<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="text-align:left; direction:ltr;">
<div>Patch Package: OTP 25.1</div>
<div>Git Tag: OTP-25.1</div>
<div>Date: 2022-09-21</div>
<div>Trouble Report Id: OTP-17115, OTP-17340, OTP-17934, OTP-18032,</div>
<div> OTP-18037, OTP-18044, OTP-18050, OTP-18091,</div>
<div> OTP-18093, OTP-18099, OTP-18102, OTP-18104,</div>
<div> OTP-18107, OTP-18109, OTP-18115, OTP-18118,</div>
<div> OTP-18121, OTP-18125, OTP-18127, OTP-18133,</div>
<div> OTP-18134, OTP-18138, OTP-18139, OTP-18142,</div>
<div> OTP-18144, OTP-18146, OTP-18147, OTP-18148,</div>
<div> OTP-18151, OTP-18152, OTP-18153, OTP-18154,</div>
<div> OTP-18160, OTP-18161, OTP-18162, OTP-18163,</div>
<div> OTP-18165, OTP-18166, OTP-18171, OTP-18172,</div>
<div> OTP-18178, OTP-18179, OTP-18180, OTP-18181,</div>
<div> OTP-18182, OTP-18183, OTP-18184, OTP-18186,</div>
<div> OTP-18187, OTP-18189, OTP-18191, OTP-18193,</div>
<div> OTP-18194, OTP-18195, OTP-18196, OTP-18199,</div>
<div> OTP-18200, OTP-18201, OTP-18202, OTP-18203,</div>
<div> OTP-18205, OTP-18207, OTP-18208, OTP-18214,</div>
<div> OTP-18215, OTP-18216, OTP-18217, OTP-18218,</div>
<div> OTP-18219, OTP-18220, OTP-18222, OTP-18229,</div>
<div> OTP-18232, OTP-18233, OTP-18234, OTP-18239,</div>
<div> OTP-18241, OTP-18243, OTP-18244</div>
<div>Seq num: ERIERL-456, ERIERL-661, ERIERL-666,</div>
<div> ERIERL-817, ERIERL-826, ERIERL-829,</div>
<div> ERIERL-833, ERIERL-834, ERIERL-835,</div>
<div> ERIERL-836, ERIERL-837, ERIERL-852,</div>
<div> ERIERL-855, ERL-97, GH-3064, GH-5719,</div>
<div> GH-5981, GH-6021, GH-6024, GH-6026, GH-6105,</div>
<div> GH-6122, GH-6158, GH-6163, GH-6164, GH-6169,</div>
<div> GH-6184, GH-6219, GH-6222, GH-6239, GH-6241,</div>
<div> GH-6242, GH-6244, GH-6247, GH-6277</div>
<div>System: OTP</div>
<div>Release: 25</div>
<div>Application: asn1-5.0.20, common_test-1.23.1,</div>
<div> compiler-8.2.1, crypto-5.1.2, dialyzer-5.0.2,</div>
<div> diameter-2.2.7, erl_docgen-1.4, erts-13.1,</div>
<div> eunit-2.8, inets-8.1, jinterface-1.13.1,</div>
<div> kernel-8.5, megaco-4.4.1, observer-2.13,</div>
<div> parsetools-2.4.1, public_key-1.13.1,</div>
<div> snmp-5.13.1, ssh-4.15, ssl-10.8.4,</div>
<div> stdlib-4.1, xmerl-1.3.30</div>
<div>Predecessor: OTP 25.0.4</div>
<div><br>
</div>
<div> Check out the git tag OTP-25.1, and build a full OTP system including</div>
<div> documentation. Apply one or more applications from this build as</div>
<div> patches to your installation using the 'otp_patch_apply' tool. For</div>
<div> information on install requirements, see descriptions for each</div>
<div> application version below.</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- HIGHLIGHTS ------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> OTP-18153 Application(s): crypto</div>
<div><br>
</div>
<div> Crypto is now considered to be usable with the OpenSSL</div>
<div> 3.0 cryptolib for production code.</div>
<div><br>
</div>
<div> ENGINE and FIPS are not yet fully functional.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18172 Application(s): crypto</div>
<div> Related Id(s): ERIERL-826</div>
<div><br>
</div>
<div> *** POTENTIAL INCOMPATIBILITY ***</div>
<div><br>
</div>
<div> Changed the behaviour of the engine load/unload</div>
<div> functions</div>
<div><br>
</div>
<div> The engine load/unload functions have got changed</div>
<div> semantics to get a more consistent behaviour and work</div>
<div> correct when variables are garbage collected.</div>
<div><br>
</div>
<div> The load functions now don't register the methods for</div>
<div> the engine to replace. That will now be handled with</div>
<div> the new functions engine_register/engine_unregister if</div>
<div> needed.</div>
<div><br>
</div>
<div> Some functions are removed from the documentation and</div>
<div> therefor the API, but they are left in the code for</div>
<div> compatibility.</div>
<div><br>
</div>
<div> -- engine_load/4: is now the same as engine_load/3</div>
<div><br>
</div>
<div> -- engine_unload/2: is now the same as engine_unload/1</div>
<div><br>
</div>
<div> -- ensure_engine_loaded/3: is now the same as</div>
<div> ensure_engine_loaded/2</div>
<div><br>
</div>
<div> -- ensure_engine_unloaded/1, ensure_engine_unloaded/2:</div>
<div> is now the same as engine_unload/1</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18241 Application(s): ssl</div>
<div><br>
</div>
<div> A vulnerability has been discovered and corrected. It</div>
<div> is registered as CVE-2022-37026 "Client Authentication</div>
<div> Bypass". Corrections have been released on the</div>
<div> supported tracks with patches 23.3.4.15, 24.3.4.2, and</div>
<div> 25.0.2. The vulnerability might also exist in older OTP</div>
<div> versions. We recommend that impacted users upgrade to</div>
<div> one of these versions or later on the respective</div>
<div> tracks. OTP 25.1 would be an even better choice.</div>
<div> Impacted are those who are running an ssl/tls/dtls</div>
<div> server using the ssl application either directly or</div>
<div> indirectly via other applications. For example via</div>
<div> inets (httpd), cowboy, etc. Note that the vulnerability</div>
<div> only affects servers that request client certification,</div>
<div> that is sets the option {verify, verify_peer}.</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- POTENTIAL INCOMPATIBILITIES -------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> OTP-18172 Application(s): crypto</div>
<div> Related Id(s): ERIERL-826</div>
<div><br>
</div>
<div> *** HIGHLIGHT ***</div>
<div><br>
</div>
<div> Changed the behaviour of the engine load/unload</div>
<div> functions</div>
<div><br>
</div>
<div> The engine load/unload functions have got changed</div>
<div> semantics to get a more consistent behaviour and work</div>
