19568
    Related Id(s): ERIERL-1211

Full runtime dependencies of snmp-5.18.2

crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-5.0

ssl-11.2.11

Note! The ssl-11.2.11 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.16.4 (first satisfied in OTP 27.1.3)

Fixed Bugs and Malfunctions

  • Correct the debug functionality for NSS keylogging for TLS-1.3 introduced in OTP-27.3.1 so that TLS-1.3 key updates items always get correct counter value and each item is logged as one single line.

    Own Id: OTP-19569
    Related Id(s): PR-9661

Full runtime dependencies of ssl-11.2.11

crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0

xmerl-2.1.2

The xmerl-2.1.2 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Corrected faulty type specification

    Corrected type specification for the input parameter of xmerl_xs:value_of/1.

    Also replaced underscore in the return type specifications of xmerl_xs:select/2, xmerl_xpath:string/2 and xmerl_xpath:string/3 with specified return values to improve documentation.

    Own Id: OTP-19571
    Related Id(s): ERIERL-1212, PR-9676

Full runtime dependencies of xmerl-2.1.2

erts-6.0, kernel-8.4, stdlib-2.5

Thanks to

Björn Gustavsson

v27.3.1: OTP 27.3.1

Compare Source

Patch Package:           OTP 27.3.1
Git Tag:                 OTP-27.3.1
Date:                    2025-03-28
Trouble Report Id:       OTP-19391, OTP-19437, OTP-19469, OTP-19525,
                         OTP-19527, OTP-19529, OTP-19542, OTP-19543,
                         OTP-19545, OTP-19546, OTP-19547, OTP-19548,
                         OTP-19549, OTP-19559
Seq num:                 #​9172, CVE-2025-30211, ERIERL-1204,
                         ERIERL-1205, ERIERL-1206, GH-8891, GH-9483,
                         GH-9554, OTP-19472, OTP-19544, PR-9221,
                         PR-9486, PR-9534, PR-9545, PR-9553, PR-9577,
                         PR-9587, PR-9588, PR-9596, PR-9611, PR-9612
System:                  OTP
Release:                 27
Application:             asn1-5.3.3, erts-15.2.4, kernel-10.2.4,
                         mnesia-4.23.5, ssh-5.2.9, ssl-11.2.10,
                         stdlib-6.2.2
Predecessor:             OTP 27.3

Check out the git tag OTP-27.3.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

OTP-27.3.1

Fixed Bugs and Malfunctions

  • Update used ExDoc version to v0.37.3

    Own Id: OTP-19525
    Related Id(s): PR-9553

asn1-5.3.3

The asn1-5.3.3 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • The JER backend will now include the SIZE constraint in the type info for OCTET STRINGs, and a SIZE constraint with a range will now be included for BIT STRINGs. This does not change the actual encoding or decoding of JER, but can be useful for tools.

    Own Id: OTP-19542
    Related Id(s): ERIERL-1204, PR-9588

Improvements and New Features

  • When using the JSON encoding rules, it is now possible to call the decode/2 function in the following way with data that has already been decoded by json:decode/1:

    SomeModule:decode(Type, {json_decoded, Decoded}).

    Own Id: OTP-19547
    Related Id(s): ERIERL-1206, PR-9611

Full runtime dependencies of asn1-5.3.3

erts-14.0, kernel-9.0, stdlib-5.0

erts-15.2.4

The erts-15.2.4 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Behavior for socket:recv/3 has been improved. The behavior has also been clarified in the documentation.

    Own Id: OTP-19469
    Related Id(s): #​9172

  • Trace messages due to receive tracing could potentially be delayed a very long time if the traced process waited in a receive expression without clauses matching on messages (timed wait), or just did not enter a receive expression for a very long time.

    Own Id: OTP-19527
    Related Id(s): PR-9577

  • Improve the naming of the (internal) esock mutex(es). It is now possible to configure (as in autoconf) the use of simple names for the esock mutex(es).

    Own Id: OTP-19548
    Related Id(s): OTP-19472

Full runtime dependencies of erts-15.2.4

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-10.2.4

Note! The kernel-10.2.4 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- erts-15.1 (first satisfied in OTP 27.1)

Fixed Bugs and Malfunctions

  • Behavior for socket:recv/3 has been improved. The behavior has also been clarified in the documentation.

    Own Id: OTP-19469
    Related Id(s): #​9172

  • An infinite loop in CNAME loop detection that can cause Out Of Memory has been fixed. This affected CNAME lookup with the internal DNS resolver.

