Patch Package: OTP 26.2.5.12
Git Tag: OTP-26.2.5.12
Date: 2025-05-08
Trouble Report Id: OTP-19577, OTP-19599, OTP-19600, OTP-19602,
OTP-19605, OTP-19608, OTP-19625
Seq num: CVE-2025-46712, ERIERL-1220, GH-9707,
GH-9715, GH-9720, PR-9696, PR-9724, PR-9737,
PR-9753, PR-9765, PR-9767
System: OTP
Release: 26
Application: compiler-8.4.3.3, erts-14.2.5.10,
kernel-9.2.4.8, ssh-5.1.4.9, xmerl-1.3.34.3
Predecessor: OTP 26.2.5.11
Check out the git tag OTP-26.2.5.12, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- compiler-8.4.3.3 ------------------------------------------------
---------------------------------------------------------------------
The compiler-8.4.3.3 application can be applied independently of
other applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19600 Application(s): compiler
Related Id(s): GH-9715, PR-9737
Fix a bug where unloaded nifs can crash the compiler.
Full runtime dependencies of compiler-8.4.3.3: crypto-5.1, erts-13.0,
kernel-8.4, stdlib-5.0
---------------------------------------------------------------------
--- erts-14.2.5.10 --------------------------------------------------
---------------------------------------------------------------------
The erts-14.2.5.10 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19577 Application(s): erts
Related Id(s): ERIERL-1220, PR-9696
Fixed an emulator crash when setting an error_handler
module that was not yet loaded.
OTP-19599 Application(s): erts
Related Id(s): PR-9724
Fixed a rare bug that could cause an emulator crash
after unloading a module or erasing a persistent_term.
Full runtime dependencies of erts-14.2.5.10: kernel-9.0, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-9.2.4.8 --------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.4.8 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19605 Application(s): kernel
Related Id(s): GH-9720, PR-9765
With this change, disk_log will not crash when using
chunk_step/3 after log size was decreased.
OTP-19608 Application(s): kernel
Related Id(s): GH-9707, PR-9767
With this change, disk_log will not run into infinite
loop when using chunk/2,3 after log size was decreased.
Full runtime dependencies of kernel-9.2.4.8: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- ssh-5.1.4.9 -----------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.4.9 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19625 Application(s): ssh
Related Id(s): CVE-2025-46712
Fix KEX strict implementation according to
draft-miller-sshm-strict-kex-01 document.
Full runtime dependencies of ssh-5.1.4.9: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
--- xmerl-1.3.34.3 --------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.34.3 application can be applied independently of other
applications on a full OTP 26 installation.
--- Improvements and New Features ---
OTP-19602 Application(s): xmerl
Related Id(s): PR-9753
A new option to discard whitespace before the xml tag
when reading from a stream has been added to the Xmerl
SAX parser.
-- {discard_ws_before_xml_document, Boolean} -- Discard
whitespace before xml tag instead of returning a fatal
error if set to true (false is default)
Full runtime dependencies of xmerl-1.3.34.3: erts-6.0, kernel-8.4,
stdlib-2.5
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
João Henrique Ferreira de Freitas, Lý Nhật Tâm
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
2 Likes