| Patch Package | OTP 27.3.4.8 |
| Git Tag | OTP-27.3.4.8 |
| Date | 2026-02-20 |
| Issue Id | |
| System | OTP |
| Release | 27 |
| Application |
erts-15.2.7.6 #
The erts-15.2.7.6 application can be applied independently of other applications on a full OTP 27 installation.
- OTP-19962
-
- Related Id(s):
Fixed bug in
ets:update_counter/4andets:update_element/4accepting and inserting a default tuple smaller than thekeyposof the table. Such a tuple without a key element would make the table internally inconsistent and might lead to bad behavior at table access, like ERTS runtime crash.Now a call to
ets:update_counter/4orets:update_element/4will fail withbadargif the key does not exist in the table and the default tuple is too small. - OTP-19978
-
- Related Id(s):
A missing memory barrier when unlocking process locks could cause unexpected behavior on architectures with weak memory ordering such as for example ARM.
- OTP-19983
-
A process could fail to wake from hibernation when a non‑message signal followed by a message signal arrived concurrently as the receiving process hibernated. If the process had a large heap, triggering a dirty GC, the wakeup could be lost.
This bug existed since OTP 27.0.
Full runtime dependencies of erts-15.2.7.6
kernel-9.0, sasl-3.3, stdlib-4.1
ssh-5.2.11.5 #
The ssh-5.2.11.5 application can be applied independently of other applications on a full OTP 27 installation.
- OTP-19864
-
Fix handling of the SSH “each side may guess” key-exchange mechanism as defined in RFC 4253, Section 7.
Full runtime dependencies of ssh-5.2.11.5
crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0, stdlib-6.0
stdlib-6.2.2.3 #
The stdlib-6.2.2.3 application can be applied independently of other applications on a full OTP 27 installation.
- OTP-19962
-
- Related Id(s):
Fixed bug in
ets:update_counter/4andets:update_element/4accepting and inserting a default tuple smaller than thekeyposof the table. Such a tuple without a key element would make the table internally inconsistent and might lead to bad behavior at table access, like ERTS runtime crash.Now a call to
ets:update_counter/4orets:update_element/4will fail withbadargif the key does not exist in the table and the default tuple is too small. - OTP-19988
-
For a function that started with a bracket-only pattern (such as
[]), the?FUNCTION_ARITYmacro would evaluate to one less than the actual arity.
Full runtime dependencies of stdlib-6.2.2.3
compiler-5.0, crypto-4.5, erts-15.0, kernel-10.0, sasl-3.0
tftp-1.2.2.1 #
The tftp-1.2.2.1 application can be applied independently of other applications on a full OTP 27 installation.
- OTP-19981
-
- Related Id(s):
An issue in the undocumented initial state option [{root_dir,Dir}] to the tftp_file module has been fixed. The request file name was just concatenated to Dir so it was possible to traverse above Dir by using “../” file path components. Now the option actually restricts local file operations to the Dir directory and subdirectories.
The initial state option and how to use it was previously undocumented, so it is unlikely that anyone would have used it without understanding its peculiarities.
The documentation of the TFTP application has also been clarified to make it obvious that the default server configuration allows read and write access to all files that are readable or writable by the user running the Erlang VM, and that the default configuration therefore should be avoided.
Thanks to Luigino Camastra at Aisle Research, for finding and reporting this issue.
Full runtime dependencies of tftp-1.2.2.1
erts-6.0, kernel-6.0, stdlib-5.0
Thanks To #
Daniel Hryzbil, Jan Uhlig