Patch Package OTP 28.4.1 Released

Erlang/OTP otp@REDACTED
Thu Mar 12 18:46:05 CET 2026 

Patch Package:           OTP 28.4.1
Git Tag:                 OTP-28.4.1
Date:                    2026-03-12
Trouble Report Id:       OTP-20007, OTP-20009, OTP-20011, OTP-20012,
                         OTP-20014, OTP-20018, OTP-20022
Seq num:                 CVE-2026-23941, CVE-2026-23942,
                         CVE-2026-23943, ERIERL-1303, ERIERL-1305,
                         GH-10694, PR-10707, PR-10798, PR-10809,
                         PR-10811, PR-10813, PR-10825, PR-10833
System:                  OTP
Release:                 28
Application:             crypto-5.8.3, inets-9.6.1, kernel-10.6.1,
                         ssh-5.5.1, ssl-11.5.3
Predecessor:             OTP 28.4

Check out the git tag OTP-28.4.1, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.

# crypto-5.8.3

The crypto-5.8.3 application can be applied independently of other applications
on a full OTP 28 installation.

## Fixed Bugs and Malfunctions

- Fix memory leak in `crypo:engine_load` if called with incorrect commands.

  Own Id: OTP-20014
  Related Id(s): PR-10798

> #### Full runtime dependencies of crypto-5.8.3
>
> erts-9.0, kernel-6.0, stdlib-3.9

# inets-9.6.1

The inets-9.6.1 application can be applied independently of other applications
on a full OTP 28 installation.

## Fixed Bugs and Malfunctions

- The httpd server now rejects HTTP requests containing multiple Content-Length
  headers with different values, returning a 400 Bad Request response. This
  prevents potential HTTP request smuggling attacks. Thanks Luigino Camastra at
  Aisle Research for responsibly disclosing this vulnerability

  Own Id: OTP-20007
  Related Id(s): PR-10833, CVE-2026-23941

> #### Full runtime dependencies of inets-9.6.1
>
> erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14,
> ssl-9.0, stdlib-5.0, stdlib-6.0

# kernel-10.6.1

The kernel-10.6.1 application can be applied independently of other applications
on a full OTP 28 installation.

## Fixed Bugs and Malfunctions

- A vulnerability has been resolved in the (undocumented, unsupported and unused
  in OTP) inet_dns_tsig module that leads to a validation bypass.

  If a request contained an error code (forbidden by spec), it was treated as a
  response and skipped the verification of the MAC. The user of the module would
  then receive an "all ok" response, depending on the use case, this could lead
  to such things as AXFR or UPDATE being allowed.

  The code has also been tightening up of the client side to make sure too large
  (bad) MAC sizes cannot be selected and the limit is the output size of the
  algorithm chosen.

  Own Id: OTP-20012
  Related Id(s): PR-10825

> #### Full runtime dependencies of kernel-10.6.1
>
> crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-7.0

# ssh-5.5.1

Note! The ssh-5.5.1 application _cannot_ be applied independently of other
applications on an arbitrary OTP 28 installation.

       On a full OTP 28 installation, also the following runtime
       dependency has to be satisfied:
       -- crypto-5.7 (first satisfied in OTP 28.1)

## Fixed Bugs and Malfunctions

- Fixed path traversal vulnerability in SFTP server's root option allowing
  authenticated users to access sibling directories with matching name prefixes.
  The root option used string prefix matching instead of path component
  validation. With \{root, "/home/user1"\}, attackers could access /home/user10/
  or /home/user123/. Thanks to Luigino Camastra, Aisle Research.

  Own Id: OTP-20009
  Related Id(s): PR-10811, CVE-2026-23942

- Fixed excessive memory usage vulnerability in SSH compression allowing
  attackers to consume system resources through decompression bombs. The 'zlib'
  and 'zlib@REDACTED' algorithms lacked decompression size limits, allowing
  256 KB packets to expand to 255 MB (1029:1 ratio). This could lead to crashes
  on systems with limited memory.

  The fix removes zlib from default compression algorithms and implements
  decompression size limits for both algorithms. Thanks to Igor Morgenstern at
  Aisle Research

  Own Id: OTP-20011
  Related Id(s): PR-10813, CVE-2026-23943

> #### Full runtime dependencies of ssh-5.5.1
>
> crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1,
> stdlib-5.0, stdlib-6.0

# ssl-11.5.3

Note! The ssl-11.5.3 application _cannot_ be applied independently of other
applications on an arbitrary OTP 28 installation.

       On a full OTP 28 installation, also the following runtime
       dependencies have to be satisfied:
       -- crypto-5.8 (first satisfied in OTP 28.3)
       -- public_key-1.18.3 (first satisfied in OTP 28.1)

## Fixed Bugs and Malfunctions

- TLS-1.3 certificate request now preserves the order of signature algorithms in
  certificate request extension to be in the servers preferred order, which
  might affect the choice made by some TLS clients.

  Own Id: OTP-20022
  Related Id(s): ERIERL-1305, GH-10694, PR-10707

## Improvements and New Features

- Document that setting transport protocol specific socket options is not
  generally expected to work for TLS and if it happens to work it comes with
  consequences that should be understood an accepted by the user. Also retain
  some backwards compatibility with such an option that happened to work to buy
  time for people to come up with better solutions.

  Own Id: OTP-20018
  Related Id(s): ERIERL-1303, PR-10809

> #### Full runtime dependencies of ssl-11.5.3
>
> crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.18.3,
> runtime_tools-1.15.1, stdlib-7.0

# Thanks to

Alexander Clouter, Hewwho

More information about the erlang-announce mailing list