<div> correct when variables are garbage collected.</div>
<div><br>
</div>
<div> The load functions now don't register the methods for</div>
<div> the engine to replace. That will now be handled with</div>
<div> the new functions engine_register/engine_unregister if</div>
<div> needed.</div>
<div><br>
</div>
<div> Some functions are removed from the documentation and</div>
<div> therefor the API, but they are left in the code for</div>
<div> compatibility.</div>
<div><br>
</div>
<div> -- engine_load/4: is now the same as engine_load/3</div>
<div><br>
</div>
<div> -- engine_unload/2: is now the same as engine_unload/1</div>
<div><br>
</div>
<div> -- ensure_engine_loaded/3: is now the same as</div>
<div> ensure_engine_loaded/2</div>
<div><br>
</div>
<div> -- ensure_engine_unloaded/1, ensure_engine_unloaded/2:</div>
<div> is now the same as engine_unload/1</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18239 Application(s): stdlib</div>
<div><br>
</div>
<div> When changing callback module in gen_statem the</div>
<div> state_enter calls flag from the old module was used in</div>
<div> for the first event in the new module, which could</div>
<div> confuse the new module and cause malfunction. This bug</div>
<div> has been corrected.</div>
<div><br>
</div>
<div> With this change some sys debug message formats have</div>
<div> been modified, which can be a problem for debug code</div>
<div> relying on the format.</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- OTP-25.1 --------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- asn1-5.0.20 -----------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The asn1-5.0.20 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of asn1-5.0.20: erts-11.0, kernel-7.0,</div>
<div> stdlib-3.13</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- common_test-1.23.1 ----------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The common_test-1.23.1 application can be applied independently of</div>
<div> other applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18208 Application(s): common_test</div>
<div> Related Id(s): ERIERL-852, PR-6229</div>
<div><br>
</div>
<div> Fix cth_surefire to handle when a suite is not compiled</div>
<div> with debug_info. This bug has been present since</div>
<div> Erlang/OTP 25.0.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18138 Application(s): common_test</div>
<div> Related Id(s): GH-5719, PR-6029</div>
<div><br>
</div>
<div> Common Test now preserves stack traces for throws.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of common_test-1.23.1: compiler-6.0,</div>
<div> crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,</div>
<div> observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,</div>
<div> stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- compiler-8.2.1 --------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The compiler-8.2.1 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18125 Application(s): compiler</div>
<div> Related Id(s): GH-6026</div>
<div><br>
</div>
<div> The compiler will now forbid using the empty atom '' as</div>
<div> module name. Also forbidden are modules names</div>
<div> containing control characters, and module names</div>
<div> containing only spaces and soft hyphens.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18162 Application(s): compiler</div>
<div> Related Id(s): PR-6102</div>
<div><br>
</div>
<div> The bin_opt_info and recv_opt_info options would cause</div>
<div> the compiler to crash when attempting to compile</div>
<div> generated code without location information.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18182 Application(s): compiler</div>
<div> Related Id(s): GH-6163</div>
<div><br>
</div>
<div> In rare circumstances involving floating point</div>
<div> operations, the compiler could terminate with an</div>
<div> internal consistency check failure.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18183 Application(s): compiler</div>
<div> Related Id(s): GH-6169</div>
<div><br>
</div>
<div> In rare circumstances when doing arithmetic</div>
<div> instructions on non-numbers, the compiler could crash.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18184 Application(s): compiler</div>
<div> Related Id(s): GH-6164</div>
<div><br>
</div>
<div> In rare circumstances, complex boolean expressions in</div>
<div> nested cases could cause the compiler to crash.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18186 Application(s): compiler</div>
<div><br>
</div>
<div> Expression similar to #{assoc:=V} = #key=>self()}, V</div>
<div> would return the empty map instead of raising an</div>
<div> exception.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18187 Application(s): compiler</div>
<div> Related Id(s): GH-6184</div>
<div><br>
</div>
<div> Eliminated a crash in the beam_ssa_bool pass of the</div>
<div> compiler when compiling a complex guard expression.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18202 Application(s): compiler</div>
<div> Related Id(s): GH-6222</div>
<div><br>
</div>
<div> In rare circumstances, the compiler could crash with an</div>
<div> internal consistency check failure.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18214 Application(s): compiler</div>
<div> Related Id(s): GH-6158</div>
<div><br>
</div>
<div> When compiling with the option inline_list_funcs, the</div>
<div> compiler could produce a nonsensical warning.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18234 Application(s): compiler</div>
<div> Related Id(s): GH-6277</div>
<div><br>
</div>
<div> When given the no_ssa_opt option, the compiler could</div>
<div> terminate with an internal consistency failure</div>
<div> diagnostic when compiling map matching.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18050 Application(s): compiler</div>
