Patch Package: OTP 29.0.3 Git Tag: OTP-29.0.3 Date: 2026-07-02 Trouble Report Id: OTP-20173, OTP-20183, OTP-20185, OTP-20186, OTP-20190, OTP-20191, OTP-20194, OTP-20196, OTP-20197, OTP-20198, OTP-20199, OTP-20200, OTP-20201, OTP-20206, OTP-20207, OTP-20208, OTP-20215, OTP-20216, OTP-20217, OTP-20220, OTP-20222, OTP-20226, OTP-20227, OTP-20230, OTP-20231, OTP-20232, OTP-20233 Seq num: CVE-2026-53422, CVE-2026-54886, CVE-2026-54887, CVE-2026-54891, CVE-2026-55950, CVE-2026-55952, ERIERL-1333, GH-SA-7wp4-pc27-2vj9, GH-SA-h9pw-h5w4-h976, PR-11209, PR-11215, PR-11219, PR-11230, PR-11239, PR-11244, PR-11247, PR-11250, PR-11259, PR-11268, PR-11269, PR-11270, PR-11271, PR-11281, PR-11282, PR-11283, PR-11289, PR-11294, PR-11295, PR-11299, PR-11302, PR-11306, PR-11307, PR-11309, PR-11311 System: OTP Release: 29 Application: common_test-1.31.1, compiler-10.0.2, crypto-5.9.1, dialyzer-6.0.2, erts-17.0.3, kernel-11.0.3, public_key-1.21.3, ssh-6.0.2, ssl-11.7.3, stdlib-8.0.2 Predecessor: OTP 29.0.2 Check out the git tag OTP-29.0.3, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. # common_test-1.31.1 The common_test-1.31.1 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Fixed a crash in ct_netconfc that occurred when the remote server closed the SSH connection during NETCONF subsystem negotiation. Own Id: OTP-20191 Related Id(s): ERIERL-1333, PR-11230 > #### Full runtime dependencies of common_test-1.31.1 > > compiler-10.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, > kernel-11.0, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, > ssh-4.0, stdlib-8.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8 # compiler-10.0.2 The compiler-10.0.2 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed. Own Id: OTP-20222 Related Id(s): PR-11219 > #### Full runtime dependencies of compiler-10.0.2 > > crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0 # crypto-5.9.1 The crypto-5.9.1 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - crypto:compute_key/4 for `eddh` and `crypto:generate_key/2,3` for `eddh`/`eddsa` now raise an `error:{notsup, Info, Description}` exception instead of returning the atom `notsup` when the underlying cryptolib lacks support. Own Id: OTP-20215 Related Id(s): PR-11302 > #### Full runtime dependencies of crypto-5.9.1 > > erts-9.0, kernel-6.0, stdlib-3.9 # dialyzer-6.0.2 The dialyzer-6.0.2 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Fix a bug with native record sets in `erl_types.erl` Own Id: OTP-20201 > #### Full runtime dependencies of dialyzer-6.0.2 > > compiler-10.0, erts-12.0, kernel-8.0, stdlib-5.0, syntax_tools-2.0 # erts-17.0.3 The erts-17.0.3 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Fixed an undefined behavior in the internal `erts_qsort()` function, which could have been the cause of a beam crash seen when updating large maps. Own Id: OTP-20185 Related Id(s): PR-11215 - Calculating `bxor` of the largest supported positive integer (`erlang:system_info(max_integer)`) and `-1` would return `[]` instead of a raising a `system_limit` exception. Own Id: OTP-20208 Related Id(s): PR-11269 - Fix possible race between ets:delete/1 and terminating process with a fixation on the same table. Own Id: OTP-20217 Related Id(s): PR-11283 - A few code generation issues for the JIT on AArch64 (ARM64) have been fixed. For all platforms, the loader will reject some invalid BEAM files earlier. Own Id: OTP-20226 Related Id(s): PR-11299 - On 32-bit computers, the `md5` BIFs would return an incorrect MD5 checksum for data of size 4GiB or more. Own Id: OTP-20227 Related Id(s): PR-11289 > #### Full runtime dependencies of erts-17.0.3 > > kernel-9.0, sasl-3.3, stdlib-4.1 # kernel-11.0.3 The kernel-11.0.3 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - inet:info/1 could crash when calling for a closing (port) socket. Own Id: OTP-20173 - Handling of the truncation bit in `inet_res` has been fixed so it properly falls back to querying over TCP after a truncated UDP reply. This fixes a bug introduced in OTP-28.4.2 - kernel-10.6.2 making a truncated UDP answer fail to parse and never execute the fallback, instead the name resolve operation fails. Own Id: OTP-20199 Related Id(s): PR-11247 > #### Full runtime dependencies of kernel-11.0.3 > > crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0 # public_key-1.21.3 The public_key-1.21.3 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Hardened OCSP response verification by using constant-time hash comparisons and rejecting responses exceeding 100 KB before ASN.1 decoding. Own Id: OTP-20197 Related Id(s): PR-11239 > #### Full runtime dependencies of public_key-1.21.3 > > asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0 # ssh-6.0.2 The ssh-6.0.2 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Fixed a path-existence oracle in the SFTP server where `SSH_FXP_REALPATH` requests with `..