``` Patch Package: OTP 27.3.4.14 Git Tag: OTP-27.3.4.14 Date: 2026-07-02 Trouble Report Id: OTP-20183, OTP-20185, OTP-20186, OTP-20190, OTP-20191, OTP-20194, OTP-20197, OTP-20200, OTP-20206, OTP-20207, OTP-20208, OTP-20211, OTP-20215, OTP-20216, OTP-20217, OTP-20220, OTP-20226, OTP-20230, OTP-20231, OTP-20232 Seq num: CVE-2026-53422, CVE-2026-54886, CVE-2026-54887, CVE-2026-54891, CVE-2026-55950, CVE-2026-55952, ERIERL-1333, GH-SA-7wp4-pc27-2vj9, GH-SA-h9pw-h5w4-h976, PR-11215, PR-11230, PR-11239, PR-11250, PR-11259, PR-11268, PR-11269, PR-11270, PR-11271, PR-11274, PR-11282, PR-11283, PR-11294, PR-11295, PR-11299, PR-11302, PR-11306, PR-11307, PR-11309, PR-11311 System: OTP Release: 27 Application: common_test-1.27.7.1, crypto-5.5.3.3, erts-15.2.7.10, public_key-1.17.1.4, ssh-5.2.11.9, ssl-11.2.12.10 Predecessor: OTP 27.3.4.13 ``` Check out the git tag OTP-27.3.4.14, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. # common_test-1.27.7.1 The common_test-1.27.7.1 application can be applied independently of other applications on a full OTP 27 installation. ## Fixed Bugs and Malfunctions - Fixed a crash in ct_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation. Own Id: OTP-20191 Related Id(s): ERIERL-1333, [PR-11230] > #### Full runtime dependencies of common_test-1.27.7.1 > > compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, > kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, > stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8 # crypto-5.5.3.3 The crypto-5.5.3.3 application can be applied independently of other applications on a full OTP 27 installation. ## Fixed Bugs and Malfunctions - `crypto:compute_key/4` for `eddh` and `crypto:generate_key/2,3` for `eddh`/`eddsa` now raise an `error:{notsup, Info, Description}` exception instead of returning the atom `notsup` when the underlying cryptolib lacks support. Own Id: OTP-20215 Related Id(s): [PR-11302] > #### Full runtime dependencies of crypto-5.5.3.3 > > erts-9.0, kernel-5.3, stdlib-3.9 # erts-15.2.7.10 The erts-15.2.7.10 application can be applied independently of other applications on a full OTP 27 installation. ## Fixed Bugs and Malfunctions - Fixed an undefined behavior in the internal `erts_qsort()` function, which could have been the cause of a beam crash seen when updating large maps. Own Id: OTP-20185 Related Id(s): [PR-11215] - Calculating `bxor` of the largest supported positive integer (`erlang:system_info(max_integer)`) and `-1` would return `[]` instead of a raising a `system_limit` exception. Own Id: OTP-20208 Related Id(s): [PR-11269] - Fix possible race between `ets:delete/1` and terminating process with a fixation on the same table. Own Id: OTP-20217 Related Id(s): [PR-11283] - A few code generation issues for the JIT on AArch64 (ARM64) have been fixed. For all platforms, the loader will reject some invalid BEAM files earlier. Own Id: OTP-20226 Related Id(s): [PR-11299] ## Improvements and New Features - Arithmetic operations on large integers will now increase the reduction count for the process, causing context switches to occur more frequently when doing arithmetic on large integers. Own Id: OTP-20211 Related Id(s): [PR-11274] > #### Full runtime dependencies of erts-15.2.7.10 > > kernel-9.0, sasl-3.3, stdlib-4.1 # public_key-1.17.1.4 The public_key-1.17.1.4 application can be applied independently of other applications on a full OTP 27 installation. ## Fixed Bugs and Malfunctions - Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding. Own Id: OTP-20197 Related Id(s): [PR-11239] > #### Full runtime dependencies of public_key-1.17.1.4 > > asn1-5.0, crypto-5.0, erts-13.0, kernel-8.0, stdlib-4.0 # ssh-5.2.11.9 The ssh-5.2.11.9 application can be applied independently of other applications on a full OTP 27 installation. ## Fixed Bugs and Malfunctions - Fixed a path-existence oracle in the SFTP server where `SSH_FXP_REALPATH` requests with `..