Erlang/OTP 26.2.5.10

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:26.2.5.10
Erlang/OTP 26.2.5.10
View on github.com
Patch Package OTP 26.2.5.10
Git Tag OTP-26.2.5.10
Date 2025-03-28
Issue Id
CVE-2025-30211
ERIERL-1195
System OTP
Release 26
Application

erts-14.2.5.9 #

The erts-14.2.5.9 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19469
Application(s):
erts, kernel
Related Id(s):
#9172

Behavior for socket:recv/3 has been improved. The behavior has also been clarified in the documentation.

OTP-19493
Application(s):
erts
Related Id(s):
PR-9443

Fix prim_inet:send/3 (and in extension gen_tcp:send/2,3) to use the selective recive optimization when waiting for a send acknowledgement.

OTP-19527
Application(s):
erts
Related Id(s):
PR-9577

Trace messages due to receive tracing could potentially be delayed a very long time if the traced process waited in a receive expression without clauses matching on messages (timed wait), or just did not enter a receive expression for a very long time.

OTP-19548
Application(s):
erts
Related Id(s):
OTP-19472

Improve the naming of the (internal) esock mutex(es). It is now possible to configure (as in autoconf) the use of simple names for the esock mutex(es).

Full runtime dependencies of erts-14.2.5.9: kernel-9.0, sasl-3.3, stdlib-4.1

kernel-9.2.4.7 #

The kernel-9.2.4.7 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19469
Application(s):
erts, kernel
Related Id(s):
#9172

Behavior for socket:recv/3 has been improved. The behavior has also been clarified in the documentation.

OTP-19545
Application(s):
kernel
Related Id(s):
PR-9587 , OTP-19544

An infinite loop in CNAME loop detection that can cause Out Of Memory has been fixed. This affected CNAME lookup with the internal DNS resolver.

Full runtime dependencies of kernel-9.2.4.7: crypto-5.0, erts-14.0, sasl-3.0, stdlib-5.0

mnesia-4.23.1.2 #

The mnesia-4.23.1.2 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19437
Application(s):
mnesia
Related Id(s):
PR-9534

With this change mnesia will merge schema of tables using external backends.

OTP-19501
Application(s):
mnesia
Related Id(s):
ERIERL-1195 , PR-9499

Mnesia could fail to load a table, if one of the copy holders was moved during startup.

Full runtime dependencies of mnesia-4.23.1.2: erts-9.0, kernel-5.3, stdlib-5.0

ssh-5.1.4.7 #

The ssh-5.1.4.7 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19543
Application(s):
ssh
Related Id(s):
CVE-2025-30211

Reception of malicious KEX init message does not result with ssh daemon excessive memory usage.

OTP-19559
Application(s):
ssh
Related Id(s):
GH-9554 , PR-9545

Call to ssh:daemon_replace_options does not crash when argument is not a valid daemon ref.

Full runtime dependencies of ssh-5.1.4.7: crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-5.0

ssl-11.1.4.8 #

The ssl-11.1.4.8 application can be applied independently of other applications on a full OTP 26 installation.

OTP-19529
Application(s):
ssl
Related Id(s):
GH-9483 , PR-9486

Correct handling of unassigned signature algorithms to properly ignore them instead of failing the handshake.

Full runtime dependencies of ssl-11.1.4.8: crypto-5.0, erts-14.0, inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1, stdlib-4.1

Thanks To #

Alexandre Rodrigues, Marc Worrell, Sergei Shuvatov, zmsone