    Own Id: OTP-19545
    Related Id(s): PR-9587, OTP-19544

Full runtime dependencies of kernel-10.2.4

crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0

mnesia-4.23.5

The mnesia-4.23.5 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • With this change mnesia will merge schema of tables using external backends.

    Own Id: OTP-19437
    Related Id(s): PR-9534

Full runtime dependencies of mnesia-4.23.5

erts-9.0, kernel-5.3, stdlib-5.0

ssh-5.2.9

The ssh-5.2.9 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Reception of malicious KEX init message does not result with ssh daemon excessive memory usage.

    Own Id: OTP-19543
    Related Id(s): CVE-2025-30211

  • Call to ssh:daemon_replace_options does not crash when argument is not a valid daemon ref.

    Own Id: OTP-19559
    Related Id(s): GH-9554, PR-9545

Full runtime dependencies of ssh-5.2.9

crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0

ssl-11.2.10

Note! The ssl-11.2.10 application cannot be applied independently of other applications on an arbitrary OTP 27 installation.

   On a full OTP 27 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.16.4 (first satisfied in OTP 27.1.3)

Fixed Bugs and Malfunctions

  • Correct handling of unassigned signature algorithms to properly ignore them instead of failing the handshake.

    Own Id: OTP-19529
    Related Id(s): GH-9483, PR-9486

  • Update key mechanism in CRL cache so that CRL DP with same URI path component becomes distinguishable from each other.

    Own Id: OTP-19549
    Related Id(s): GH-8891, PR-9612

Improvements and New Features

  • Add callback for NSS keylogging so that it can work as expected for all scenarios.

    Own Id: OTP-19391
    Related Id(s): PR-9221

Full runtime dependencies of ssl-11.2.10

crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0

stdlib-6.2.2

The stdlib-6.2.2 application can be applied independently of other applications on a full OTP 27 installation.

Fixed Bugs and Malfunctions

  • Fixed crash when fetching initial_call when user code have modified the process_dictionary.