<div><br>
</div>
<div> Made warnings for existing atoms being keywords in</div>
<div> experimental features more precise, by not warning</div>
<div> about quoted atoms.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of compiler-8.2.1: crypto-5.1, erts-13.0,</div>
<div> kernel-8.4, stdlib-4.0</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- crypto-5.1.2 ----------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The crypto-5.1.2 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18147 Application(s): crypto</div>
<div> Related Id(s): GH-6024, PR-6056</div>
<div><br>
</div>
<div> Fix configure with --with-ssl and</div>
<div> --disable-dynamic-ssl-lib on Windows.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18152 Application(s): crypto</div>
<div><br>
</div>
<div> Remove all references correctly in the garbage</div>
<div> collection if an engine handle was not explicit</div>
<div> unloaded.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18172 Application(s): crypto</div>
<div> Related Id(s): ERIERL-826</div>
<div><br>
</div>
<div> *** HIGHLIGHT ***</div>
<div><br>
</div>
<div> *** POTENTIAL INCOMPATIBILITY ***</div>
<div><br>
</div>
<div> Changed the behaviour of the engine load/unload</div>
<div> functions</div>
<div><br>
</div>
<div> The engine load/unload functions have got changed</div>
<div> semantics to get a more consistent behaviour and work</div>
<div> correct when variables are garbage collected.</div>
<div><br>
</div>
<div> The load functions now don't register the methods for</div>
<div> the engine to replace. That will now be handled with</div>
<div> the new functions engine_register/engine_unregister if</div>
<div> needed.</div>
<div><br>
</div>
<div> Some functions are removed from the documentation and</div>
<div> therefor the API, but they are left in the code for</div>
<div> compatibility.</div>
<div><br>
</div>
<div> -- engine_load/4: is now the same as engine_load/3</div>
<div><br>
</div>
<div> -- engine_unload/2: is now the same as engine_unload/1</div>
<div><br>
</div>
<div> -- ensure_engine_loaded/3: is now the same as</div>
<div> ensure_engine_loaded/2</div>
<div><br>
</div>
<div> -- ensure_engine_unloaded/1, ensure_engine_unloaded/2:</div>
<div> is now the same as engine_unload/1</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18200 Application(s): crypto</div>
<div><br>
</div>
<div> Fixed a naming bug for AES-CFB and Blowfish-CFB/OFB</div>
<div> when linked with OpenSSL 3.0 cryptolib.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18205 Application(s): crypto, public_key</div>
<div> Related Id(s): GH-6219</div>
<div><br>
</div>
<div> Sign/verify does now behave as in OTP-24 and earlier</div>
<div> for eddsa.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18037 Application(s): crypto</div>
<div><br>
</div>
<div> Pass elliptic curve names from crypto.erl to crypto's</div>
<div> nif.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18133 Application(s): crypto</div>
<div><br>
</div>
<div> The configure option --disable-deprecated-warnings is</div>
<div> removed. It was used for some releases when the support</div>
<div> for OpenSSL 3.0 was not completed. It is not needed in</div>
<div> OTP 25.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18153 Application(s): crypto</div>
<div><br>
</div>
<div> *** HIGHLIGHT ***</div>
<div><br>
</div>
<div> Crypto is now considered to be usable with the OpenSSL</div>
<div> 3.0 cryptolib for production code.</div>
<div><br>
</div>
<div> ENGINE and FIPS are not yet fully functional.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18217 Application(s): crypto</div>
<div><br>
</div>
<div> Do not exit if the legacy provider is missing in</div>
<div> libcrypto 3.0.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of crypto-5.1.2: erts-9.0, kernel-5.3,</div>
<div> stdlib-3.9</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- dialyzer-5.0.2 --------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The dialyzer-5.0.2 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18127 Application(s): dialyzer</div>
<div> Related Id(s): ERIERL-817</div>
<div><br>
</div>
<div> Two bugs have been fixed in Dialyzer's checking of</div>
<div> behaviors:</div>
<div><br>
</div>
<div> When a *mandatory* callback function is present but not</div>
<div> exported, Dialyzer would not complain about a missing</div>
<div> callback.</div>
<div><br>
</div>
<div> When an *optional* callback function was not exported</div>
<div> and had incompatible arguments and/or the return values</div>
<div> were incompatible, Dialyzer would complain. This has</div>
<div> been changed to suppress the warning, because the</div>
<div> function might not be intended to be a callback</div>
<div> function, for instance if a release added a new</div>
<div> optional callback function (such as format_status/1 for</div>
<div> the gen_server behaviour added in OTP 25).</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18148 Application(s): dialyzer</div>
<div> Related Id(s): PR-6068</div>
<div><br>
</div>
<div> The no_extra_return and no_missing_return warnings can</div>
<div> now be suppressed through -dialyzer directives in</div>
<div> source code.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of dialyzer-5.0.2: compiler-8.0, erts-12.0,</div>
<div> kernel-8.0, stdlib-3.15, syntax_tools-2.0, wx-2.0</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- diameter-2.2.7 --------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The diameter-2.2.7 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of diameter-2.2.7: erts-10.0, kernel-3.2,</div>
<div> ssl-9.0, stdlib-3.0</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- erl_docgen-1.4 --------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The erl_docgen-1.4 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18244 Application(s): erl_docgen</div>
