```
Patch Package:           OTP 27.3.1
Git Tag:                 OTP-27.3.1
Date:                    2025-03-28
Trouble Report Id:       OTP-19391, OTP-19437, OTP-19469, OTP-19525,
                         OTP-19527, OTP-19529, OTP-19542, OTP-19543,
                         OTP-19545, OTP-19546, OTP-19547, OTP-19548,
                         OTP-19549, OTP-19559
Seq num:                 #9172, CVE-2025-30211, ERIERL-1204,
                         ERIERL-1205, ERIERL-1206, GH-8891, GH-9483,
                         GH-9554, OTP-19472, OTP-19544, PR-9221,
                         PR-9486, PR-9534, PR-9545, PR-9553, PR-9577,
                         PR-9587, PR-9588, PR-9596, PR-9611, PR-9612
System:                  OTP
Release:                 27
Application:             asn1-5.3.3, erts-15.2.4, kernel-10.2.4,
                         mnesia-4.23.5, ssh-5.2.9, ssl-11.2.10,
                         stdlib-6.2.2
Predecessor:             OTP 27.3
```

Check out the git tag OTP-27.3.1, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.

# OTP-27.3.1

## Fixed Bugs and Malfunctions

- Update used ExDoc version to v0.37.3

  Own Id: OTP-19525  
  Related Id(s): [PR-9553]

# asn1-5.3.3

The asn1-5.3.3 application can be applied independently of other applications on
a full OTP 27 installation.

## Fixed Bugs and Malfunctions

- The JER backend will now include the SIZE constraint in the type info for
  OCTET STRINGs, and a SIZE constraint with a range will now be included for BIT
  STRINGs. This does not change the actual encoding or decoding of JER, but can
  be useful for tools.

  Own Id: OTP-19542  
  Related Id(s): ERIERL-1204, [PR-9588]

## Improvements and New Features

- When using the JSON encoding rules, it is now possible to call the decode/2
  function in the following way with data that has already been decoded by
  json:decode/1:

  ```
  SomeModule:decode(Type, {json_decoded, Decoded}).
  ```

  Own Id: OTP-19547  
  Related Id(s): ERIERL-1206, [PR-9611]

> #### Full runtime dependencies of asn1-5.3.3
>
> erts-14.0, kernel-9.0, stdlib-5.0

# erts-15.2.4

The erts-15.2.4 application can be applied independently of other applications
on a full OTP 27 installation.

## Fixed Bugs and Malfunctions

- Behavior for socket:recv/3 has been improved. The behavior has also been
  clarified in the documentation.

  Own Id: OTP-19469  
  Related Id(s): [#9172]

- Trace messages due to `receive` tracing could potentially be delayed a very
  long time if the traced process waited in a `receive` expression without
  clauses matching on messages (timed wait), or just did not enter a `receive`
  expression for a very long time.

  Own Id: OTP-19527  
  Related Id(s): [PR-9577]

- Improve the naming of the (internal) esock mutex(es). It is now possible to
  configure (as in autoconf) the use of simple names for the esock mutex(es).

  Own Id: OTP-19548  
  Related Id(s): OTP-19472

> #### Full runtime dependencies of erts-15.2.4
>
> kernel-9.0, sasl-3.3, stdlib-4.1

# kernel-10.2.4

Note! The kernel-10.2.4 application _cannot_ be applied independently of other
applications on an arbitrary OTP 27 installation.

       On a full OTP 27 installation, also the following runtime
       dependency has to be satisfied:
       -- erts-15.1 (first satisfied in OTP 27.1)

## Fixed Bugs and Malfunctions

- Behavior for socket:recv/3 has been improved. The behavior has also been
  clarified in the documentation.

  Own Id: OTP-19469  
  Related Id(s): [#9172]

- An infinite loop in CNAME loop detection that can cause Out Of Memory has been
  fixed. This affected CNAME lookup with the internal DNS resolver.