    Own Id: OTP-19546
    Related Id(s): ERIERL-1205, PR-9596

Full runtime dependencies of stdlib-6.2.2

compiler-5.0, crypto-4.5, erts-15.0, kernel-10.0, sasl-3.0

Thanks to

Alexandre Rodrigues, Marc Worrell, Sergei Shuvatov, zmstone

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [erlang](https://github.com/erlang/otp) | patch | `27.3` -> `27.3.4` | --- ### Release Notes <details> <summary>erlang/otp (erlang)</summary> ### [`v27.3.4`](https://github.com/erlang/otp/releases/tag/OTP-27.3.4): OTP 27.3.4 [Compare Source](https://github.com/erlang/otp/compare/OTP-27.3.3...OTP-27.3.4) Patch Package: OTP 27.3.4 Git Tag: OTP-27.3.4 Date: 2025-05-08 Trouble Report Id: OTP-19577, OTP-19599, OTP-19602, OTP-19605, OTP-19608, OTP-19625 Seq num: CVE-2025-46712, ERIERL-1220, GH-9707, GH-9720, PR-9696, PR-9724, PR-9753, PR-9765, PR-9767 System: OTP Release: 27 Application: erts-15.2.7, kernel-10.2.7, ssh-5.2.11, xmerl-2.1.3 Predecessor: OTP 27.3.3 Check out the git tag OTP-27.3.4, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. ### erts-15.2.7 The erts-15.2.7 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Fixed an emulator crash when setting an error_handler module that was not yet loaded. Own Id: OTP-19577\ Related Id(s): ERIERL-1220, [PR-9696] - Fixed a rare bug that could cause an emulator crash after unloading a module or erasing a persistent_term. Own Id: OTP-19599\ Related Id(s): [PR-9724] > #### Full runtime dependencies of erts-15.2.7 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### kernel-10.2.7 Note! The kernel-10.2.7 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- erts-15.2.5 (first satisfied in OTP 27.3.2) #### Fixed Bugs and Malfunctions - With this change, disk_log will not crash when using chunk_step/3 after log size was decreased. Own Id: OTP-19605\ Related Id(s): [GH-9720], [PR-9765] - With this change, disk_log will not run into infinite loop when using chunk/2,3 after log size was decreased. Own Id: OTP-19608\ Related Id(s): [GH-9707], [PR-9767] > #### Full runtime dependencies of kernel-10.2.7 > > crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0 ### ssh-5.2.11 The ssh-5.2.11 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Fix KEX strict implementation according to draft-miller-sshm-strict-kex-01 document. Own Id: OTP-19625\ Related Id(s): [CVE-2025-46712] > #### Full runtime dependencies of ssh-5.2.11 > > crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0 ### xmerl-2.1.3 The xmerl-2.1.3 application can be applied independently of other applications on a full OTP 27 installation. #### Improvements and New Features - A new option to discard whitespace before the `xml` tag when reading from a stream has been added to the Xmerl SAX parser. - **`{discard_ws_before_xml_document, Boolean}`** - Discard whitespace before `xml` tag instead of returning a fatal error if set to `true` (`false` is default) Own Id: OTP-19602\ Related Id(s): [PR-9753] > #### Full runtime dependencies of xmerl-2.1.3 > > erts-6.0, kernel-8.4, stdlib-2.5 ### Thanks to Lý Nhật Tâm [cve-2025-46712]: https://nvd.nist.gov/vuln/detail/CVE-2025-46712 [gh-9707]: https://github.com/erlang/otp/issues/9707 [gh-9720]: https://github.com/erlang/otp/issues/9720 [pr-9696]: https://github.com/erlang/otp/pull/9696 [pr-9724]: https://github.com/erlang/otp/pull/9724 [pr-9753]: https://github.com/erlang/otp/pull/9753 [pr-9765]: https://github.com/erlang/otp/pull/9765 [pr-9767]: https://github.com/erlang/otp/pull/9767 ### [`v27.3.3`](https://github.com/erlang/otp/releases/tag/OTP-27.3.3): OTP 27.3.3 [Compare Source](https://github.com/erlang/otp/compare/OTP-27.3.2...OTP-27.3.3) Patch Package: OTP 27.3.3 Git Tag: OTP-27.3.3 Date: 2025-04-16 Trouble Report Id: OTP-19581, OTP-19582, OTP-19585, OTP-19592, OTP-19595 Seq num: CVE-2025-32433, ERIERL-1219, ERIERL-1222, PR-9566, PR-9679, PR-9706 System: OTP Release: 27 Application: erts-15.2.6, kernel-10.2.6, megaco-4.7.2, ssh-5.2.10, ssl-11.2.12 Predecessor: OTP 27.3.2 Check out the git tag OTP-27.3.