<div><br>
</div>
<div> Update DTD to allow XML tag em under pre.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of erl_docgen-1.4: edoc-1.0, erts-11.0,</div>
<div> kernel-8.0, stdlib-3.15, xmerl-1.3.7</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- erts-13.1 -------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> Note! The erts-13.1 application *cannot* be applied independently of</div>
<div> other applications on an arbitrary OTP 25 installation.</div>
<div><br>
</div>
<div> On a full OTP 25 installation, also the following runtime</div>
<div> dependencies have to be satisfied:</div>
<div> -- kernel-8.5 (first satisfied in OTP 25.1)</div>
<div> -- stdlib-4.1 (first satisfied in OTP 25.1)</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-17934 Application(s): erts, kernel, stdlib</div>
<div> Related Id(s): PR-6007</div>
<div><br>
</div>
<div> Fixed inconsistency bugs in global due to</div>
<div> nodeup/nodedown messages not being delivered</div>
<div> before/after traffic over connections. Also fixed</div>
<div> various other inconsistency bugs and deadlocks in both</div>
<div> global_group and global.</div>
<div><br>
</div>
<div> As building blocks for these fixes, a new BIF</div>
<div> erlang:nodes/2 has been introduced and</div>
<div> net_kernel:monitor_nodes/2 has been extended.</div>
<div><br>
</div>
<div> The -hidden and -connect_all command line arguments did</div>
<div> not work if multiple instances were present on the</div>
<div> command line which has been fixed. The new kernel</div>
<div> parameter connect_all has also been introduced in order</div>
<div> to replace the -connect_all command line argument.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18091 Application(s): erts, kernel</div>
<div> Related Id(s): #5789</div>
<div><br>
</div>
<div> Fixed IPv6 multicast_if and membership socket options.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18093 Application(s): erts</div>
<div> Related Id(s): OTP-18104, PR-5987</div>
<div><br>
</div>
<div> Accept funs (NEW_FUN_EXT) with incorrectly encoded size</div>
<div> field. This is a workaround for a bug (OTP-18104)</div>
<div> existing in OTP 23 and 24 that could cause incorrect</div>
<div> size fields in certain cases. The emulator does not use</div>
<div> the decoded size field, but erl_interface still does</div>
<div> and is not helped by this workaround.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18102 Application(s): erts, kernel</div>
<div> Related Id(s): #5904</div>
<div><br>
</div>
<div> Fixed issue with inet:getifaddrs hanging on pure IPv6</div>
<div> Windows</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18104 Application(s): erts</div>
<div> Related Id(s): OTP-18093</div>
<div><br>
</div>
<div> Fix faulty distribution encoding of terms with either</div>
<div><br>
</div>
<div> -- a fun with bit-string or export-fun in its</div>
<div> environment when encoded toward a not yet established</div>
<div> (pending) connection</div>
<div><br>
</div>
<div> -- or a fun with a binary/bitstring, in its</div>
<div> environment, referring to an off-heap binary (larger</div>
<div> than 64 bytes).</div>
<div><br>
</div>
<div> The symptom could be failed decoding on the receiving</div>
<div> side leading to aborted connection. Fix OTP-18093 is a</div>
<div> workaround for theses bugs that makes the VM accepts</div>
<div> such faulty encoded funs.</div>
<div><br>
</div>
<div> The first encoding bug toward pending connection exists</div>
<div> only in OTP 23 and 24, but the second one exists also</div>
<div> on OTP 25.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18144 Application(s): erts</div>
<div> Related Id(s): GH-5981</div>
<div><br>
</div>
<div> Fixed emulator crash that could happen during crashdump</div>
<div> generation of ETS tables with options ordered_set and</div>
<div> {write_concurrency,true}.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18160 Application(s): erts</div>
<div> Related Id(s): PR-6103</div>
<div><br>
</div>
<div> Retrieval of monotonic and system clock resolution on</div>
<div> MacOS could cause a crash and/or erroneous results.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18161 Application(s): erts</div>
<div> Related Id(s): PR-6081</div>
<div><br>
</div>
<div> Fix bug where the max allowed size of erl +hmax was</div>
<div> lower than what was allowed by process_flag.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18201 Application(s): erts</div>
<div><br>
</div>
<div> On computers with ARM64 (AArch64) processors, the JIT</div>
<div> could generate incorrect code when more than 4095 bits</div>
<div> were skipped at the tail end of a binary match.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18216 Application(s): erts</div>
<div> Related Id(s): GH-6239, PR-6240</div>
<div><br>
</div>
<div> In rare circumstances, an is_binary/1 guard test could</div>
<div> succeed when given a large integer.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18218 Application(s): erts</div>
<div> Related Id(s): ERIERL-855</div>
<div><br>
</div>
<div> Fix bug causing ets:info (and sometimes ets:whereis) to</div>
<div> return 'undefined' for an existing table if a</div>
<div> concurrent process were doing ets:insert with a long</div>
<div> list on the same table.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18222 Application(s): erts</div>
<div> Related Id(s): GH-6242, PR-6248</div>
<div><br>
</div>
<div> Fix writing and reading of more than 2 GB in a single</div>
<div> read/write operation on macOS. Before this fix</div>
<div> attempting to read/write more than 2GB would result in</div>