` components could bypass the configured root directory isolation, allowing an authenticated client to determine whether arbitrary paths exist on the host filesystem. Own Id: OTP-20183 Related Id(s): GH-SA-h9pw-h5w4-h976, PR-11294, CVE-2026-53422 - Fixed an infinite loop in the SFTP server triggered when receiving `SSH_MSG_CHANNEL_EXTENDED_DATA` on an SFTP channel, which caused the channel process to spin indefinitely on CPU without consuming its message queue. Own Id: OTP-20186 Related Id(s): GH-SA-7wp4-pc27-2vj9, PR-11295, CVE-2026-54886 - Fixed mlkem768x25519 hybrid key exchange failing intermittently with "incorrect signature" when the X25519 shared secret had a leading zero byte. The shared secret is now encoded as a fixed-width 32-byte string per the specification. Own Id: OTP-20196 Related Id(s): PR-11209 - Fixed a race condition where SSH keepalive responses could be matched to unrelated pending requests due to incorrect request queue ordering. Requests are now matched in the order they were sent. Own Id: OTP-20198 Related Id(s): PR-11244 - The SFTP server now caps the read length in `SSH_FXP_READ` requests to 255 KiB (matching OpenSSH's `SFTP_MAX_READ_LENGTH`), preventing excessive memory allocation when clients request large reads. Own Id: OTP-20200 Related Id(s): PR-11259 - Removed a server-side workaround (OTP-14827, introduced in OTP 20) that accepted SHA-1 user-auth signatures from clients identifying as OpenSSH 7.x when rsa-sha2-\* was negotiated. The workaround addressed a distro-specific build issue in 2017 that no longer exists. Clients affected by this removal (extremely unlikely — requires a 10-year-old unpatched OpenSSH build) will see authentication failures and must upgrade. Own Id: OTP-20206 Related Id(s): PR-11268 > #### Full runtime dependencies of ssh-6.0.2 > > crypto-5.7, erts-14.0, kernel-10.3, public_key-1.6.1, runtime_tools-1.15.1, > stdlib-8.0 # ssl-11.7.3 Note! The ssl-11.7.3 application _cannot_ be applied independently of other applications on an arbitrary OTP 29 installation. On a full OTP 29 installation, also the following runtime dependency has to be satisfied: -- public_key-1.21.1 (first satisfied in OTP 29.0.1) ## Fixed Bugs and Malfunctions - Correct small behavior bugs that occasionally could cause DTLS connection errors, unwanted behavior for legacy DHE_DSS, hiding of a distribution config error, and possible unorderly process tree shutdown. Own Id: OTP-20190 Related Id(s): PR-11250 - Initialize DTLS cookie to random value to avoid DoS attack with forged cookie during startup window. Own Id: OTP-20194 Related Id(s): PR-11271, CVE-2026-54887 - Guard TLS client for MITM injection of application data during "plain-text-window" during handshake. Own Id: OTP-20207 Related Id(s): PR-11270, CVE-2026-54891 - Improve error handling of TLS PSK sending ILLIGAL_PARMETER alert if binders and PSK-identities are not matched. Also mend recovery mechanism of ticket and session stores to be as resilient as possible to intermediate bugs. Own Id: OTP-20216 Related Id(s): PR-11282, CVE-2026-55952 - Fix race condition that could be used to DoS attack DTLS servers. Own Id: OTP-20220 Related Id(s): PR-11306, CVE-2026-55950 - A TLS-1.3 stateless session ticket with obfuscated_ticket_age set to zero was incorrectly accepted without checking the server-side ticket lifetime or the RFC 8446 Section 8.3 freshness window. The server now always validates ticket age using its own timestamp regardless of the client-reported age value. Own Id: OTP-20230 Related Id(s): PR-11307 - TLS-1.3 client rejects a second HelloRetryRequest as requiered in RFC 8446 Section 4.1.4 Own Id: OTP-20231 Related Id(s): PR-11309 - A busy client node could self-trigger a ticket store crash if unlucky with scheduling if auto mode is used. Own Id: OTP-20232 Related Id(s): PR-11311 - Correct spec for CRL API Own Id: OTP-20233 Related Id(s): PR-11281 > #### Full runtime dependencies of ssl-11.7.3 > > crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, > runtime_tools-1.15.1, stdlib-7.0 # stdlib-8.0.2 The stdlib-8.0.2 application can be applied independently of other applications on a full OTP 29 installation. ## Fixed Bugs and Malfunctions - Several compiler bugs that could crash the compiler or generate incorrect code in rare circumstances have been fixed. Own Id: OTP-20222 Related Id(s): PR-11219 > #### Full runtime dependencies of stdlib-8.0.2 > > compiler-5.0, crypto-4.5, erts-16.0.3, kernel-11.0, sasl-3.0, > syntax_tools-3.2.1 # Thanks to Cole Christensen, Nick Krichevsky, Stefan Grundmann