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. ### erts-15.2.6 The erts-15.2.6 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Fixed bug in `call_memory` tracing that could cause wildly incorrect reported memory values. Bug exists since OTP 27.1. Also fixed return type spec of `trace:info/3`. Own Id: OTP-19581\ Related Id(s): ERIERL-1219, [PR-9706] > #### Full runtime dependencies of erts-15.2.6 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### kernel-10.2.6 Note! The kernel-10.2.6 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- erts-15.2.5 (first satisfied in OTP 27.3.2) #### Fixed Bugs and Malfunctions - Fixed bug in `call_memory` tracing that could cause wildly incorrect reported memory values. Bug exists since OTP 27.1. Also fixed return type spec of `trace:info/3`. Own Id: OTP-19581\ Related Id(s): ERIERL-1219, [PR-9706] > #### Full runtime dependencies of kernel-10.2.6 > > crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0 ### megaco-4.7.2 The megaco-4.7.2 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Corrected type spec for type mid(). Own Id: OTP-19585\ Related Id(s): ERIERL-1222 > #### Full runtime dependencies of megaco-4.7.2 > > asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5 ### ssh-5.2.10 The ssh-5.2.10 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Reception of wrong Unicode does not cause unnecessary processing. US-ASCII fields are not decoded as Unicode. Own Id: OTP-19582\ Related Id(s): [PR-9679] - SSH daemon disconnects upon receiving connection protocol message for unauthenticated used. Thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, Nurullah Erinola, Jörg Schwenk (Ruhr University Bochum). Own Id: OTP-19595\ Related Id(s): [CVE-2025-32433] > #### Full runtime dependencies of ssh-5.2.10 > > crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0 ### ssl-11.2.12 Note! The ssl-11.2.12 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- public_key-1.16.4 (first satisfied in OTP 27.1.3) #### Improvements and New Features - Lower log level for user cancelation as this is not an error case. Also handle possible undecrypted close alert during TLS-1.3 handshake. Own Id: OTP-19592\ Related Id(s): [PR-9566] > #### Full runtime dependencies of ssl-11.2.12 > > crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0 ### Thanks to Simon Cornish [cve-2025-32433]: https://nvd.nist.gov/vuln/detail/CVE-2025-32433 [pr-9566]: https://github.com/erlang/otp/pull/9566 [pr-9679]: https://github.com/erlang/otp/pull/9679 [pr-9706]: https://github.com/erlang/otp/pull/9706 ### [`v27.3.2`](https://github.com/erlang/otp/releases/tag/OTP-27.3.2): OTP 27.3.2 [Compare Source](https://github.com/erlang/otp/compare/OTP-27.3.1...OTP-27.3.2) Patch Package: OTP 27.3.2 Git Tag: OTP-27.3.2 Date: 2025-04-04 Trouble Report Id: OTP-19482, OTP-19560, OTP-19561, OTP-19562, OTP-19563, OTP-19564, OTP-19565, OTP-19567, OTP-19568, OTP-19569, OTP-19571 Seq num: ERIERL-1207, ERIERL-1208, ERIERL-1210, ERIERL-1211, ERIERL-1212, ERIERL-1214, ERIERL-1216, GH-9541, PR-9650, PR-9658, PR-9661, PR-9676 System: OTP Release: 27 Application: asn1-5.3.4, compiler-8.6.1, erts-15.2.5, kernel-10.2.5, megaco-4.7.1, snmp-5.18.2, ssl-11.2.11, xmerl-2.1.2 Predecessor: OTP 27.3.1 Check out the git tag OTP-27.3.2, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. ### asn1-5.3.4 The asn1-5.3.4 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Negative REAL numbers greater than -1 would be incorrectly encoded (the minus sign would be lost). Own Id: OTP-19567\ Related Id(s): ERIERL-1214, [PR-9658] > #### Full runtime dependencies of asn1-5.3.4 > > erts-14.0, kernel-9.0, stdlib-5.0 ### compiler-8.6.1 The compiler-8.6.1 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Fix the compiler crash when the inner-most tuple in a nested tuple with 3 layers is updated. Own Id: OTP-19561\ Related Id(s): ERIERL-1208, ERIERL-1210, [PR-9650] > #### Full runtime dependencies of compiler-8.6.1 > > crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0 ### erts-15.2.5 The erts-15.2.5 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - On Windows, using socket:sendv, a large IOV (size > MAX), the tail was not sent. Own Id: OTP-19482 - Uplift pcre 8.44 to pcre 8.45 Own Id: OTP-19565 > #### Full runtime dependencies of erts-15.2.5 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### kernel-10.2.5 Note! The kernel-10.2.5 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- erts-15.2.5 (first satisfied in OTP 27.3.2) #### Fixed Bugs and Malfunctions - On Windows, using socket:sendv, a large IOV (size > MAX), the tail was not sent. Own Id: OTP-19482 - gen_tcp connect with a sockaddr with loopback address failed. Own Id: OTP-19560\ Related Id(s): [GH-9541] - Remove debug printouts from gen_tcp_socket Own Id: OTP-19564 > #### Full runtime dependencies of kernel-10.2.5 > > crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0 ### megaco-4.7.1 The megaco-4.7.1 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Correct type spec for ActionReply Own Id: OTP-19563\ Related Id(s): ERIERL-1216 > #### Full runtime dependencies of megaco-4.7.1 > > asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5 ### snmp-5.18.2 The snmp-5.18.2 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - When manager receives an v3 inform (request) it used engine-id and full address (including port number) to check if engine was known. This did not work if agent used ephemeral ports for notifications. Has now been changed to only use (context) engine-id and address (without port). Own Id: OTP-19562\ Related Id(s): ERIERL-1207 - Fixed snmp_generic (dialyzer) spec for function table_func. Own Id: OTP-19568\ Related Id(s): ERIERL-1211 > #### Full runtime dependencies of snmp-5.18.2 > > crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-5.0 ### ssl-11.2.11 Note! The ssl-11.2.11 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- public_key-1.16.4 (first satisfied in OTP 27.1.3) #### Fixed Bugs and Malfunctions - Correct the debug functionality for NSS keylogging for TLS-1.3 introduced in OTP-27.3.1 so that TLS-1.3 key updates items always get correct counter value and each item is logged as one single line. Own Id: OTP-19569\ Related Id(s): [PR-9661] > #### Full runtime dependencies of ssl-11.2.11 > > crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0 ### xmerl-2.1.2 The xmerl-2.1.2 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Corrected faulty type specification Corrected type specification for the input parameter of `xmerl_xs:value_of/1`. Also replaced underscore in the return type specifications of `xmerl_xs:select/2`, `xmerl_xpath:string/2` and `xmerl_xpath:string/3` with specified return values to improve documentation. Own Id: OTP-19571\ Related Id(s): ERIERL-1212, [PR-9676] > #### Full runtime dependencies of xmerl-2.1.2 > > erts-6.0, kernel-8.4, stdlib-2.5 ### Thanks to Björn Gustavsson [gh-9541]: https://github.com/erlang/otp/issues/9541 [pr-9650]: https://github.com/erlang/otp/pull/9650 [pr-9658]: https://github.com/erlang/otp/pull/9658 [pr-9661]: https://github.com/erlang/otp/pull/9661 [pr-9676]: https://github.com/erlang/otp/pull/9676 ### [`v27.3.1`](https://github.com/erlang/otp/releases/tag/OTP-27.3.1): OTP 27.3.1 [Compare Source](https://github.com/erlang/otp/compare/OTP-27.3...OTP-27.3.1) Patch Package: OTP 27.3.1 Git Tag: OTP-27.3.1 Date: 2025-03-28 Trouble Report Id: OTP-19391, OTP-19437, OTP-19469, OTP-19525, OTP-19527, OTP-19529, OTP-19542, OTP-19543, OTP-19545, OTP-19546, OTP-19547, OTP-19548, OTP-19549, OTP-19559 Seq num: #&#8203;9172, CVE-2025-30211, ERIERL-1204, ERIERL-1205, ERIERL-1206, GH-8891, GH-9483, GH-9554, OTP-19472, OTP-19544, PR-9221, PR-9486, PR-9534, PR-9545, PR-9553, PR-9577, PR-9587, PR-9588, PR-9596, PR-9611, PR-9612 System: OTP Release: 27 Application: asn1-5.3.3, erts-15.2.4, kernel-10.2.4, mnesia-4.23.5, ssh-5.2.9, ssl-11.2.10, stdlib-6.2.2 Predecessor: OTP 27.3 Check out the git tag OTP-27.3.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. ### OTP-27.3.1 #### Fixed Bugs and Malfunctions - Update used ExDoc version to v0.37.3 Own Id: OTP-19525\ Related Id(s): [PR-9553] ### asn1-5.3.3 The asn1-5.3.3 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - The JER backend will now include the SIZE constraint in the type info for OCTET STRINGs, and a SIZE constraint with a range will now be included for BIT STRINGs. This does not change the actual encoding or decoding of JER, but can be useful for tools. Own Id: OTP-19542\ Related Id(s): ERIERL-1204, [PR-9588] #### Improvements and New Features - When using the JSON encoding rules, it is now possible to call the decode/2 function in the following way with data that has already been decoded by json:decode/1: SomeModule:decode(Type, {json_decoded, Decoded}). Own Id: OTP-19547\ Related Id(s): ERIERL-1206, [PR-9611] > #### Full runtime dependencies of asn1-5.3.3 > > erts-14.0, kernel-9.0, stdlib-5.0 ### erts-15.2.4 The erts-15.2.4 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Behavior for socket:recv/3 has been improved. The behavior has also been clarified in the documentation. Own Id: OTP-19469\ Related Id(s): [#&#8203;9172] - Trace messages due to `receive` tracing could potentially be delayed a very long time if the traced process waited in a `receive` expression without clauses matching on messages (timed wait), or just did not enter a `receive` expression for a very long time. Own Id: OTP-19527\ Related Id(s): [PR-9577] - Improve the naming of the (internal) esock mutex(es). It is now possible to configure (as in autoconf) the use of simple names for the esock mutex(es). Own Id: OTP-19548\ Related Id(s): OTP-19472 > #### Full runtime dependencies of erts-15.2.4 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### kernel-10.2.4 Note! The kernel-10.2.4 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- erts-15.1 (first satisfied in OTP 