<div> {error,einval}.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18243 Application(s): erts</div>
<div> Related Id(s): GH-6247, PR-6258</div>
<div><br>
</div>
<div> Fix bug sometimes causing emulator crash at node</div>
<div> shutdown when there are pending connections. Only seen</div>
<div> when running duel distribution protocols, inet_drv and</div>
<div> inet_tls_dist.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-17340 Application(s): erts</div>
<div> Related Id(s): PR-6133</div>
<div><br>
</div>
<div> Yield when adjusting large process message queues due</div>
<div> to</div>
<div><br>
</div>
<div> -- copying terms from a literal area prior to removing</div>
<div> the literal area.</div>
<div><br>
</div>
<div> -- changing the message_queue_data state from on_heap</div>
<div> to off_heap.</div>
<div><br>
</div>
<div> The message queue adjustment work will now be</div>
<div> interleaved with all other types of work that processes</div>
<div> have to do, even other message queue adjustment work.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18032 Application(s): erts, kernel</div>
<div><br>
</div>
<div> Add rudimentary debug feature (option) for the</div>
<div> inet-driver based sockets, such as gen_tcp and gen_udp.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18107 Application(s): erts, kernel</div>
<div> Related Id(s): PR-6009</div>
<div><br>
</div>
<div> Introduced the hidden and dist_listen options to</div>
<div> net_kernel:start/2.</div>
<div><br>
</div>
<div> Also documented the -dist_listen command line argument</div>
<div> which was erroneously documented as a kernel parameter</div>
<div> and not as a command line argument.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18109 Application(s): erts</div>
<div><br>
</div>
<div> New documentation chapter "Debugging NIFs and Port</div>
<div> Drivers" under Interoperability Tutorial.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18199 Application(s): erts, stdlib</div>
<div> Related Id(s): PR-5790</div>
<div><br>
</div>
<div> Add new API function erl_features:configurable/0</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of erts-13.1: kernel-8.5, sasl-3.3,</div>
<div> stdlib-4.1</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- eunit-2.8 -------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The eunit-2.8 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18181 Application(s): eunit</div>
<div> Related Id(s): ERL-97, GH-3064, PR-5461</div>
<div><br>
</div>
<div> With this change, Eunit can optionally not try to</div>
<div> execute related module with "_tests" suffix. This might</div>
<div> be used for avoiding duplicated executions when source</div>
<div> and test modules are located in the same folder.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of eunit-2.8: erts-9.0, kernel-5.3,</div>
<div> stdlib-3.4</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- inets-8.1 -------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The inets-8.1 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18118 Application(s): inets</div>
<div><br>
</div>
<div> Add httpc:ssl_verify_host_options/1 to help setting</div>
<div> default ssl options for the https client.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18178 Application(s): inets, ssh</div>
<div> Related Id(s): ERIERL-833, ERIERL-834, ERIERL-835</div>
<div><br>
</div>
<div> This change fixes dialyzer warnings generated for</div>
<div> inets/httpd examples (includes needed adjustment of</div>
<div> spec for ssh_sftp module).</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18193 Application(s): inets</div>
<div> Related Id(s): GH-6122</div>
<div><br>
</div>
<div> Remove documentation of no longer supported callback.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of inets-8.1: erts-6.0, kernel-6.0,</div>
<div> mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0,</div>
<div> stdlib-4.0</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- jinterface-1.13.1 -----------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The jinterface-1.13.1 application can be applied independently of</div>
<div> other applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18215 Application(s): jinterface</div>
<div> Related Id(s): PR-6154</div>
<div><br>
</div>
<div> Fix javadoc build error by adding option -encoding</div>
<div> UTF-8.</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- kernel-8.5 ------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> Note! The kernel-8.5 application *cannot* be applied independently of</div>
<div> other applications on an arbitrary OTP 25 installation.</div>
<div><br>
</div>
<div> On a full OTP 25 installation, also the following runtime</div>
<div> dependency has to be satisfied:</div>
<div> -- erts-13.1 (first satisfied in OTP 25.1)</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-17934 Application(s): erts, kernel, stdlib</div>
<div> Related Id(s): PR-6007</div>
<div><br>
</div>
<div> Fixed inconsistency bugs in global due to</div>
<div> nodeup/nodedown messages not being delivered</div>
<div> before/after traffic over connections. Also fixed</div>
<div> various other inconsistency bugs and deadlocks in both</div>
<div> global_group and global.</div>
<div><br>
</div>
<div> As building blocks for these fixes, a new BIF</div>
<div> erlang:nodes/2 has been introduced and</div>
<div> net_kernel:monitor_nodes/2 has been extended.</div>
<div><br>
</div>
<div> The -hidden and -connect_all command line arguments did</div>
<div> not work if multiple instances were present on the</div>
<div> command line which has been fixed. The new kernel</div>
<div> parameter connect_all has also been introduced in order</div>
<div> to replace the -connect_all command line argument.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18091 Application(s): erts, kernel</div>