` components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem. Own Id: OTP-20183 Related Id(s): [GH-SA-h9pw-h5w4-h976], [PR-11294], [CVE-2026-53422] - Fixed an infinite loop in the SFTP server triggered when receiving `SSH_MSG_CHANNEL_EXTENDED_DATA` on an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue. Own Id: OTP-20186 Related Id(s): [GH-SA-7wp4-pc27-2vj9], [PR-11295], [CVE-2026-54886] - The SFTP server now caps the read length in `SSH_FXP_READ` requests to 255 KiB (matching OpenSSH's `SFTP_MAX_READ_LENGTH`), preventing excessive memory allocation when clients request large reads. Own Id: OTP-20200 Related Id(s): [PR-11259] - Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-\* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade. Own Id: OTP-20206 Related Id(s): [PR-11268] > #### Full runtime dependencies of ssh-5.2.11.9 > > crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, > stdlib-5.0, stdlib-6.0 # ssl-11.2.12.10 Note! The ssl-11.2.12.10 application _cannot_ be applied independently of other applications on an arbitrary OTP 27 installation. On a full OTP 27 installation, also the following runtime dependency has to be satisfied: -- public_key-1.17.1.3 (first satisfied in OTP 27.3.4.12) ## Fixed Bugs and Malfunctions - Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown. Own Id: OTP-20190 Related Id(s): [PR-11250] - Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window. Own Id: OTP-20194 Related Id(s): [PR-11271], [CVE-2026-54887] - Guard TLS client for MITM injection of application data during "plain-text-window" during handshake. Own Id: OTP-20207 Related Id(s): [PR-11270], [CVE-2026-54891] - Improve error handling of TLS PSK sending ILLIGAL_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs. Own Id: OTP-20216 Related Id(s): [PR-11282], [CVE-2026-55952] - Fix race condition that could be used to DoS attack DTLS servers. Own Id: OTP-20220 Related Id(s): [PR-11306], [CVE-2026-55950] - A TLS-1.3 stateless session ticket with obfuscated_ticket_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value. Own Id: OTP-20230 Related Id(s): [PR-11307] - TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4 Own Id: OTP-20231 Related Id(s): [PR-11309] - A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used. Own Id: OTP-20232 Related Id(s): [PR-11311] > #### Full runtime dependencies of ssl-11.2.12.10 > > crypto-5.1, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.17.1.3, > runtime_tools-1.15.1, stdlib-6.0 # Thanks to Nick Krichevsky, zmstone [CVE-2026-53422]: https://nvd.nist.gov/vuln/detail/CVE-2026-53422 [CVE-2026-54886]: https://nvd.nist.gov/vuln/detail/CVE-2026-54886 [CVE-2026-54887]: https://nvd.nist.gov/vuln/detail/CVE-2026-54887 [CVE-2026-54891]: https://nvd.nist.gov/vuln/detail/CVE-2026-54891 [CVE-2026-55950]: https://nvd.nist.gov/vuln/detail/CVE-2026-55950 [CVE-2026-55952]: https://nvd.nist.gov/vuln/detail/CVE-2026-55952 [GH-SA-7wp4-pc27-2vj9]: https://github.com/erlang/otp/issues/SA-7wp4-pc27-2vj9 [GH-SA-h9pw-h5w4-h976]: https://github.com/erlang/otp/issues/SA-h9pw-h5w4-h976 [PR-11215]: https://github.com/erlang/otp/pull/11215 [PR-11230]: https://github.com/erlang/otp/pull/11230 [PR-11239]: https://github.com/erlang/otp/pull/11239 [PR-11250]: https://github.com/erlang/otp/pull/11250 [PR-11259]: https://github.com/erlang/otp/pull/11259 [PR-11268]: https://github.com/erlang/otp/pull/11268 [PR-11269]: https://github.com/erlang/otp/pull/11269 [PR-11270]: https://github.com/erlang/otp/pull/11270 [PR-11271]: https://github.com/erlang/otp/pull/11271 [PR-11274]: https://github.com/erlang/otp/pull/11274 [PR-11282]: https://github.com/erlang/otp/pull/11282 [PR-11283]: https://github.com/erlang/otp/pull/11283 [PR-11294]: https://github.com/erlang/otp/pull/11294 [PR-11295]: https://github.com/erlang/otp/pull/11295 [PR-11299]: https://github.com/erlang/otp/pull/11299 [PR-11302]: https://github.com/erlang/otp/pull/11302 [PR-11306]: https://github.com/erlang/otp/pull/11306 [PR-11307]: https://github.com/erlang/otp/pull/11307 [PR-11309]: https://github.com/erlang/otp/pull/11309 [PR-11311]: https://github.com/erlang/otp/pull/11311