27.1) #### Fixed Bugs and Malfunctions - Behavior for socket:recv/3 has been improved. The behavior has also been clarified in the documentation. Own Id: OTP-19469\ Related Id(s): [#&#8203;9172] - An infinite loop in CNAME loop detection that can cause Out Of Memory has been fixed. This affected CNAME lookup with the internal DNS resolver. Own Id: OTP-19545\ Related Id(s): [PR-9587], OTP-19544 > #### Full runtime dependencies of kernel-10.2.4 > > crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0 ### mnesia-4.23.5 The mnesia-4.23.5 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - With this change mnesia will merge schema of tables using external backends. Own Id: OTP-19437\ Related Id(s): [PR-9534] > #### Full runtime dependencies of mnesia-4.23.5 > > erts-9.0, kernel-5.3, stdlib-5.0 ### ssh-5.2.9 The ssh-5.2.9 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Reception of malicious KEX init message does not result with ssh daemon excessive memory usage. Own Id: OTP-19543\ Related Id(s): [CVE-2025-30211] - Call to ssh:daemon_replace_options does not crash when argument is not a valid daemon ref. Own Id: OTP-19559\ Related Id(s): [GH-9554], [PR-9545] > #### Full runtime dependencies of ssh-5.2.9 > > crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0 ### ssl-11.2.10 Note! The ssl-11.2.10 application *cannot* be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- public_key-1.16.4 (first satisfied in OTP 27.1.3) #### Fixed Bugs and Malfunctions - Correct handling of unassigned signature algorithms to properly ignore them instead of failing the handshake. Own Id: OTP-19529\ Related Id(s): [GH-9483], [PR-9486] - Update key mechanism in CRL cache so that CRL DP with same URI path component becomes distinguishable from each other. Own Id: OTP-19549\ Related Id(s): [GH-8891], [PR-9612] #### Improvements and New Features - Add callback for NSS keylogging so that it can work as expected for all scenarios. Own Id: OTP-19391\ Related Id(s): [PR-9221] > #### Full runtime dependencies of ssl-11.2.10 > > crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, runtime_tools-1.15.1, stdlib-6.0 ### stdlib-6.2.2 The stdlib-6.2.2 application can be applied independently of other applications on a full OTP 27 installation. #### Fixed Bugs and Malfunctions - Fixed crash when fetching `initial_call` when user code have modified the `process_dictionary`. Own Id: OTP-19546\ Related Id(s): ERIERL-1205, [PR-9596] > #### Full runtime dependencies of stdlib-6.2.2 > > compiler-5.0, crypto-4.5, erts-15.0, kernel-10.0, sasl-3.0 ### Thanks to Alexandre Rodrigues, Marc Worrell, Sergei Shuvatov, zmstone [#&#8203;9172]: https://github.com/erlang/otp/issues/9172 [cve-2025-30211]: https://nvd.nist.gov/vuln/detail/CVE-2025-30211 [gh-8891]: https://github.com/erlang/otp/issues/8891 [gh-9483]: https://github.com/erlang/otp/issues/9483 [gh-9554]: https://github.com/erlang/otp/issues/9554 [pr-9221]: https://github.com/erlang/otp/pull/9221 [pr-9486]: https://github.com/erlang/otp/pull/9486 [pr-9534]: https://github.com/erlang/otp/pull/9534 [pr-9545]: https://github.com/erlang/otp/pull/9545 [pr-9553]: https://github.com/erlang/otp/pull/9553 [pr-9577]: https://github.com/erlang/otp/pull/9577 [pr-9587]: https://github.com/erlang/otp/pull/9587 [pr-9588]: https://github.com/erlang/otp/pull/9588 [pr-9596]: https://github.com/erlang/otp/pull/9596 [pr-9611]: https://github.com/erlang/otp/pull/9611 [pr-9612]: https://github.com/erlang/otp/pull/9612 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4yMi4xIiwidXBkYXRlZEluVmVyIjoiNDAuMjIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21hdGVkIiwiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=-->
renovate added 1 commit 2025-05-29 11:00:25 +02:00
chore(deps): update dependency erlang to v27.3.4
All checks were successful
continuous-integration/drone/push Build is passing
Details
c32d4b7d85
moritz force-pushed renovate/asdf-tool-versions from c32d4b7d85 to e99af641f8 2025-06-02 15:01:46 +02:00 Compare
moritz merged commit e99af641f8 into main 2025-06-02 22:42:56 +02:00
moritz deleted branch renovate/asdf-tool-versions 2025-06-02 22:42:56 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
high priority

   
invalid

Something is wrong

  
L

5 h

  
low priority

   
M

3 h

  
medium priority

   
needs refinement

   
question

More information is needed

  
S

1 h

  
UX research

   
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
question
S
UX research
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#66
No description provided.
Delete branch "renovate/asdf-tool-versions"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?