<div> Related Id(s): #5789</div>
<div><br>
</div>
<div> Fixed IPv6 multicast_if and membership socket options.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18102 Application(s): erts, kernel</div>
<div> Related Id(s): #5904</div>
<div><br>
</div>
<div> Fixed issue with inet:getifaddrs hanging on pure IPv6</div>
<div> Windows</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18115 Application(s): kernel</div>
<div> Related Id(s): PR-5939</div>
<div><br>
</div>
<div> The type specifications for inet:getopts/2 and</div>
<div> inet:setopts/2 have been corrected regarding SCTP</div>
<div> options.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18121 Application(s): kernel</div>
<div> Related Id(s): PR-5972</div>
<div><br>
</div>
<div> The type specifications for inet:parse_* have been</div>
<div> tightened.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18171 Application(s): kernel</div>
<div> Related Id(s): PR-6131</div>
<div><br>
</div>
<div> Fix gen_tcp:connect/3 spec to include the inet_backend</div>
<div> option.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18229 Application(s): kernel</div>
<div> Related Id(s): PR-6212</div>
<div><br>
</div>
<div> Fix bug where using a binary as the format when calling</div>
<div> logger:log(Level, Format, Args) (or any other logging</div>
<div> function) would cause a crash or incorrect logging.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18032 Application(s): erts, kernel</div>
<div><br>
</div>
<div> Add rudimentary debug feature (option) for the</div>
<div> inet-driver based sockets, such as gen_tcp and gen_udp.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18107 Application(s): erts, kernel</div>
<div> Related Id(s): PR-6009</div>
<div><br>
</div>
<div> Introduced the hidden and dist_listen options to</div>
<div> net_kernel:start/2.</div>
<div><br>
</div>
<div> Also documented the -dist_listen command line argument</div>
<div> which was erroneously documented as a kernel parameter</div>
<div> and not as a command line argument.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18163 Application(s): kernel</div>
<div> Related Id(s): PR-6058, PR-6275</div>
<div><br>
</div>
<div> Scope and group monitoring have been introduced in pg.</div>
<div> For more information see the documentation of</div>
<div> pg:monitor_scope(), pg:monitor(), and pg:demonitor().</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18232 Application(s): kernel</div>
<div> Related Id(s): OTP-17843, PR-6264</div>
<div><br>
</div>
<div> A new function global:disconnect/0 has been introduced</div>
<div> with which one can cleanly disconnect a node from all</div>
<div> other nodes in a cluster of global nodes.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of kernel-8.5: crypto-5.0, erts-13.1,</div>
<div> sasl-3.0, stdlib-4.0</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- megaco-4.4.1 ----------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The megaco-4.4.1 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18179 Application(s): megaco</div>
<div> Related Id(s): ERIERL-836</div>
<div><br>
</div>
<div> Fixed various dialyzer related issues in the examples</div>
<div> and the application proper.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of megaco-4.4.1: asn1-3.0, debugger-4.0,</div>
<div> erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- observer-2.13 ---------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The observer-2.13 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18151 Application(s): observer</div>
<div> Related Id(s): PR-6063</div>
<div><br>
</div>
<div> Fixed units in gui.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of observer-2.13: erts-11.0, et-1.5,</div>
<div> kernel-8.1, runtime_tools-1.19, stdlib-3.13, wx-1.2</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- parsetools-2.4.1 ------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The parsetools-2.4.1 application can be applied independently of</div>
<div> other applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of parsetools-2.4.1: erts-6.0, kernel-3.0,</div>
<div> stdlib-3.4</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- public_key-1.13.1 -----------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The public_key-1.13.1 application can be applied independently of</div>
<div> other applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18154 Application(s): public_key</div>
<div> Related Id(s): PR-6002</div>
<div><br>
</div>
<div> Support more Linux distributions in cacerts_load/0.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18189 Application(s): public_key</div>
<div> Related Id(s): ERIERL-829</div>
<div><br>
</div>
<div> Correct asn1 typenames available in type</div>
<div> pki_asn1_type()</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18205 Application(s): crypto, public_key</div>
<div> Related Id(s): GH-6219</div>
<div><br>
</div>
<div> Sign/verify does now behave as in OTP-24 and earlier</div>
<div> for eddsa.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of public_key-1.13.1: asn1-3.0, crypto-4.6,</div>
<div> erts-6.0, kernel-3.0, stdlib-3.5</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- snmp-5.13.1 -----------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The snmp-5.13.1 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-17115 Application(s): snmp</div>
<div> Related Id(s): ERIERL-456</div>
<div><br>
</div>
<div> Improved the get-bulk response max size calculation.</div>
<div> Its now possible to configure 'empty pdu size', see</div>
<div> appendix c for more info.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18180 Application(s): snmp</div>
<div> Related Id(s): ERIERL-837</div>
<div><br>
</div>