  Own Id: OTP-19545  
  Related Id(s): [PR-9587], OTP-19544

> #### Full runtime dependencies of kernel-10.2.4
>
> crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0

# mnesia-4.23.5

The mnesia-4.23.5 application can be applied independently of other applications
on a full OTP 27 installation.

## Fixed Bugs and Malfunctions

- With this change mnesia will merge schema of tables using external backends.

  Own Id: OTP-19437  
  Related Id(s): [PR-9534]

> #### Full runtime dependencies of mnesia-4.23.5
>
> erts-9.0, kernel-5.3, stdlib-5.0

# ssh-5.2.9

The ssh-5.2.9 application can be applied independently of other applications on
a full OTP 27 installation.

## Fixed Bugs and Malfunctions

- Reception of malicious KEX init message does not result with ssh daemon
  excessive memory usage.

  Own Id: OTP-19543  
  Related Id(s): [CVE-2025-30211]

- Call to ssh:daemon_replace_options does not crash when argument is not a valid
  daemon ref.

  Own Id: OTP-19559  
  Related Id(s): [GH-9554], [PR-9545]

> #### Full runtime dependencies of ssh-5.2.9
>
> crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1,
> stdlib-5.0, stdlib-6.0

# ssl-11.2.10

Note! The ssl-11.2.10 application _cannot_ be applied independently of other
applications on an arbitrary OTP 27 installation.

       On a full OTP 27 installation, also the following runtime
       dependency has to be satisfied:
       -- public_key-1.16.4 (first satisfied in OTP 27.1.3)

## Fixed Bugs and Malfunctions

- Correct handling of unassigned signature algorithms to properly ignore them
  instead of failing the handshake.

  Own Id: OTP-19529  
  Related Id(s): [GH-9483], [PR-9486]

- Update key mechanism in CRL cache so that CRL DP with same URI path component
  becomes distinguishable from each other.

  Own Id: OTP-19549  
  Related Id(s): [GH-8891], [PR-9612]

## Improvements and New Features

- Add callback for NSS keylogging so that it can work as expected for all
  scenarios.

  Own Id: OTP-19391  
  Related Id(s): [PR-9221]

> #### Full runtime dependencies of ssl-11.2.10
>
> crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4,
> runtime_tools-1.15.1, stdlib-6.0

# stdlib-6.2.2

The stdlib-6.2.2 application can be applied independently of other applications
on a full OTP 27 installation.

## Fixed Bugs and Malfunctions

- Fixed crash when fetching `initial_call` when user code have modified the
  `process_dictionary`.

  Own Id: OTP-19546  
  Related Id(s): ERIERL-1205, [PR-9596]

> #### Full runtime dependencies of stdlib-6.2.2
>
> compiler-5.0, crypto-4.5, erts-15.0, kernel-10.0, sasl-3.0

# Thanks to

Alexandre Rodrigues, Marc Worrell, Sergei Shuvatov, zmstone

[#9172]: https://github.com/erlang/otp/issues/9172
[CVE-2025-30211]: https://nvd.nist.gov/vuln/detail/CVE-2025-30211
[GH-8891]: https://github.com/erlang/otp/issues/8891
[GH-9483]: https://github.com/erlang/otp/issues/9483
[GH-9554]: https://github.com/erlang/otp/issues/9554
[PR-9221]: https://github.com/erlang/otp/pull/9221
[PR-9486]: https://github.com/erlang/otp/pull/9486
[PR-9534]: https://github.com/erlang/otp/pull/9534
[PR-9545]: https://github.com/erlang/otp/pull/9545
[PR-9553]: https://github.com/erlang/otp/pull/9553
[PR-9577]: https://github.com/erlang/otp/pull/9577
[PR-9587]: https://github.com/erlang/otp/pull/9587
[PR-9588]: https://github.com/erlang/otp/pull/9588
[PR-9596]: https://github.com/erlang/otp/pull/9596
[PR-9611]: https://github.com/erlang/otp/pull/9611
[PR-9612]: https://github.com/erlang/otp/pull/9612