<div> Fix various example dialyzer issues</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of snmp-5.13.1: crypto-4.6, erts-12.0,</div>
<div> kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- ssh-4.15 --------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The ssh-4.15 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18220 Application(s): ssh</div>
<div> Related Id(s): ERIERL-661, ERIERL-666</div>
<div><br>
</div>
<div> Handling rare race condition at channel close.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18134 Application(s): ssh</div>
<div> Related Id(s): GH-6021</div>
<div><br>
</div>
<div> New ssh option no_auth_needed to skip the ssh</div>
<div> authentication. Use with caution!</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18178 Application(s): inets, ssh</div>
<div> Related Id(s): ERIERL-833, ERIERL-834, ERIERL-835</div>
<div><br>
</div>
<div> This change fixes dialyzer warnings generated for</div>
<div> inets/httpd examples (includes needed adjustment of</div>
<div> spec for ssh_sftp module).</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18196 Application(s): ssh</div>
<div><br>
</div>
<div> The new function ssh:daemon_replace_options/2 makes it</div>
<div> possible to change the Options in a running SSH server.</div>
<div><br>
</div>
<div> Established connections are not affected, only those</div>
<div> created after the call to this new function.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18207 Application(s): ssh</div>
<div> Related Id(s): PR-6231</div>
<div><br>
</div>
<div> Add a timeout as option max_initial_idle_time. It</div>
<div> closes a connection that does not allocate a channel</div>
<div> within the timeout time.</div>
<div><br>
</div>
<div> For more information about timeouts, see the Timeouts</div>
<div> section in the User's Guide Hardening chapter.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of ssh-4.15: crypto-5.0, erts-11.0,</div>
<div> kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- ssl-10.8.4 ------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> Note! The ssl-10.8.4 application *cannot* be applied independently of</div>
<div> other applications on an arbitrary OTP 25 installation.</div>
<div><br>
</div>
<div> On a full OTP 25 installation, also the following runtime</div>
<div> dependency has to be satisfied:</div>
<div> -- stdlib-4.1 (first satisfied in OTP 25.1)</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-18044 Application(s): ssl</div>
<div><br>
</div>
<div> Reject unexpected application data in all relevant</div>
<div> places for all TLS versions. Also, handle TLS-1.3</div>
<div> middlebox compatibility with more care. This will make</div>
<div> malicious connections fail early and further, mitigate</div>
<div> possible DoS attacks, that would be caught by the</div>
<div> handshake timeout.</div>
<div><br>
</div>
<div> Thanks to Aina Toky Rasoamanana and Olivier Levillain</div>
<div> from Télécom SudParis for alerting us of the issues in</div>
<div> our implementation.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18099 Application(s): ssl</div>
<div> Related Id(s): PR-6287</div>
<div><br>
</div>
<div> With this change, value of cacertfile option will be</div>
<div> adjusted before loading certs from the file.</div>
<div> Adjustments include converting relative paths to</div>
<div> absolute and converting symlinks to actual file path.</div>
<div><br>
</div>
<div> Thanks to Marcus Johansson</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18191 Application(s): ssl</div>
<div> Related Id(s): GH-6105</div>
<div><br>
</div>
<div> In TLS-1.3, if chain certs are missing (so server auth</div>
<div> domain adherence can not be determined) send peer cert</div>
<div> and hope the server is able to recreate a chain in its</div>
<div> auth domain.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18195 Application(s): ssl</div>
<div><br>
</div>
<div> Make sure periodical refresh of CA certificate files</div>
<div> repopulates cache properly.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18203 Application(s): ssl</div>
<div> Related Id(s): PR-5996</div>
<div><br>
</div>
<div> Correct internal CRL cache functions to use internal</div>
<div> format consistently.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18219 Application(s): ssl</div>
<div> Related Id(s): GH-6241, PR-6249</div>
<div><br>
</div>
<div> Incorrect handling of client middlebox negotiation for</div>
<div> TLS-1.3 could result in that a TLS-1.3 server would not</div>
<div> use middlebox mode although the client was expecting it</div>
<div> too and failing the negotiation with unexpected</div>
<div> message.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18233 Application(s): ssl</div>
<div> Related Id(s): GH-6244, PR-6270</div>
<div><br>
</div>
<div> If the "User" process, the process starting the TLS</div>
<div> connection, gets killed in the middle of spawning the</div>
<div> dynamic connection tree make sure we do not leave any</div>
<div> processes behind.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18241 Application(s): ssl</div>
<div><br>
</div>
<div> *** HIGHLIGHT ***</div>
<div><br>
</div>
<div> A vulnerability has been discovered and corrected. It</div>
<div> is registered as CVE-2022-37026 "Client Authentication</div>
<div> Bypass". Corrections have been released on the</div>
<div> supported tracks with patches 23.3.4.15, 24.3.4.2, and</div>
<div> 25.0.2. The vulnerability might also exist in older OTP</div>
<div> versions. We recommend that impacted users upgrade to</div>
<div> one of these versions or later on the respective</div>
<div> tracks. OTP 25.1 would be an even better choice.</div>
<div> Impacted are those who are running an ssl/tls/dtls</div>
<div> server using the ssl application either directly or</div>
<div> indirectly via other applications. For example via</div>
<div> inets (httpd), cowboy, etc. Note that the vulnerability</div>
<div> only affects servers that request client certification,</div>
<div> that is sets the option {verify, verify_peer}.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of ssl-10.8.4: crypto-5.0, erts-10.0,</div>
<div> inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1,</div>
<div> stdlib-4.1</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- stdlib-4.1 ------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> Note! The stdlib-4.1 application *cannot* be applied independently of</div>
<div> other applications on an arbitrary OTP 25 installation.</div>
<div><br>
</div>
<div> On a full OTP 25 installation, also the following runtime</div>
<div> dependency has to be satisfied:</div>
<div> -- erts-13.1 (first satisfied in OTP 25.1)</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Fixed Bugs and Malfunctions ---</div>
<div><br>
</div>
<div> OTP-17934 Application(s): erts, kernel, stdlib</div>
<div> Related Id(s): PR-6007</div>
<div><br>
</div>
<div> Fixed inconsistency bugs in global due to</div>
<div> nodeup/nodedown messages not being delivered</div>
<div> before/after traffic over connections. Also fixed</div>
<div> various other inconsistency bugs and deadlocks in both</div>
<div> global_group and global.</div>
<div><br>
</div>
<div> As building blocks for these fixes, a new BIF</div>
<div> erlang:nodes/2 has been introduced and</div>
<div> net_kernel:monitor_nodes/2 has been extended.</div>
<div><br>
</div>
<div> The -hidden and -connect_all command line arguments did</div>
<div> not work if multiple instances were present on the</div>
<div> command line which has been fixed. The new kernel</div>
<div> parameter connect_all has also been introduced in order</div>
<div> to replace the -connect_all command line argument.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18139 Application(s): stdlib</div>
<div> Related Id(s): PR-6060</div>
<div><br>
</div>
<div> Fix the public_key:ssh* functions to be listed under</div>
<div> the correct release in the Removed Functionality User's</div>
<div> Guide.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18142 Application(s): stdlib</div>
<div> Related Id(s): PR-6078</div>
<div><br>
</div>
<div> The type spec for format_status/1 in gen_statem,</div>
<div> gen_server and gen_event has been corrected to state</div>
<div> that the return value is of the same type as the</div>
<div> argument (instead of the same value as the argument).</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18146 Application(s): stdlib</div>
<div> Related Id(s): PR-5983</div>
<div><br>
</div>
<div> If the timer server child spec was already present in</div>
<div> kernel_sup but it was not started, the timer server</div>
<div> would fail to start with an {error, already_present}</div>
<div> error instead of restarting the server.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18239 Application(s): stdlib</div>
<div><br>
</div>
<div> *** POTENTIAL INCOMPATIBILITY ***</div>
<div><br>
</div>
<div> When changing callback module in gen_statem the</div>
<div> state_enter calls flag from the old module was used in</div>
<div> for the first event in the new module, which could</div>
<div> confuse the new module and cause malfunction. This bug</div>
<div> has been corrected.</div>
<div><br>
</div>
<div> With this change some sys debug message formats have</div>
<div> been modified, which can be a problem for debug code</div>
<div> relying on the format.</div>
<div><br>
</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18166 Application(s): stdlib</div>
<div> Related Id(s): PR-6108</div>
<div><br>
</div>
<div> The rfc339_to_system_time/1,2 functions now allows the</div>
<div> minutes part to be omitted from the time zone.</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18194 Application(s): stdlib</div>
<div> Related Id(s): PR-6199</div>
<div><br>
</div>
<div> The receive statement in gen_event has been optimized</div>
<div> to not use selective receive (which was never needed,</div>
<div> and could cause severe performance degradation under</div>
<div> heavy load).</div>
<div><br>
</div>
<div><br>
</div>
<div> OTP-18199 Application(s): erts, stdlib</div>
<div> Related Id(s): PR-5790</div>
<div><br>
</div>
<div> Add new API function erl_features:configurable/0</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of stdlib-4.1: compiler-5.0, crypto-4.5,</div>
<div> erts-13.1, kernel-8.4, sasl-3.0</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> --- xmerl-1.3.30 ----------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div><br>
</div>
<div> The xmerl-1.3.30 application can be applied independently of other</div>
<div> applications on a full OTP 25 installation.</div>
<div><br>
</div>
<div> --- Improvements and New Features ---</div>
<div><br>
</div>
<div> OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,</div>
<div> parsetools, stdlib, xmerl</div>
<div> Related Id(s): PR-5965</div>
<div><br>
</div>
<div> There is a new configure option,</div>
<div> --enable-deterministic-build, which will apply the</div>
<div> deterministic compiler option when building Erlang/OTP.</div>
<div> The deterministic option has been improved to eliminate</div>
<div> more sources of non-determinism in several</div>
<div> applications.</div>
<div><br>
</div>
<div><br>
</div>
<div> Full runtime dependencies of xmerl-1.3.30: erts-6.0, kernel-3.0,</div>
<div> stdlib-2.5</div>
<div><br>
</div>
<div><br>
</div>
<div> ---------------------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div> ---------------------------------------------------------------------</div>
<div></div>
</body>
</html>